Microsoft 365 – Governance implementation – Verifying User Presence in SharePoint Site Collections Based on SipAddress

“Success usually comes to those who are too busy looking for it.” 

Greetings SharePoint Enthusiasts,

In this insightful guide, we’ll explore a powerful new functionality that enables the verification of a user’s presence across various site collections in our Microsoft 365 tenant. Leveraging the capabilities of a .NET Core application and Microsoft Graph APIs, we’ve crafted a solution that allows us to seamlessly check for the existence of a user based on their SipAddress.

Key Takeaways from this article

• Learn to implement a robust user verification functionality in a .NET Core application using Microsoft Graph APIs.
• Explore the configuration of Graph API permissions, understanding their importance in dynamic user presence verification.
• Gain practical insights through a real-world example, highlighting the benefits for project managers and team members.
• Understand how this feature expedites project onboarding, enhances task assignment efficiency, and strengthens security oversight.
• Discover the significance of these innovations for improving collaboration and project management in Microsoft 365 and SharePoint environments.

Prerequisites:

Before we delve into the functionality, let’s ensure we have the following prerequisites in place:

• Microsoft 365 Account: Ensure we have a valid Microsoft 365 account with the necessary permissions.
• Microsoft Entra ID Access: Access to Microsoft Entra ID is required for application registration and obtaining authentication credentials.
• .NET Core SDK: Let’s install the latest version of the .NET Core SDK on our development machine.

Real-World Example:

Scenario:

• We find ourselves in a bustling project management environment where multiple teams collaborate on diverse projects within a Microsoft 365 ecosystem.
• Each project is represented by a dedicated SharePoint site collection, serving as the central hub for documentation, timelines, and collaborative efforts.

Challenge:

• Cross-project collaboration is a common occurrence, with team members frequently transitioning between projects.
• Project managers face the challenge of ensuring the seamless presence of team members in relevant site collections for efficient collaboration and task management.

Solution in Action:

Imagine a scenario where Sarah, a project manager, needs to quickly onboard a seasoned developer, Alex, to a new project. With our user verification functionality, Sarah can enter Alex’s SipAddress, initiating a swift verification process across all project site collections.

As a result:

• The system efficiently confirms Alex’s presence in the relevant project site collections, displaying real-time insights into his availability and user status.
• Sarah can now confidently assign tasks to Alex, knowing he is actively present in the project sites, streamlining the onboarding process.

Additionally, consider a situation where David, a team member, is temporarily assigned to support another project due to his expertise. The user verification system ensures that David’s presence is dynamically tracked in both his original and temporary project site collections.

Outcome:

• Efficient On-boarding: Sarah successfully onboard Alex to the new project, saving valuable time and ensuring a quick integration into the team.
• Agile Resource Allocation: David seamlessly transitions between projects, and project managers have real-time visibility into his presence, enabling agile resource allocation and task assignment.
• Enhanced Project Collaboration: The user verification functionality becomes an indispensable tool for project managers, facilitating dynamic collaboration and resource management across diverse projects within the organization.

This real-world example demonstrates how our user verification system addresses practical challenges in project management, providing tangible benefits for project managers, team members, and the overall efficiency of cross-project collaboration.

How the Functionality Addresses Challenges:

• Dynamic User Verification: The new functionality allows us to dynamically verify team members’ presence in various project site collections based on their SipAddress.
• Real-Time Insights: By leveraging parallel processing, the application provides real-time insights into user presence, facilitating quick task assignment and efficient project collaboration.
• Security Oversight: The detailed results, including Azure AD user status, contribute to robust security oversight, aligning with compliance and data access policies.

Benefits in Action:

• Project On-boarding: We can expedite the on-boarding process for team members joining or transitioning between projects by ensuring their immediate presence in relevant site collections.
• Task Assignment Efficiency: Enhance task assignment efficiency with real-time information on team members’ availability in project sites.
• Adherence to Security Policies: We strengthen security protocols by actively monitoring and verifying user presence, ensuring compliance with organizational policies.

Let’s dive deeper into how this functionality brings tangible advantages to project managers, team members, and the overall project management process:

Expedited Project On-boarding:

• Scenario: Imagine a scenario where a new team member joins a project or transitions between projects. With our enhanced user verification, we can expedite the onboarding process by ensuring their immediate presence in relevant site collections. This results in a seamless integration of new members, minimizing downtime and accelerating project initiation.

