January 2019 Cumulative Update is now available for SharePoint Server 2019

Microsoft has released a new Cumulative Update Pack (CU) for SharePoint Server 2019. This is the 3rd CU released since the product was made generally available last year. Cumulative update provides fixes and enhancements for the product which is a great benefit for any organization. However, it’s always recommended to try the update in a dedicated environment before installing them in production farms.

Important: Its mandatory to install both (Language Independent and language Dependent) packages to to fully patch a SharePoint Server environment. This is because, each SharePoint installation includes Language Dependent and Independent components.

The KB article for January 2019 CU will be available at the following Location in a couple of hours:

  • KB 4461634 – January 2019 Update for SharePoint Server 2019 (language independent) – This is also a security update!
  • KB 4461514 – January 2019 Update for SharePoint Server 2019 (language dependent)
  • KB 4461633 – January 2019 Update for Office Online Server 2019 – This is also a security update!

The download for January 2019 CU is available through the following link:

After installing the CUs you must run the SharePoint 2019 Products Configuration Wizard on each machine in the farm and restart them to effect the changes. If you prefer to run the command line version psconfig.exe you better have a look here for the appropriate options.

SharePoint 2019 January 2019 CU Build Numbers are: Your farm should show these numbers after successful application of the update, so ensure the numbers are reflected.

Language independent fix: 16.0.10340.12101
Language dependent fix: 16.0.10340.12100

Choose when and how you want to receive Office 365 updates (all about rings)

One of the best thing you get from Office 365 or, any Microsoft Cloud stack related product for that matter is that, you are eligible to receive product updates (enhancements, fixes, security updates, new features and so on) regularly for no effort or massive costs on platform migrations every few years. It means Microsoft enhances your experience almost every month now, for no additional cost. ! Yes you go that right !

Take-your-Business-from-Good-to-Great-to-Exceptional

With this post, we will see how we can change the way cookie crumble !. Let’s find out how you can change the update ring so that your tenant will receive updates earlier than the other who are waiting for public release.

Important note (Microsoft): The Office 365 updates mentioned in this blog applies to Office 365, SharePoint Online, and Exchange Online. And do not apply to Skype for Business and related services. These release options are targeted, best effort ways to release changes to Office 365 but cannot be guaranteed at all times or for all updates.

There are 4 rings in Microsoft release management strategy. This is also known as Release Validation.

Annotation 2019-02-02 142700

Any new update is first goes to the respective feature teams and then to the entire Office 365 product team. The entire Microsoft team is the next to receive this to validate the solidness before it goes out to customers. 3rd ring is the Targeted release who will receive it right after Microsoft’s. Finally the Worldwide release (general availability) to those who are waiting for the finest.  3rd ring here (or Targeted) has the advantage here to receive it earlier than the others in the final ring.

Login in to your Office 365 Work or School account with Admin privileges and click on the App Launcher to start.

Important Note (Microsoft): It can take up to 24 hours for the below changes to take effect in Office 365. If you opt out of targeted release after enabling it, your users may lose access to features that haven’t reached the scheduled release yet.

From the app Launcher –> Head on to Admin and click “Show all” to expand blades.

A

Expand Settings –> Click on “Organization Profile”. If you have not done this before, you would immediately see the release preferences stays in Standard release mode which means you are in the last ring.

B

There are a few things to be aware before you choose your option here:

  1. If you setup target release for everyone, it’d better be a test (or POC, UAT) subscription as the change is going to affect for all users in the organization.
  2. 3rd option is the best ! you do not need to have a dedicated test subscription here, as you have few set of users to enable this so it won’t affect to production users. In my case, I only have 5 users in my tenant and I will change the track for my account only. It means, you can have mixed experience users in a single organization (single O365 tenant). Once you choose the best for you, hit “Next” to proceed here.

C

You have to say “Yes” to this.

D

In just a second you will get this message if everything went well. 99,99 it does !

E

By adding people you can define the group you set as target release users. These are the only users going to get the latest during the ring 3 releases (Target) so in my case, it’s just going to be me only. Hit “Save” to complete it.

F

Close the message. And head back to Organization Profile.

G

You should notice the change here. And, you can change the target group of people by adding one or more people under Action menu.

