Tag Archives: sharepoint

Microsoft Office and privacy: happy to send what you type to the cloud for analysis?

I attempted to open a document from on-premises SharePoint recently and was greeted with an error asking me to check my privacy settings.


“The service required to use this feature is turned off” I was informed. Hmm, what service is that then? The solution turned out to be in the new Office privacy settings, just as the dialog suggested.

If you disable what Microsoft calls “Connected experiences” it appears to block access to SharePoint. Probably not what the user intended.


This setting is not great for clarity. Privacy-conscious users like myself may disable it because it represents your agreement to “experiences that analyze your content”. Since this means uploading your content to the cloud for analysis it sounds as if it might weaken both privacy and security. If you look at all the options though, it may be possible to agree to access online file storage without agreeing to content analysis:


It looks as if by unchecking “Let Office analyze your content” you might be able to stop Office uploading your stuff.

Is there anything to worry about? We need to know more about what happens to our data. There is a Learn More link that takes us here. This lists lots of features but does not tell us what we want to know. Maybe here? This tell us that:

Three types of information make up required service data.

  • Customer content, which is content you create using Office, such as text typed in a Word document, and is used in conjunction with the connected experience.

It is still not clear though what happens to our data, other than that it is “sent to Microsoft”. Even the massive Microsoft Privacy Statement is no more illuminating on this point. In fact, it is arguably rather alarming since it contains this statement:

Microsoft uses the data we collect to provide you with rich, interactive experiences. In particular, we use data to:

  • Provide our products, which includes updating, securing, and troubleshooting, as well as providing support. It also includes sharing data, when it is required to provide the service or carry out the transactions you request.
  • Improve and develop our products.
  • Personalize our products and make recommendations.
  • Advertise and market to you, which includes sending promotional communications, targeting advertising, and presenting you with relevant offers.

We also use the data to operate our business, which includes analyzing our performance, meeting our legal obligations, developing our workforce, and doing research.

In carrying out these purposes, we combine data we collect from different contexts (for example, from your use of two Microsoft products) or obtain from third parties to give you a more seamless, consistent, and personalized experience, to make informed business decisions, and for other legitimate purposes.

This suggests that Microsoft will profile me and send me advertising based on the data it collects. What I need to know is not only the fact that this happens, but also the mechanism, in order to make an informed judgement about whether it is sensible to enable these options. Of course it is also possible that the Office content analysis service does not do this. I am guessing.

What can go wrong? These risks are hard to quantify. If you are typing something confidential, it makes sense not to share it more than is necessary, as further sharing can only increase the risk. There are some interesting scenarios too, such as what happens if Microsoft receives a legal demand to have sight of the content of your documents. Microsoft may not want to give access to your content, but in some circumstances it might not have the choice. Then again, I doubt it retains content sent for the purpose of personalisation, beyond whatever factors the service determines are significant. However this is not stated here.

Is this any different from storing documents on a cloud service such as SharePoint / OneDrive online? It is a bit different since in the Office case you are permitting Microsoft to analyze as well as to store your content.

All of this is up for debate. I accept that the risks are probably small as well as the fact that the wider world has little or no interest in most of the content I type but do not choose to publish.

Nevertheless, there are a few things which seem to me reasonable requests.

– A clear statement concerning what happens to my content if I choose to let it be analyzed by Microsoft’s cloud service, to enable better informed decisions about whether or not to enable this feature. Dumping the user into an all-encompassing privacy policy is not good enough.

– Improved settings (and possibly some fixed bugs) so that privacy-conscious users do not inadvertently disable access to on-premises SharePoint, as in my example, or other unexpected outcomes.

– A simple way to exclude a specific document from the service, conceptually similar to “in-private” mode in a web browser though with more chance of actually protecting your privacy (in-private mode is not really very private).

In general, I do not think the solution to a customer’s reasonable concerns about privacy and security of personal information is to obscure how this data is handled.

Microsoft OneDrive and OneDrive for Business: a guide for the perplexed

Microsoft’s price plans for additional cloud storage are odd:


Hmm, £1.60 per month for 1TB or £3.99 for 200GB. Difficult decision? Especially as OneDrive for Business appears to be a superset of OneDrive:


It is not that simple of course (and see below for how you can get 1TB OneDrive for less). The two products have different ancestries. OneDrive was once SkyDrive and before that Windows Live Folders and before that Windows Live Drive. It was designed from the beginning as a cloud storage and client sync service.