Enhanced Task Assignment Efficiency:

• Scenario: In a dynamic project environment, tasks need to be assigned promptly to maintain momentum. Our real-time insights into team members’ availability in project sites empower project managers to enhance task assignment efficiency. This leads to quicker task distribution, improved workflow, and optimized project timelines.

Strengthened Adherence to Security Policies:

• Scenario: Security and compliance are paramount in project management. By actively monitoring and verifying user presence, our functionality contributes to robust security protocols. This ensures that only authorized individuals access project-related information, reinforcing adherence to organizational security policies and regulatory requirements.

Streamlined Cross-Project Collaboration:

• Scenario: In an organization overseeing multiple projects, team members frequently collaborate across different projects. Our efficient user verification system enables seamless cross-project collaboration by swiftly confirming team members’ presence in relevant site collections. This results in enhanced communication, knowledge sharing, and overall project synergy.

User Testimonial:

• Implementing this user verification functionality has revolutionized the way we manage projects. The ability to onboard new team members quickly and ensure their immediate presence in project sites has been a game-changer.
• Our project managers now have real-time insights into team availability, allowing for more agile task assignment and improved collaboration across diverse projects. This has significantly contributed to our project success and overall team efficiency.

By incorporating this functionality into our .NET Core application, we’re not just addressing challenges; we’re providing practical solutions that positively impact project management workflows. These benefits, coupled with real-world scenarios and testimonials, showcase the true value of our enhanced user verification system in the realm of Microsoft 365 and SharePoint.

Why Use This Functionality:

• Granular User Visibility: We gain granular visibility into user presence across diverse site collections, enhancing collaboration and project management.
• Real-Time Decision-Making: Empower project managers and administrators with real-time data to make informed decisions regarding task assignments and resource allocation.
• Comprehensive Security Oversight: We ensure adherence to security and compliance policies by actively verifying user access and presence in accordance with organizational standards.
• Time Efficiency: Leverage parallel processing to optimize the verification process, particularly in environments with numerous site collections, saving valuable time for project teams.

Incorporating this functionality into our .NET Core application elevates our project management capabilities, providing a practical solution to the challenges of dynamic team collaboration and user administration across diverse SharePoint sites.

What is Sip Address?

• The SipAddress is a unique identifier associated with a user that follows the Session Initiation Protocol.
• This protocol is widely used for initiating, maintaining, modifying, and terminating real-time sessions that involve video, voice, messaging, and other communications applications and services.

Purpose of Sip Address:

• User Identification: The Sip Address serves as a distinctive identifier for users within the Microsoft 365 environment. It typically takes the form of an email-like address with the “sip:” prefix, such as “sip:username@example.com.”
• Real-Time Communication: Sip Addresses are crucial for enabling real-time communication and collaboration features in Microsoft 365, such as presence information, instant messaging, and online meetings.
• Integration with Microsoft 365 Services: We leverage Sip Addresses to facilitate seamless integration with communication tools, ensuring that users can be easily identified and contacted across various services.
• User Verification: In the context of our article, the Sip Address becomes a valuable component for verifying a user’s presence across different SharePoint site collections, allowing for dynamic collaboration and efficient project management.

Why Use Sip Address in User Verification:

• Uniqueness: Sip Addresses provide a unique and standardized way to identify users. This uniqueness is crucial for accurately verifying the presence of a specific user within diverse site collections.
• Integration with Microsoft Graph: Sip Addresses are part of the user profile information accessible through Microsoft Graph APIs. Leveraging Sip Addresses in our .NET Core application allows for efficient querying of user data for verification purposes.
• Real-Time Insights: By using Sip Addresses, our application can obtain real-time insights into a user’s presence across different projects, contributing to quick decision-making in project management scenarios.
• Communication and Collaboration: Sip Addresses are integral to Microsoft 365’s communication and collaboration features. Utilizing them for user verification enhances the overall collaboration experience, ensuring that team members can seamlessly transition between projects.