To Add more, next to Release preferences, click Actions –> + Bulk add people for first release under the Standard release heading.
Choose Browse to select a file containing each person’s email address –>
Click Next
and then Close.

H

Until next post, enjoy the updates !!

DISCLAIMER NOTE: This is an enthusiast post and is not sponsored by Microsoft or any other vendor.


Azure AD App Only Authentication

In a simple way, App Only authentication is the ideal method if you want to execute  a task by daemon. This allows you to execute some code without the permissions of a user or without an auth token of a user.

As part of a series of articles, idea of this 1st post is to give you an basic  fundamental understanding on creating an Azure AD App and grant permissions for this App to communicate with SPO.

let’s get this started. Simply head on to your Office365 home page and switch to Admin Centers. From the left pane, click on “Azure Active Directory”. From Azure AD, search for “App Registrations” and click “Add new application registration” link.

A new application interface will pop-up for you. Enter a name, Application type and Sign-on URL and click “Create”. Sign-in URL can be any and it also can be amended later to reflect a different one. A future post will discuss this again on what sort of URLs are used here.

image 

Once the app creation done, you will be given with the app ID and other details related to it.

image

Next- Select Settings –> Required permissions and Add

clip_image001

clip_image002

In this case the API going to be SPO. You can choose the right API based on the requirement.

image

Next, hit “Grant Permission” button on the required permissions tab to provide none-tenant admin user access the application.

A self-signed or public (commercial) certificate must be provided now and then update the Azure AD manifest accordingly.

Following PS can be used to provision the certificate but ensure you have installed OfficeDev PnP PowerShell.

$certroot = 'C:\Site Creator'
$certname = "IntelAi-Cert-1"
$password = ConvertTo-SecureString "P@$$w0rd" -AsPlainText -Force
$startdate = Get-Date
$enddate = $startdate.AddYears(4)
makecert.exe -r -pe -n "CN=$certname" -b ($startdate.ToString("MM/dd/yyyy")) -e ($enddate.ToString("MM/dd/yyyy")) -ss my -len 2048
$cert = Get-ChildItem Cert:\CurrentUser\My | ? {$_.Subject -eq "CN=$certname"}
Export-Certificate -Type CERT -FilePath "$certroot\$certname.cer" -Cert $cert -Force
Export-PfxCertificate -FilePath "$certroot\$certname.pfx" -Cert $cert -Password $password -Force

Following line will copy a string to your clipboard

Get-PnPAzureADManifestKeyCredentials -CertPath 'C:\Site Creator\IntelAi-Cert-1.cer' | clip

Following is how the copied string would look like. It has to be added to the manifest file of the Azure AD application.

"keyCredentials": [
 {
  "customKeyIdentifier": "5lca+kziogw7T6MB4kUrxseK5m8=",
  "keyId": "84153f1a-90b7-4802-b99a-bb75d4f9a35b",
  "type": "AsymmetricX509Cert",
  "usage": "Verify",
  "value": "MIIDAjCCAe6gAwIBAgIQkawCJU0cWYxH8RamKNuqqTAJBgUrDgMCHQUAMBkx
 }
],

Select your application under app registrations in Azure AD. Replace the “KeyCredentials”:[], section, as shown below.

image

Now this can be tested whether the application has required permissions to connect to the SharePoint Online site. For the ClientID, you need to provide application ID of the app you have created.

$password = ConvertTo-SecureString "P@$$w0rd" -AsPlainText -Force
Connect-PnPOnline -Url https://site.sharepoint.com/ -ClientId 0c01f61e-ba27-4ae7-ab19-174884a949fc -CertificatePath 'C:\Site Creator\Site-Cert-1.pfx' -CertificatePassword $password -Tenant intelai.onmicrosoft.com
$myWeb = Get-PnPWeb
$myWeb.Title

DISCLAIMER NOTE: This is an enthusiast post and is not sponsored by Microsoft or any other vendor.

The Installation of the Package is Failed: SharePoint Cumulative Package Installation

clip_image001

This issue is encountered when you place the .Cab File and .exe file in different locations. Or if you have downloaded only the exe file. The is because the Cumulative Package is dependent on the ‘ubersrv_1.cab’ file and hence both the exe and the cab file need to be in the same location for the installation to complete successfully.

image

image

Locating Both Files in the same location will execute and complete the installation successfully.

image