OneDrive for Business on the other hand is essentially SharePoint: team portal including online document storage and collaboration. The original design goal of SharePoint (a feature of Windows Server 2003) was to enable businesses to share Office documents with document history, comments, secure access and so on, and to provide a workplace for teams. See the history here. SharePoint supported a technology called WebDAV (Web Distributed Authoring and Versioning) to allow clients to access content programmatically, and this could be used in Windows to make online documents appear in Windows Explorer (the file utility), but there was no synchronization client. SharePoint was not intended for storage of arbitrary file types; the system allowed it, but full features only light up with Office documents. In other words, not shared storage so much as content management system. Documents are stored in Microsoft SQL Server database.

SharePoint was bolted into Microsoft BPOS (Business Productivity Online Suite) which later became Office 365. In response to demand for document synchronization between client and cloud, Microsoft came up with SharePoint Workspace, based on Groove, a synchronization technology acquired along with Groove Networks in 2005.

I have no idea how much original Groove code remains in the the OneDrive for Business client, nor the extent to which SharePoint Online really runs the same code as the SharePoint you get in Windows Server; but that is the history and explains a bit about why the products are as they are. The OneDrive for Business client for Windows is an application called Groove.exe.

OneDrive and OneDrive for Business are different products, despite the misleading impression given by the name and the little feature table above. This is why the Windows, Mac and Mobile clients are all different and do different things.

OneDrive for Business is reasonable as an online document collaboration tool, but the sync client has always been poor and I prefer not to use it (do not click that Sync button in Office 365). You may find that it syncs a large number of documents, then starts giving puzzling errors for which there is no obvious fix. Finally Microsoft will recommend that you zap your local cache and start again, with some uncertainty about whether you might have lost some work. Microsoft has been working hard to improve it but I do not know if it is yet reliable; personally I think there are intractable problems with Groove and it should be replaced.

The mobile clients for OneDrive for Business are hopeless as DropBox replacements. The iOS client app is particularly odd: you can view files but not upload them. Photo sync, a feature highly valued by users, is not supported. However you can create new folders through the app – but not put anything in them.

Office on iOS on the other hand is a lovely set of applications which use OneDrive for Business for online storage, which actually makes sense in this context. It can also be used with consumer OneDrive or SharePoint, once it is activated.

The consumer version of OneDrive is mostly better than OneDrive for Business for online storage. It is less good for document collaboration and security (the original design goals of SharePoint) but more suitable for arbitrary file types and with a nice UI for things like picture sharing. The Windows and mobile clients are not perfect, but work well enough. The iOS OneDrive client supports automatic sync of photos and you can upload items as you would expect, subject to the design limitations of Apple’s operating system.

Even for document collaboration, consumer OneDrive is not that bad. It supports Office Web Apps, for creating and editing documents in the browser, and you can share documents with others with various levels of permission. 

What this means for you:

  • Do not trust the OneDrive for Business sync client
  • Do not even think about migrating from OneDrive to OneDrive for Business to get cheap cloud storage
  • No, you mostly cannot use the same software to access OneDrive and OneDrive for Business
  • Despite what you are paying for your Office 365 subscription, consumer OneDrive is a better cloud storage service
  • SharePoint online also known as OneDrive for Business has merit for document collaboration and team portal services, beyond the scope of consumer OneDrive

Finally, what Microsoft should do:

  • Create a new sync client for OneDrive for Business that works reliably and fast, with mobile apps that do what users expect
  • Either unify the technology in OneDrive and OneDrive for Business, or stop calling them by the same name

I do understand Microsoft’s problem. SharePoint has a huge and complex API, and Microsoft’s business users like the cloud-hosted versions of major server applications to work the same way as those that are on premise. However SharePoint will never be a optimal technology for generic cloud storage.

If I were running Office 365, I think I would bring consumer OneDrive into Office 365 for general cloud storage, and I would retain SharePoint online for what it is good at, which is the portal, application platform, and document collaboration aspect. This would be similar to how many businesses use their Windows servers: simple file shares for most shared files, and SharePoint for documents where advanced collaboration features are needed.

In the meantime, it is a mess, and with the explosive growth of Office 365, a tricky one to resolve without pain.

Microsoft has a relatively frank FAQ here.