In summary, the Sip Address is a critical element that plays a pivotal role in user identification, real-time communication, and user verification within the Microsoft 365 and SharePoint environments. Its unique nature and integration with Microsoft Graph make it an ideal choice for ensuring dynamic user presence across diverse site collections in our user verification functionality.

Navigating to SIP Address in Exchange Admin Center

In Microsoft 365, the Session Initiation Protocol (SIP) address plays a crucial role in user identification, especially for real-time communication and collaboration. If we are looking to find or manage the SIP address for users within our organization, the Exchange Admin Center provides a straightforward way to access this information. Let’s follow these steps together to navigate to the SIP address for a user:

• Access the Exchange Admin Center:

• Open a web browser and navigate to the Microsoft 365 admin center.
• Sign in with our administrator credentials.
• Go to Recipients:
• In the left navigation pane, click on “Admin centers.”
• Select “Exchange” to access the Exchange Admin Center.
• Navigate to Mailboxes:
• In the Exchange Admin Center, let’s find and click on “Recipients” in the left-hand menu.
• View Users:

• Under the “Recipients” section, click on “Mailboxes.” This will display a list of all mailboxes (users) in our organization.
• Select a User:
• Now, let’s scroll through the list or use the search functionality to find the specific user for whom we want to view or manage the SIP address.
• Click on the user to open their details.
• Access Contact Information:

• Within the user details, let’s navigate to the “Contact Information” section. Here, we will find various details related to the user.
• Manage Email Addresses:

• Now, let’s look for the user’s email address section. It usually displays the primary email address associated with the user.
• Click on “Manage email address types” or a similar option depending on the version of the Exchange Admin Center.
• View SIP Address:

• In the “Manage email address types” section, we will see a list of email addresses associated with the user.
• Identify the email address with the “sip:” prefix. This is the SIP address associated with the user.

By following these steps, we can easily navigate to and manage the SIP address for users in the Exchange Admin Center. The SIP address is crucial for various real-time communication features within Microsoft 365, and having easy access to it simplifies user management and collaboration across the organization.

Graph API Permissions: Why Are They Essential?

Sites.Read.All:

• Purpose: This permission allows our application to read items in all site collections without requiring a signed-in user.
• Importance: In SharePoint, sites are organized into collections, and this permission is crucial for our application to fetch information about all these site collections. It enables the application to check users across various sites concurrently.

User.Read:

• Purpose: This permission is necessary to read user profile information.
• Importance: To verify a user’s presence based on their SipAddress, we need detailed user information. The User.Read permission enables the application to access user profiles, including their SipAddress and other relevant details.

Directory.Read.All:

• Purpose: This permission grants the application the ability to read data in your organization’s directory, such as users, groups, and apps.
• Importance: The application needs to navigate through the directory structure to identify the User Information List within each site collection. The Directory.Read.All permission ensures that the application can access directory data, which is crucial for the verification process.

Why We Need These Permissions:

Site Collection Information:

• The Sites.Read.All permission is like having a master key that allows our application to open the door to any SharePoint site collection.
• Without this permission, the application wouldn’t be able to fetch information about all site collections in your Microsoft 365 tenant.

User Profile Information:

• The User.Read permission acts as a key to unlock detailed user profiles.
• It allows our application to retrieve information about users, such as their SipAddress, which is essential for the verification process.

Directory Information:

• The Directory.Read.All permission is akin to a guide that helps our application navigate through the organizational directory.
• It ensures that the application can access directory data, enabling it to identify User Information Lists within each site collection.

How to Grant Permissions:

• Navigate to the Microsoft Entra AD Portal:
  • Go to the Microsoft Entra AD Portal.
  • Sign in with our admin credentials.
• Locate Our Registered Application:
  • In the left navigation pane, click on “Azure Active Directory.”
  • Under “Manage,” click on “App registrations.”
  • Find and select our registered application from the list.
• Go to “API Permissions”:
  • Within our application, click on the “API permissions” tab.
• Add the Required Permissions:
  • Click on “Add a permission” to add the necessary permissions.
  • Select “Microsoft Graph” as the API.
  • Choose “Delegated permissions” and add the following permissions:
    • Sites.Read.All
    • User.Read
    • Directory.Read.All
• Grant Admin Consent:
  • After adding the permissions, click on the “Grant admin consent for [your organization]” button.
  • Confirm the consent prompts to grant admin consent.
  • This step is crucial to apply these permissions across the entire organization.
• Verify Permissions:
  • Once admin consent is granted, ensure that the permissions are listed under the “API permissions” tab for our application.

