Running the Set-PlannerUserPolicy Cmdlet Has an Unexpected Effect

Although Planner supports a Graph API, the API focuses on management of plans, tasks, buckets, categories, and other objects used in the application rather than plan settings like notifications or backgrounds. It’s good at reporting plans and tasks or populating tasks in a plan, but the API also doesn’t include any support for tenant-wide application settings. In most cases, these gaps don’t matter. The Planner UI has the necessary elements to deal with notification and background settings, neither of which are likely changed all that often. But tenant-wide settings are a dirty secret of Planner. Let me explain why.

The Planner Tenant Admin PowerShell Module

In 2018, Microsoft produced the Planner Tenant Admin PowerShell module. With such a name, you’d expect this module to manage important settings for Planner. That is, until you read the instructions about how to use the module, which document the odd method chosen by the Planner development group distribute and install the software.

Even the Microsoft Commerce team, who probably have the reputation for the worst PowerShell module in Microsoft 365, manage to publish their module through the PowerShell Gallery. But Planner forces tenant administrators to download a ZIP file, “unblock” two files, and manually load the module. The experience is enough to turn off many administrators from interacting with Planner PowerShell.

But buried in this unusual module is the ability to block users from being able to delete tasks created by other people. Remember that most plans are associated with Microsoft 365 Groups. The membership model for groups allows members to have the same level of access to group resources, including tasks in a plan. Anyone can delete tasks in a plan, and that’s not good when Planner doesn’t support a recycle bin or another recovery mechanism.

What the Set-PlannerUserPolicy Cmdlet Does

The Set-PlannerUserPolicy cmdlet from the Planner Tenant Admin PowerShell module allows tenant administrators to block users from deleting tasks created by other people. It’s the type of function that you’d imagine should be in plan settings where a block might apply to plan members. Or it might be a setting associated with a sensitivity label that applied to all plans in groups assigned the label. Alternatively, a setting in the Microsoft 365 admin center could impose a tenant-wide block.

In any case, none of those implementations are available. Instead, tenant administrators must run the Set-PlannerUserPolicy cmdlet to block individual users with a command like:

Set-PlannerUserPolicy -UserAadIdOrPrincipalName Kim.Akers@office365itpros.com -BlockDeleteTasksNotCreatedBySelf $True

The Downside of the Set-PlannerUserPolicy Cmdlet

The point of this story is that assigning the policy to a user account also blocks the ability of the account to delete plans, even if the account is a group owner. This important fact is not mentioned in any Microsoft documentation.

I discovered the problem when investigating how to delete a plan using PowerShell. It seemed a simple process. The Remove-MgPlannerPlan cmdlet from the Microsoft Graph PowerShell SDK requires the planner identifier and its “etag” to delete a plan. This example deletes the second plan in a set returned by the Get-MgPlannerPlan cmdlet:

[array]$Plans = Get-MgPlannerPlan -GroupId $GroupId
$Plan = $Plans[1]
$Tag = $Plan.additionalProperties.'@odata.etag' 
Remove-MgPlannerPlan -PlannerPlanId $Plan.Id -IfMatch $Tag

The same problem occurred when running the equivalent Graph API request:

$Headers = @{}
$Headers.Add("If-Match", $plan.additionalproperties['@odata.etag'])
$Uri = ("https://graph.microsoft.com/v1.0/planner/plans/{0}" -f $Plan.Id)
Invoke-MgGraphRequest -uri $Uri -Method Delete -Headers $Headers

In both cases, the error was 403 forbidden with explanatory text like:

{"error":{"code":"","message":"You do not have the required permissions to access this item, or the item may not exist.","innerError":{"date":"2024-06-13T17:10:10","request-id":"d5bf922c-ea9b-48c6-9629-d9749ab7ec51","client-request-id":"6a533cf8-4396-4743-acf1-a40c32dd11bc"}}}

Even more bafflingly, the Planner browser client refused to let me delete a plan too. At least, the client accepted the request but then failed with a very odd error (Figure 1). After dismissing the error, my access to the undeleted plan continued without an issue.