Postscript: here is a tip if you need large amounts of OneDrive storage. If you buy Office 365 Home for £7.99 per month or £79.99 per year (which works out at £6.66 per month) you get 1TB additional storage for consumer OneDrive for up to 4 users, as well as the main Office applications:


The way this works is that each user activates Office using a Microsoft account. The OneDrive storage linked to that account gets the 1TB extra storage while the subscription is active.

Another option is Office 365 Personal – same deal but for one user at £5.99 per month, or £59.99 per year (£4.99 per month).

Even for one user, it is cheaper to subscribe to Office 365 Home or Personal than to buy 1TB storage at £3.99 per month per 200GB. When you add the benefit of Office applications, it is a great deal.

Despite the name, these products have little to do with Office 365, Microsoft’s cloud-hosted Exchange, SharePoint and more. These are desktop applications plus consumer OneDrive.

New features in Windows Azure, including web site backup, .NET mobile services

Microsoft has announced new features in Windows Azure, its cloud platform, described by VP Scott Guthrie on his blog.

Aside: I agree with this comment to his post:

Thank you Scott for update. I wish dozens of MS folks and MS representatives would have a clue about Azure roadmap to help businesses plan their release schedules / migration plans. Till that happens, this blog will remain the main source of updates and a hint of roadmap.

The changes are significant. ExpressRoute offers connectivity to Azure without going through the public internet. Currently you have to use an Equinix datacentre, Level 3 cloud connect, or an AT&T MPLS (Multiprotocol Label Switching) VPN. For enterprises that can meet the requirements and who are wary about data passing through the internet, or who want better connectivity, it is an interesting option.

Next up is backup and restore for Azure web sites. Azure web sites are a way of deploying web applications, ranging from free to multi-instance with automatic scaling. You need at least a Standard site for serious use, as I explained here.

Now you can set up scheduled backup for both the web site and a supporting database. The feature is in preview but you can try it now using the Azure web management portal.


I noticed a couple of things. One is that the storage account used must be in the same subscription as the web site. I also spotted this warning:


which states that “frequent backups can increase you database costs by up to 100%”. Still, it is a handy feature.

Azure mobile services, designed to supply data to mobile apps, has been extended to support .NET code (previously you had to use Javascript). If you download the code, notes Guthrie, you find that it is  “simply an ASP.NET Web API project with additional Mobile Service NuGet packages included.”

Mobile Services also have new support for notification hubs and for PhoneGap (a way of building mobile apps using HTML and JavaScript).

Another feature that caught my eye is easy linking of third-party apps to Azure Active Directory (which is also used by Office 365). For example, if you are struggling with SharePoint and its poor clients for Windows, iOS and Android, you might consider using Dropbox for business instead. Now you can integrate Dropbox for Business with your Office 365 user directory by selecting  it from the Azure management portal.


Colligo Briefcase: offline SharePoint for iPad and iPhone

I took a quick look at Colligo Briefcase, an offline SharePoint 2007 and 2010 client for the Apple iPad and iPhone. There is a free Lite version, limited to 50Mb and with cut-down features; Briefcase Pro which costs a modest $2.99; and Enterprise which adds centralized management.

SharePoint is a powerful collaboration platform, but Microsoft’s client support if you would rather not use a web browser is surprisingly poor. You are really meant to use Office, which of course does not exist on iOS, and even then the offline support is poor.

I used Briefcase Pro, which connected first time to my on-premise SharePoint server. I selected which lists and libraries to sync, and a few minutes later everything was available. Impressive. Better, in fact, than Microsoft’s own SharePoint Workspace on a PC; but that is not saying much.


Briefcase lets you easily preview Office documents. I am sure there are certain formatting or content types that do not work, but I found this effective for Word and Excel. OneNote is not supported for preview; a shame. I could not even get OneNote documents to open in OneNote on the iPad.


I confirmed that Briefcase works fine offline. In Airplane mode, I could still browse and preview documents.

I tried but was unable to connect to Microsoft’s SkyDrive. There may be a way. This would be useful, since Microsoft’s own SkyDrive app does not work offline.

My biggest concern with Briefcase is security. What if confidential documents are in SharePoint and the iPad or iPhone is stolen? Briefcase Enterprise has a remote wipe capability, but it is still a concern. You can set an additional PIN on the app:


More worrying though is how data can leak out of Briefcase into other locations. Imagine a user has an iPad and has agreed to Apple’s default settings for iCloud and Pages, the iPad word processor. In this mode, documents in Pages are automatically synched with iCloud.