By following these steps, we grant the necessary permissions to our application, allowing it to interact seamlessly with Microsoft 365 services. If you encounter any issues, refer to our comprehensive guide on granting permissions for detailed assistance – https://knowledge-junction.in/2024/01/18/microsoft-entra-registering-new-application-and-assigning-permissions-to-access-microsoft-graph-apis/

Understanding and configuring these Graph API permissions is fundamental for our .NET Core application. These permissions act as the keys that unlock the doors to SharePoint site collections, user profiles, and organizational directory data, enabling our application to efficiently verify user presence in SharePoint.

Code Walkthrough:

Let’s break down the code that brings this new functionality to life:

private async void OnCheckUserClick(object sender, RoutedEventArgs e)
{
DateTime startTime = DateTime.Now;
try
{
// Get the entered username/sipaddress from the TextBox and trim any extra spaces
var enteredUsername = UsernameTextBox.Text.Trim();

    // Check if the entered username is empty or null
    if (string.IsNullOrEmpty(enteredUsername))
    {
        ResultTextBox.Text = "Please enter a username/sipaddress.";
        return;
    }

    // Authenticate the Graph client to interact with Microsoft Graph APIs
    var graphClient = await _graphService.GetAuthenticatedGraphClient();

    // Set the 'Top' parameter for fetching a specified number of site collections
    int top = 978;

    // Fetch all site collections in the tenant
    List<Microsoft.Graph.Models.Site> siteCollections = await FetchAllSites(graphClient, top);

    // Display a message indicating the start of user checking
    ResultTextBox.Text = $"Checking user: {enteredUsername}\n";

    // Use parallel processing to check users concurrently in each site collection
    var tasks = siteCollections.Select(site => CheckUsersInSite(graphClient, site, enteredUsername));
    await Task.WhenAll(tasks);

    // If no site information is displayed, indicate that the user was not found in any site
    if (!ResultTextBox.Text.Contains("Site"))
    {
        ResultTextBox.Text = "User not found in any site.";
    }
}
catch (Exception ex)
{
    // Handle any exceptions that occur during the process and display an error message
    ResultTextBox.Text = $"Error: {ex.Message}";
}
finally
{
    // Calculate the execution time of the process
    DateTime endTime = DateTime.Now;
    TimeSpan executionTime = endTime - startTime;

    // Display the execution time along with the existing result text
    ResultTextBox.Text += $"Execution Time: {executionTime.TotalMilliseconds} milliseconds\n{ResultTextBox.Text}";
}

}

Explanation:

Getting Entered Username:

var enteredUsername = UsernameTextBox.Text.Trim();

• This line retrieves the entered username or SipAddress from a TextBox and trims any extra spaces.

Checking for Empty Username:

if (string.IsNullOrEmpty(enteredUsername))
{
ResultTextBox.Text = "Please enter a username/sipaddress.";
return;
}

• It checks whether the entered username is empty or null. If so, it displays an error message and exits the method.

Authentication and Fetching Site Collections:

var graphClient = await _graphService.GetAuthenticatedGraphClient();
int top = 978;
List siteCollections = await FetchAllSites(graphClient, top);

• This section authenticates the Graph client to interact with Microsoft Graph APIs and fetches all site collections in the tenant.

Displaying Initial Message:

ResultTextBox.Text = $"Checking user: {enteredUsername}\n";

• It displays a message indicating that the process is starting and includes the entered username.

Parallel Processing for User Checking:

var tasks = siteCollections.Select(site => CheckUsersInSite(graphClient, site, enteredUsername));
await Task.WhenAll(tasks);

• This line initiates parallel processing to check users concurrently in each site collection.

Handling No User Found:

if (!ResultTextBox.Text.Contains("Site"))
{
ResultTextBox.Text = "User not found in any site.";
}

• If no site information is displayed in the result text, it indicates that the user was not found in any site.