A Mystery Solved

Fortunately, I have some contacts inside Microsoft that were able to check why my attempts to delete plans failed and report back that the deletion policy set on my account blocked the removal of both tasks created by other users and plans. The first block was expected, the second was not. I’m glad that the mystery is solved but underimpressed that Microsoft does not document this behavior. They might now…

The moral of the story is not to run PowerShell cmdlets unless you know what their effect would be. I wish someone told me that a long time ago.

But a Perfectly Good Workaround Exists

Some ask why the Planner development team have never created a Planner desktop app. A nice Planner mobile app is available and the browser app gets the job done without ever exciting the senses. I guess the reason why is down to two factors: first, resources available to create and support a desktop version across multiple OS (probably Windows 10/11 and macOS). Second, an easy workaround exists: install the Planner browser app as an app.

It’s surprising that Microsoft hasn’t made Planner available in the Microsoft Store using this approach, just like they did recently with the Microsoft Loop app. After installing Loop from the Microsoft Store, it shows up as an installed app in Edge (edge://apps/installed – Figure 1). There’s no difference between Loop and Planner or Twitter, the other web apps I use in this manner.

Install Planner as an App

Microsoft’s instructions to install web sites as apps are straightforward. Find the web site you want, select Install this site as an app from the Apps option in the […] menu, and decide if you want a desktop icon for the app or pin it to the taskbar, and that’s it. Ten seconds should do the job, even if you pace yourself. After that, launching the app will display the web site (in this case, a value like https://tasks.office.com/contoso.com/en-us/Home/Planner/) in its own window.

Figure 2 shows my Planner desktop app displaying the plan used by the Office 365 for IT Pros eBook team to track updates about new functionality and features posted in the Microsoft 365 admin center. Synchronizing message center notifications to become tasks in a target plan is an excellent way to keep track of changes within Microsoft 365.

Everything works exactly like it does in the browser. Which is what you’d expect given that the app is a wrapper around the web site. The convenience comes from Planner running in its own window and the ability to pin the app to the taskbar or desktop.

Guest Access to Planner

I work with Planner in several tenants. To access Planner, I use a private browsing session and a URL like https://tasks.office.com/xxx.onmicrosoft.com, where xxx is the name of the tenant’s service domain. It’s important to use a private browsing session as otherwise the connection to tasks.office.com will redirect and use Planner in your home tenant.

It would be nice to create an app for a guest session to Planner in another tenant. However, when you use a private session, the browser doesn’t offer the option to create an app for the web site. One workaround is to create a desktop shortcut as described in this article. For Edge, I have shortcuts pointing to targets like “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” -Inprivate https://tasks.office.com/xxx.onmicrosoft.com.

Another workaround for guest access to Planner is to use the Tasks by Planner and To Do app in Teams. Given that Teams is a desktop app, using Tasks by Planner could be considered a Planner desktop app, if you wanted to stretch the point a tad.

Workaround Will Have to Serve as Planner Desktop App

Nothing is perfect and Microsoft 365 is certainly not perfect. There are too many moving parts in a state of constant change to allow Microsoft 365 or any individual app to approach perfection. In this case, the lack of a Planner desktop app might be viewed as an imperfection. But as discussed above, workarounds exist that close the gap. That’s as close as we can get for now.

Support the work of the Office 365 for IT Pros team by subscribing to the Office 365 for IT Pros eBook. Your support pays for the time we need to track, analyze, and document the changing world of Microsoft 365 and Office 365.

Planner Audit Events Covered by Purview Premium Auditing Along With To Do and Project

In a development that can only be viewed as a grasping attempt to generate additional, Microsoft announced on June 16 (message center notification MC590113, Microsoft 365 roadmap item 124916) that audit events for Planner, Project, and To Do would be available in the Purview compliance policy, but only if tenants have Microsoft Purview audit (premium) licenses (included in Office 365 E5 and Microsoft 365 E5).