Now the user wants to edit a Word document that is in Briefcase. She hits Open in … and selects Pages. Pages does not just open the document, it imports it. The user views or edits it in Pages. Now that document is sent to iCloud, and in due course will turn up on other iOS or Mac computers belonging to that user.

Another issue with Pages is that there is no easy way to get it back into SharePoint. Pages can use WebDAV, which should work, but must be configured separately. This may be why Colligo suggests Documents to Go. Supported apps have an Open in Briefcase option that enables upload.

The Enterprise edition of Briefcase lets administrators disable the Open in command to improve security. This is unfortunately necessary if you require any sort of security for SharePoint data accessed through Briefcase.

It is a shame there is no quick way to open a Briefcase document in the web browser. There is a Copy Link option, which you can paste into Safari, but you have to re-authenticate and it is not seamless.

A few niggles then; but given that most users will do more viewing than editing while on the go, Briefcase is an excellent and, for the Pro edition, low-cost way to use SharePoint offline.

SharePoint security update stops SharePoint working

This morning I noticed that my test SharePoint 2010 installation was not working. Browsing to the site got me HTTP Error 503. The service is unavailable.

The problem seems to be related to the update KB2553365 which I noticed had been installed last night, following an initial failure.


Note this point in the description of the update:

After you install this security update on all SharePoint servers, you will have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, visit the following TechNet webpage:

PSconfig command-line reference (SharePoint Foundation 2010)

In other words, if your server is set up update automatically, this update breaks SharePoint until you manually run the PSconfig utility which applies SharePoint updates.

Further, there is no automatic notification of this requirement. You have to figure it out.

SharePoint administrators know about PSconfig, but companies with Small Business Server or other small-scale environments are not always familiar with the problem.

Worse still, in my case PSconfig has not fixed it. I am restoring last night’s backup.

Wrestling with SharePoint and Office 365: code to bulk move documents

I have mixed feelings about SharePoint, Microsoft’s flexible but infuriating collaboration platform. It makes difficult things easy and easy things difficult, or something like that. Today’s story is an example, and may also be of interest if you are wondering how to write code that manipulates documents in SharePoint as found in Office 365.

The problem started when some contacts of mine who use Office 365 could not open a folder in Windows Explorer. They received a permission error along with the famous invitation to “Contact your network administrator to request access.”


The folder in question is actually a SharePoint folder which accesses Office 365 through WebDAV. I took a look, and found that, whatever the problem was, it had nothing to do with permissions. I also observed that there was no problem accessing the folder through the web browser; but like many users, these people prefer to use Explorer.

Next, I started moving files out of the troublesome folder into another one. I began to suspect that some rogue document was causing the error. This suspicion proved correct, but it was not easy to track down. The problem: the SharePoint web user interface does not provide any bulk copy or move option. If you want to move a bunch of documents, the recommended way is to use Windows Explorer, the exact feature that in this instance was not working.

Moving documents one by one through a laborious Web UI is no fun, so I then had the bright idea of writing some code to move the documents. This means taking a dive into the labyrinthine SharePoint API.

I was surprised how hard this is. Here is how I got started:

First, I downloaded the SharePoint SDK and run the setup. I chose to install only the Foundation help and samples.

Next, I created a new Windows Forms project in Visual Studio 2010. Note you must set the project to target the full .NET Framework 4.0, not just the Client profile

After that, I had to copy two DLLs from my own SharePoint 2010 server. These are in:

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\ISAPI

I am surprised they are not included with the SDK.

After that, I looked for some code samples for the SharePoint Client Object Model. You can find this described here or consult the reference here. It is a capable API, but you soon realise why there is plenty of work for SharePoint specialists. ClientContext, CAML queries, FolderServerRelativeUrl: there is a lot to get your head around.

The first problem I had though was authentication. Office 365 uses claims-based authentication, whereas all the SharePoint API examples seem to assume you are on an intranet and already authenticated for your SharePoint server. Coding for claims-based authentication is a headache.

I tried code from here to authenticate against the Office 365 claims-based federation server, but with no success. It seems to be based on beta code and does not work now. I then read the official document on the subject here and downloaded the sample code. Here is what worked for me:

Add the ClaimsAuth project from the sample to my Windows Forms solution.

Modify this line in ClaimsWebAuth.cs:


to this


the reason being that ClaimsAuth is designed for a console application.