Exception Handling:

catch (Exception ex)
{
ResultTextBox.Text = $"Error: {ex.Message}";
}

• This block catches any exceptions that might occur during the process and displays an error message.

Calculating Execution Time:

finally
{
DateTime endTime = DateTime.Now;
TimeSpan executionTime = endTime - startTime;
ResultTextBox.Text += $"Execution Time: {executionTime.TotalMilliseconds} milliseconds\n{ResultTextBox.Text}";
}

• In the finally block, it calculates the total execution time of the process and adds it to the result text.

Now, let’s move on to the methods FetchAllSites and CheckUsersInSite.

private async Task> FetchAllSites(GraphServiceClient graphClient, int top)
{
// Create a list to store site collections
List siteCollections = new List();

// Fetch site collections with the specified 'Top' parameter
var siteCollection = await graphClient.Sites.GetAsync((requestConfiguration) =>
{
    requestConfiguration.QueryParameters.Top = top;
});

// Add fetched site collections to the list (if any)
siteCollections.AddRange(siteCollection?.Value ?? Enumerable.Empty<Microsoft.Graph.Models.Site>());

// Return the list of site collections
return siteCollections;

}

Explanation:

Creating a List for Site Collections:

List siteCollections = new List();

• This line creates a list to store site collections fetched from Microsoft Graph.

Fetching Site Collections:

var siteCollection = await graphClient.Sites.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Top = top;
});

• It fetches site collections using the Microsoft Graph API, with the ‘Top’ parameter limiting the number of site collections.

Adding to the List:

siteCollections.AddRange(siteCollection?.Value ?? Enumerable.Empty());

• This line adds the fetched site collections (if any) to the list. It uses the null-conditional operator (?.) and the null-coalescing operator (??) to handle potential null values.

Returning the List:

return siteCollections;

• The method returns the list of site collections.

Now, let’s proceed with the CheckUsersInSite method:

private async Task CheckUsersInSite(GraphServiceClient graphClient, Microsoft.Graph.Models.Site site, string enteredUsername)
{
// Extract the site ID from the full site URL
var siteId = site.Id.Split(',')[1];

// Fetch the User Information List ID for the current site
var userListIdResponse = await graphClient.Sites[siteId].Lists
    .GetAsync((requestConfiguration) =>
    {
        // Filter to get the User Information List
        requestConfiguration.QueryParameters.Filter = "DisplayName eq 'User Information List'";
    });

// Get the User Information List for the current site
var userList = userListIdResponse.Value;
var userListId = userList.FirstOrDefault()?.Id;

// Check if the User Information List ID is available
if (userListId != null)
{
    // Fetch users from the User Information List for the current site
    var users = await graphClient.Sites[siteId].Lists[userListId].Items
        .GetAsync((requestConfiguration) =>
        {
            // Expand the fields to include 'id' and 'SipAddress'
            requestConfiguration.QueryParameters.Expand = new string[] { "fields($select=id,SipAddress)" };
        });

    // Get the list of users
    var myusers = users.Value;

    // Iterate through each user in the list
    foreach (var listItem in myusers)
    {
        // Extract user information and perform actions
        var userId = listItem.Id;
        var fields = listItem.Fields;

        // Check if the 'SipAddress' field is available
        if (fields != null && fields.AdditionalData != null && fields.AdditionalData.TryGetValue("SipAddress", out var sipAddressValue))
        {
            // Get the SipAddress value
            var sipAddress = sipAddressValue?.ToString();

            // Check if the SipAddress is not empty and matches the entered username
            if (!string.IsNullOrEmpty(sipAddress) && sipAddress.Equals(enteredUsername, StringComparison.OrdinalIgnoreCase))
            {
                try
                {
                    // Try to fetch the Azure AD user with the SipAddress
                    var azureADUser = await graphClient.Users[sipAddress].GetAsync();

                    // Display information about the user, site, and Azure AD status
                    ResultTextBox.Text += $"Site: {site.DisplayName}, Site URL: {site.WebUrl}, User ID: {userId}, SipAddress: {sipAddress}, User in Azure AD: {azureADUser != null}\n";
                }
                catch (Exception ex)
                {
                    // If an exception occurs (user not present in Azure AD), display relevant information
                    ResultTextBox.Text += $"Site: {site.DisplayName}, Site URL: {site.WebUrl}, User ID: {userId}, SipAddress: {sipAddress}, (Not Present in Azure AD)\n";
                }
            }
        }
    }
}

}

Explanation:

Extracting Site ID:

var siteId = site.Id.Split(',')[1];

• This line extracts the site ID from the full site URL by splitting the string.