I don’t have any problem with Microsoft imposing premium licensing for audit events generated by Project, which isn’t a mainline application for many tenants. But Planner and To Do are general-purpose applications in widespread use, just like all the other workloads that generate audit events without additional cost, like Azure AD, Exchange Online, SharePoint Online, Teams, and so on.

What’s Can Planner Audit Events and To Do Audit Events Capture?

This is a bizarre development. Planner (Figure 1) and To Do are closely aligned with Teams and most Teams auditable events flow into the audit log without the need for additional licenses. There’s nothing especially noteworthy about the information stored in these workloads. I’m sure that some evidence exists of how people plan nefarious activities using Planner or To Do, but a glance at the auditable events for To Do or Planner doesn’t throw up much that might interest an investigator. Perhaps deleting a plan or adding a member to a roster (for a plan associated with a Loop task list or Microsoft 365 group) might be interesting, but that’s about it. Auditing To Do could be a waste of time as mostly people use this workload to note personal must-do activities.

Apart from auditing Project events, which could be worthwhile for those who want to track user interaction with project plans, the only reason I can see for Microsoft’s decision is a perceived need to add extra value to the Purview Premium Audit solution. Microsoft hasn’t expanded the high-value events like MailItemsAccessed covered by the solution for a while. Including To Do and Planner must have appeared to be a good idea, even when the captured events patently do not pass the high-value test. It’s an example of a decision that seems merited when discussed internally that rapidly fades when exposed to the harsh light of tenant administration reality.

New Solutions Come With New Licenses

We shouldn’t be surprised when Microsoft does things like this to try to drive extra revenue. Although Office 365 continues to grow past its current level of more than 382 million monthly active users, the pressure to increase the average revenue per user (ARPU) is present and is emphasized every quarter when Microsoft discusses its results with market analysts. To drive extra revenue, Microsoft must convince customers to upgrade to more expensive licenses or buy extra add-ons, like Syntex-SharePoint Advanced Management (at least that add-on has some value). The extra few dollars per user per month rapidly accumulates when operating at the scale of Microsoft 365, and that’s why we see Microsoft introduce new features governed by new licenses.

Nickel and Diming

It’s disappointing to see Microsoft try and nickel-and-dime their customers by charging for solutions with marginable value. Planner and To Do should have generated audit events long ago. The reason why the unified audit log has its name is that it’s where events captured from all workloads go. Planner and To Do aren’t special workloads. In most cases, their events are not terribly interesting. Bundling them with Project doesn’t make any sense, especially when you consider how carefully Microsoft has kept clear blue water between Project and Planner over the years.

So much change, all the time. It’s a challenge to stay abreast of all the updates Microsoft makes across Office 365. Subscribe to the Office 365 for IT Pros eBook to receive monthly insights into what happens, why it happens, and what new features and capabilities mean for your tenant.

Synchronizing Loop Tasks with Planner

Updated: 6 June 2023

In a May 10 post in the Microsoft Technical Community, Microsoft discussed some new task management capabilities available through Loop Task List components that now surface in Planner. You can create the task list component in clients like OWA, Outlook desktop, and Teams chats or meeting agendas. Figure 1 shows a typical example with a task list component in the body of an OWA message. According to message center notification MC572515 (June 5), Microsoft will start to roll out the necessary changes in mid-June and complete worldwide deployment in mid-July 2023.

The big change here is the option to “Open in Planner” available from the […] menu at the top of the task list. In the past, Microsoft talked about roster containers (plans without Microsoft 365 groups) and a potential integration between lightweight plans and fluid (now Loop) components. It looks like being able to open the tasks created in a Loop task component in Planner is the outcome of that work.

Graph Planner Containers

The Microsoft Graph defines a planner container resource and notes that two types of planner containers are currently supported: plans contained in a Microsoft 365 group and plans contained in a planner roster.

In this context, the planner roster container holds the set of Loop tasks, the roster (of users authorized to work with the plan) are those who share the Loop component, and the tasks in the container are those created in the Loop component.

Working with Roster Containers in Planner

Figure 2 shows the plan after opening it in Planner. The tasks listed in the Loop task list are present and assigned to the right people. Clicking the Loop icon to the right opens the Loop component using the same browser interface as used if you open a Loop component from OneDrive for Business.