Then I could run some basic Client Object Model code like this:

ClientContext cc = ClaimClientContext.GetAuthenticatedContext(url);

            if (cc != null)
                lbTest.Text = "Title: " + cc.Web.Title;

All this does is to connect to the Office 365 SharePoint site at url and display its title – but if you can do that, you have got past the first hurdle.

Next I had to figure out how to move all the documents in one folder to another. Again, I found this tricky. I was able to list all the items in a library, which is the top-level folder for a collection of documents, but how do you list all the items in a subfolder? Something to do with CAML, it seems, also known as Collaborative Application Markup Language. Does anyone out there love CAML? I thought not. CAML queries are like SQL queries chopped up into XML elements.

Another characteristic of the Client Object Model is that you constantly have to call the Load and ExecuteQuery methods of your ClientContext object, otherwise you will get a PropertyOrFieldNotInitializedException. There is a good reason for this, as it reduces the amount of data passing over the wire, but it can also be perplexing.

Here is the code I ended up with, where “docs” is the top-level folder or library name,

if (cc != null)
                var site = cc.Web;

                var lib = site.Lists.GetByTitle("docs");
                CamlQuery camlQuery = new CamlQuery();
                camlQuery.FolderServerRelativeUrl = @"/docs/path/to/sourcefolder";

                string camlQueryXml = "<View>" +
                    "<Query>" +
                      "<OrderBy>" +
                        "<FieldRef Name=’FileLeafRef’ Ascending=’True’ />" +
                      "</OrderBy>" +
                    "</Query>" +
                camlQuery.ViewXml = camlQueryXml;

                ListItemCollection lis = lib.GetItems(camlQuery);


                ListItem FolderCF = null;
                foreach (ListItem li in lis)

                    string sTitle = li.FieldValues["FileLeafRef"].ToString();

                  // you can inspect the title to see if you want to move the file,

                  //eg only those beginning with a letter in the first half of the alphabet

                        File thefile = li.File;


                        if (!li.File.ServerObjectIsNull.Value)
                            string dest = @"/docs/path/to/destfolder/" + thefile.Name;
                            thefile.MoveTo(dest, MoveOperations.Overwrite);



Pretty simple? Maybe it is to a SharePoint guru; all I can say is that I did not find it intuitive.

Note that this is not intended as production code so if you borrow it please add exception handling etc. It was a quick hack to solve a problem.

The good news is that once I was able to move documents from folder to folder programmatically, I was able to troubleshoot the original problem. Mysteriously, there was one document which, if it was in a folder, caused the access denied error when opened with WebDAV. Once I isolated the document, I discovered that if I renamed it, the problem went away. Curiously, there are no special characters in the name, just letters and spaces, so this is something of a mystery.

Still, it was a useful exercise, especially since moving a batch of documents using the Client Object Model seems quicker than using Explorer and WebDAV.

What would you like to see in Microsoft Office 15?

Today brings the news that Microsoft Office 15 is now in Technical Preview (also known as private beta).

There is little news about what is in it other than this:

With Office 15, for the first time ever, we will simultaneously update our cloud services, servers, and mobile and PC clients for Office, Office 365, Exchange, SharePoint, Lync, Project, and Visio.


So what would you like to see in Office 15? Here are a few things on my wish list:

  1. Properly integrate SharePoint (and therefore Office 365) with Windows so that you can use it easily without ever opening a web browser. That might mean fixing SharePoint WorkSpace or doing something better, like Explorer integration without the various hassles associated with WebDAV.
  2. Fix Outlook, or better still replace it. I hear many complaints about Outlook, either concerning its performance, or else one of its many annoyances such as how hard it is to reply to an email while quoting sections of the original message – astonishing, when you consider the maturity of the product.
  3. Improve cross-platform support. Office on the Mac is poor compared to the Windows version, particularly in terms of performance. It is also time Microsoft came out with apps for iOS and Android for touch-friendly document editing.
  4. Update the user interface for touch control as far as possible. This will be critical for Windows 8 tablets, especially on ARM.
  5. Improve structured document editing in Word. Styles are hard to use, so are bullets and numbering. I tend not to use the paragraph numbering in Word because it is so fiddly and annoying.

The problem is that Office is a huge and intricate bag of legacy. The work Microsoft did in replacing the menus with ribbon toolbars was admirable in its way, and potentially more touch-friendly, but if you scratch the surface much is unchanged underneath. All the old commands remain.

Microsoft financials: Office and server dominate as Windows falters

Microsoft has released its quarterly figures for January-March 2011. My at-a-glance summary is below.