Fetching User Information List ID:

var userListIdResponse = await graphClient.Sites[siteId].Lists
.GetAsync((requestConfiguration) =>
{
// Filter to get the User Information List
requestConfiguration.QueryParameters.Filter = "DisplayName eq 'User Information List'";
});

• It fetches the User Information List ID for the current site by applying a filter to get the list with the display name ‘User Information List.’

Getting User Information List:

var userList = userListIdResponse.Value;
var userListId = userList.FirstOrDefault()?.Id;

• This section gets the User Information List for the current site and checks if the list ID is available.

Fetching Users from User Information List:

var users = await graphClient.Sites[siteId].Lists[userListId].Items
.GetAsync((requestConfiguration) =>
{
// Expand the fields to include 'id' and 'SipAddress'
requestConfiguration.QueryParameters.Expand = new string[] { "fields($select=id,SipAddress)" };
});

• It fetches users from the User Information List for the current site, expanding the fields to include ‘id’ and ‘SipAddress.’

Iterating Through Users:

foreach (var listItem in myusers)
{
// Extract user information and perform actions
// …
}

• This part iterates through each user in the list, extracting user information and performing actions.

Checking SipAddress:

if (fields != null && fields.AdditionalData != null && fields.AdditionalData.TryGetValue("SipAddress", out var sipAddressValue))
{
// Get the SipAddress value
var sipAddress = sipAddressValue?.ToString();
```

• It checks if the ‘SipAddress’ field is available in the user’s information.

Verifying SipAddress Match:

if (!string.IsNullOrEmpty(sipAddress) && sipAddress.Equals(enteredUsername, StringComparison.OrdinalIgnoreCase))
{
// …
}

• If the SipAddress is not empty and matches the entered username (case-insensitive), further actions are performed.

Fetching Azure AD User:

var azureADUser = await graphClient.Users[sipAddress].GetAsync();

• It attempts to fetch the Azure AD user using the SipAddress.

Displaying User Information:

ResultTextBox.Text += $”Site: {site.DisplayName}, Site URL: {site.WebUrl}, User ID: {userId}, SipAddress: {sipAddress}, User in Azure AD: {azureADUser != null}\n”;

• Information about the user, site, and Azure AD status is displayed.

Exception Handling for Azure AD User Fetching:

catch (Exception ex)
{
// If an exception occurs (user not present in Azure AD), display relevant information
ResultTextBox.Text += $"Site: {site.DisplayName}, Site URL: {site.WebUrl}, User ID: {userId}, SipAddress: {sipAddress}, (Not Present in Azure AD)\n";
}

• If an exception occurs during the attempt to fetch the Azure AD user, relevant information is displayed.

This code, when executed, checks for the presence of a user in various site collections based on their SipAddress. The results are displayed, including information about the site, user ID, SipAddress, and whether the user is present in Azure AD.

We have very good / detailed articles on Microsoft Graph. Kindly please have a look. – https://knowledge-junction.in/category/technology-articles/m365/microsoft-graph/

Conclusion:

In conclusion, our innovative user verification functionality, seamlessly integrated into the .NET Core application using Microsoft Graph APIs, elevates user management within SharePoint site collections. By efficiently addressing challenges in project onboarding, task assignment, and security oversight, this feature enhances collaboration and adherence to organizational policies. The real-world example illustrates its tangible benefits for project managers and team members, showcasing the practical value of our solution. As we encourage readers to implement this functionality, we anticipate its positive impact on project efficiency, security, and overall success.

Stay tuned for more innovative features and practical guides on Microsoft 365 and SharePoint.

Happy coding!

Also get my article updates on my social media handles.

Twitter – https://twitter.com/PrajyotYawalkar?t=oovP0r9FnDtz5nNSJGKO0Q&s=09

LinkedIn – https://www.linkedin.com/in/prajyot-yawalkar-093716224/

Have a wonderful day.

Thanks for reading.