Quarter ending June 30th 2011 vs quarter ending June 30th 2010, $millions

Segment Revenue Change Profit Change
Client (Windows + Live) 4740 -41 2943 -123
Server and Tools 4643 +494 1774 +214
Online 662 +94 -728 -40
Business (Office) 5777 +402 3618 +399
Entertainment and devices 1485 +341 32 +204

Business as usual? More or less, but there are a few points to note.

The figure that jumps out is the stunning performance of Office, which includes SharePoint and Exchange. Why is everyone buying Office 2010, when a document like the one I am typing now could be done just as well in Word 2.0 from 1991, or more plausibly the free OpenOffice?

The answer is the Microsoft has successfully transitioned many of its customers to using Office with SharePoint and Exchange, making it harder to stick with old versions and selling CALs (Client Access Licences) as well as the Office suite itself. This is highly profitable, though the aspect that puzzles me is that Office 365, which is cloud-hosted SharePoint and Exchange, is more cost-effective for the customer since it includes server software, CALs and in some cases the Office client for a commodity-priced subscription.

In other words, I find it hard to see how Microsoft can remain equally profitable if a significant proportion of its customers switch to Office 365. The company may be depending on its ability to upsell those customers to further online services; or perhaps it has not fully thought this through and has set Office 365 pricing at what it needs to be in order to compete with Google.

Fortunately for Microsoft, there is enough doubt concerning the safety of cloud services to sustain continued strong sales of on-premise solutions.

Second notable thing: Windows is in decline. The reason: it is losing market share to Apple and to Google Android. Netbook sales are down 41% according to the release, and I would guess that those sales have mostly gone to Apple iPad and Android tablets rather than to Windows notebooks.

Will Windows 8 reverse the decline? Speculation of course, but it will not repeat the success of Windows 7. In fact, my guess is that Windows 8 will be a hard sell to enterprises which have finally been persuaded to migrate from Windows XP. They are settling down for another five years of stability. Windows 7 was a consolidation release, just the sort of thing enterprises like. Windows 8 will be a revolution release, with most of the interest focused on what it can do in mobile and tablets. If it does succeed, it will do so slowly; there will be no rush to upgrade from 7 other than from the usual early adopters. It may improve sales in the consumer market, but neither Mac nor iPad nor Android is going away.

That leads on to mobile, the figures for which are buried under a pile of Xbox consoles. A good quarter for Xbox, though note how poor the margins are compared to those for Office or Windows.

Finally, the online money drain continues. Note that this is Bing and online advertising, not Azure or Office 365. Microsoft must feel that it the strategic value of these online services is worth the cost, particularly since they tie into mobile and the ecosystem which Nokia is depending on for a reversal of its fortunes. Given that the company has money to burn, there may actually be some sense in that; though for a segment to make such large and consistent losses over a long period has to be a concern.

Microsoft Office 365: the detail and the developer story

I attended the UK launch of Office 365 yesterday and found it a puzzling affair. The company chose to focus on small businesses, and what we got was several examples of customers who had discovered the advantages of storing documents online. We were even shown a live video conference with a jerky, embarrassing webcam stream adding zero business value and reminding me of NetMeeting back in 1995 – which by the way was a rather cool product. Most of what we saw could have been done equally well in Google Apps, except for a demo of the vile SharePoint Workspace for offline editing of a shared document, though if you were paying attention you could see that the presenter was not really offline at all.

There seems to be a large amount of point-missing going on.

There is also a common misconception that Office 365 is “Office in the cloud”, based on Office Web Apps. Although Office Web Apps is an interesting and occasionally useful feature, it is well down the list of what matters in Office 365. It is more accurate to say that Office 365 is for those who do not want to edit documents in the browser.

I am guessing that Microsoft’s focus on small businesses is partly a political matter. Microsoft has to offer an enterprise story and it does, with four enterprise plans, but it is a sensitive matter considering Microsoft’s relationship with partners, who get to sell less hardware and will make less money installing and maintaining complex server applications like Exchange and SharePoint. The, umm, messaging at the Worldwide Partner Conference next month is something I will be watching with interest.

The main point of Office 365 is a simple one: that instead of running Exchange and SharePoint yourself, or with a partner, you use these products on a multi-tenant basis in Microsoft’s cloud. This has been possible for some time with BPOS (Business Productivity Online Suite), but with Office 365 the products are updated to the latest 2010 versions and the marketing has stepped up a gear.

I was glad to attend yesterday’s event though, because I got to talk with Microsoft’s Simon May and Jo Carpenter after the briefing, and they answered some of my questions.

The first was: what is really in Office 365, in terms of detailed features? You can get this information here, in the Service Description documents for the various components. If you are wondering what features of on-premise SharePoint are not available in the Office 365 version, for example, this is where you can find out. There is also a Support Service Description that sets out exactly what support is available, including response time objectives. Reading these documents is also a reminder of how deep these products are, especially SharePoint which is a programmable platform with a wide range of services.

That leads on to my second question: what is the developer story in Office 365? SharePoint is build on ASP.NET, and you can code SharePoint applications in Visual Studio and deploy them to Office 365. Not all the services available in on-premise SharePoint are in the online version, but there is a decent subset. Microsoft has a Sharepoint Online for Office 365 Developer Guide with more details.

Now start joining the dots with technologies like Active Directory Federation Services – single sign-on to Office 365 using on-premise Active Directory – and Windows Azure which offers hosted SQL Server and App Fabric middleware. What about using Office 365 not only for documents and email, but also as a portal for cloud-hosted enterprise applications?

That makes sense to me, though there are still limitations. Here is a thread where someone asks:

Does some know if it is possible to make a database connection with Office365, SharePoint (Designer) and SQL Azure database ?

and the answer from Microsoft’s Mark Kashman on the SharePoint team:

You cannot do this via SharePoint Designer today. What you can do is to create a Silverlight or javaScript client application that calls out to SQL Azure.

In the near future, we are designing a way to make these connections using the base SharePoint technology called BCS (Business Connectivity Services) where then you could develop a service to service to SQL Azure.

If you cannot wait, check out the Cloud Connector for SharePoint 2010 from Layer 2 GmbH.

It seems obvious that Office 365 and Azure together have potential as a developer platform.

What about third-party applications and extensions for Office 365? This is another thing that Microsoft did not talk about yesterday; but it seems to me that there is potential here as well. It is not well integrated, but you can search Microsoft Pinpoint for Office 365 applications and get some results. If Office 365 succeeds, and I think it will, there is an opportunity for developers here.

Notes from the field: migrating a small business to Microsoft BPOS

Today I assisted a (very) small company migrate from Small Business Server 2003 to BPOS (Business Productivity Online Suite), Microsoft’s hosted Exchange and SharePoint.

Why BPOS, when Office 365 launches later this month? Well, BPOS has all the features they need, and when given the choice between a beta-soon-to-be-just-launched online platform, and one that has been around for a few years, they chose the latter, which is reasonable. Long term it will make no difference, because BPOS users will be migrated to Office 365. It was interesting to me, since I am reviewing Office 365 and this migration gave me good insight into the differences.

Aside: the fact that this is a choice says something about Microsoft. One of the advantages of cloud computing is that improvements can be continuous and incremental, since the software is paid for by subscription rather than through a version upgrade cycle. There is only one Salesforce.com platform; there is only one Google Apps platform. Will there be an Office 720 in two to three years time, or will Microsoft have worked this out by then? It will be hard, because no doubt there are teams working on Exchange 2013 and SharePoint 2013 and these will be delivered as on-premise product upgrades. This also implies that the new features in these products will not be considered ready until the on-premise products go gold; which means that cloud customers have to wait a long time for major enhancements. Changing this cycle will require a profound shift in the way the company functions.

Now a few comments about the process. Overall it was pretty good, and took less time than it normally takes to migrate from one version of Small Business Server to the next. There are  annoyances though, beginning with the migration tools. The challenge is that you want to move mailboxes from SBS Exchange to online Exchange without losing any email.

Email coexistence

The basic approach is this:

1. A directory synchronisation tool copies user accounts to BPOS and keeps them in synch with on-premise Active Directory.

2. A mailbox migration tool copies mailboxes to BPOS and sets up forwarding, so email arriving into on-premise Exchange is forwarded to BPOS.

This is known as email co-existence, because users can log on to either on-premise Exchange or BPOS, and still be able to send and receive mail. Clever stuff, and it does make migration nice and smooth.

The first annoyance: the directory synchronization tool must be installed on a 32-bit Windows Server that is joined to the domain but not a domain controller. Many SBS setups do not have such a thing. In this case, I ran up Virtual PC on Windows 7 64-bit, installed 32-bit Server 2003, joined it to the domain (actually over a VPN), and ran the tool from there.

Actual mailbox migration uses a separate tool which fortunately does run on the SBS server itself. One the users are in place and enabled on BPOS, you run this tool to upload the mailboxes. This takes a while, since you are uploading what is probably several Gb of data. I left this running overnight, but it was only partially successful. Two mailboxes did not upload properly and had to be redone, which was a bit untidy because in one case some folders were duplicated. Fortunately it was not hard to clean up.

Once the mailboxes are migrated, you simply install and run Microsoft’s sign-in utility on each client PC. This automatically configures Outlook with a new BPOS profile, leaving the old profile in place in case of mishaps.

The last step is to change the DNS records so that mail is actually delivered to BPOS rather than to on-premise Exchange.

SharePoint migration

This particular company is reliant on SharePoint for document sharing. Although it is SBS 2003, they have SharePoint Services 3.0 installed; it can be done if you are careful.

Major annoyance: the BPOS documentation is silent on the subject of migrating content. There is a heading in the Migration Help for SharePoint Online; but it does not cover migration from on-premise to BPOS SharePoint at all. There are third-party tools that do this though, and some help from the community.

Of course there are multiple ways to move SharePoint content, though in some cases you will lose version information. I found this article helpful. I was able to start from Step 5, since it was already a SharePoint 3.0 site. Look how clear and concise the steps are; a refreshing contrast to Microsoft’s verbose efforts with seemingly endless sections for overviews, planning and deployment, that take ages to get to the point and still manage to omit key information.

I read the post and the comments, then created a blank site in BPOS. I backed up and then exported the existing site to CMP files, and kept it locked so that no new content would be added. Then I installed SharePoint Designer 2007, which is free, logged into the BPOS site and restored the site.

All the important things restored correctly. Unfortunately the permissions do not migrate, because the BPOS domain is different from the SBS domain; the active directory is only synchronized. I had to fix this up by deleting dud users and groups from the new site and adding groups and users for BPOS. I also added a few web parts to the otherwise blank home page. Nevertheless, considering how painful SharePoint migrations can be this one was pretty good.

I understand though that this simple approach does not always work. I would guess that the more SharePoint is customised, the more likely you are to have problems, which is probably why there is no official tool.

Exchange issues

There were a couple of issues with Exchange. The first was public folders, which are not supported in BPOS. The solution is to use SharePoint lists. Here is how it goes:

  1. Open an on-premise Outlook profile with full access to the public folders. Export each public folder to an Outlook .pst file – the best format for preserving all the data.
  2. Go to SharePoint online and create a new list of the appropriate type. For example, for tasks you need a task list, for contacts a contact list.
  3. Open Outlook with a BPOS profile. In SharePoint online, go to the target list and choose Connect to Outlook from the Actions menu.
  4. The SharePoint list now exists in Outlook. Open the .pst and copy the items exported from the public folder to the new list.
  5. Other users need only connect to the SharePoint list. The magic of synchronization copies the content.

Another issue is mailbox permissions. If you have users who want access to another user’s mailbox, you have to set permissions on the target mailbox to allow this. These permissions do not get migrated automatically. To do this, you have to use PowerShell. This article explains. The easiest route to a correctly configured PowerShell is to use the shortcut to the Migration Command Shell which is installed with the Microsoft Online migration tools.

A note on cost

BPOS costs $10 per user per month, with a minimum of 5 users. In the UK this is £6.72, so from £33.60 per month. Along with Exchange and SharePoint, you get Office Live Meeting (Web Conferencing) and Office Communications Online (Enterprise Live Messenger).

A typical SBS server lasts 3 to 5 years before it has to be replaced. Taking the shorter time for example, BPOS will cost £1209.60 in subscription costs over the lifetime of a physical server.

It seems obvious that if Exchange and SharePoint is all you need, and if you are happy with the implications of the cloud approach, BPOS works out cheaper. Of course the pricing will change, but Office 365 is actually coming out at a similar price for the equivalent features. Yes, you could buy a basic server with SBS for £1209, but that is just the start: installation, firewall, backup and maintenance all add to the cost.

That said, most businesses will still need some kind of on-premise server, even if it is no more than a simple NAS (Network Attached Storage) box. Another real-world problem is that there may be server-based applications which cannot easily be abandoned. If you find you have to run an on-premise server anyway, adding BPOS on top looks less attractive.

There is much more to say about cloud vs on-premise, but it is worth noting that it can be cost-effective.