Most Planner plans are associated with a Microsoft 365 group. When working with tasks from a roster container, some features like comments and adding document attachments aren’t available. However, you can add checklist items, labels, update the task description, change the dates, status, and task priority, and add a URL to a web page (Figure 3). You can also add new members to the roster by assigning a task to someone that’s not already in the roster.

While the basics of tasks are synchronized (including new tasks added in Planner), don’t expect all the changes made in Planner to synchronize back to the Loop task list component. The Microsoft support article says that tasks in task list “stay in sync with a plan in Planner.” From this we understand that the roster container is independent of the Loop component. This makes sense because the Loop task object is simpler and doesn’t support the same properties as Planner does. The Planner-specific properties are accessible through the items stored in the roster container, and changes made to the task name, due date, and roster synchronize with Loop and appear in the component. If you add someone to a roster container, you’ll be prompted by Loop to grant access to that person to allow them to interact with the Loop component.

Tasks Everywhere

Because Loop can expose its tasks in Planner, the tasks become accessible elsewhere within the Microsoft 365 ecosystem. Figure 4 shows one of the tasks from the Loop task list opened through the To Do for iOS app (left) where it’s listed in the Assigned to me list. On the right, the Loop for iOS app opens the same task.

Microsoft refers to the ability to access tasks through different apps as “moving components around different surfaces,” which I guess means that the task objects are available to users via their app of choice.

Embedding Loop More Deeply

After waiting so long to see what Planner meant by roster containers, it’s nice to see an actual implementation. I’m not sure quite how many people will hop from one app to another after starting with a Loop task list, but it’s certainly possible if you want to do it.

Insight like this doesn’t come easily. You’ve got to know the technology and understand how to look behind the scenes. Benefit from the knowledge and experience of the Office 365 for IT Pros team by subscribing to the best eBook covering Office 365 and the wider Microsoft 365 ecosystem.

Planner Grid View and Repeating Tasks Arrive Together

First announced in message center notification MC428511 (Sept 2022, Microsoft 365 roadmap item 98104), Planner’s much-awaited grid view has finally made its appearance in tenants, roughly a month late from the adjusted date Microsoft set in November. The January 10 Planner blog post is full of excitement but does nothing to explain why the pace of change in Planner is so slow. This isn’t the first long-delayed feature release. Adding the ability for Planner to generate compliance records is another example of slow delivery.

To be fair to the Planner developers, the update also includes the ability to add repeating (recurring) tasks, something that isn’t included in any message center notification that I can find. The feature showed up in preview in some tenants last October and now it’s available to all. Nice as it is to have an extra feature show up by surprise, the lack of communication is something that the folks who are pushing for better and more comprehensive communication with customers through the Microsoft 365 message center might look into.

Biggest Planner Update Since 2020

Planner hasn’t changed its views since the 2018 introduction of the Schedule view., but Grid view is probably the biggest update since Planner expanded the set of labels available in a plan from six to 25 in 2020. As such, I was disappointed to find that I couldn’t sort tasks by clicking on column headings. Instead, Planner uses the same filter mechanism as available with its other views to select the set of tasks displayed in the view (Figure 1).

It’s logical to want Planner grid view to use the same filter component as the other Planner views. However, once the grid is populated (with or without a filter), it becomes much more useful if you can sort the data by tapping a column heading.

Items in the grid are editable. You can open the full task or edit properties inline. For instance, you can edit a task name, set new dates for task, assign new people to tasks, or move tasks between buckets. The inline editing capability of the grid is especially useful. If you’re used to the Planner web interface, there’s nothing difficult to master in grid view.

The Grid Conundrum

What’s surprising about the time taken for Microsoft to introduce grid view for the Planner web app is that they’ve had a perfectly good example to work from since the debut of the Tasks by Planner app for Teams (Figure 2) in 2020. Even odder, the Teams app allows users to sort tasks by clicking on column headings.

The Teams app is not perfect. Once a plan spans more than a couple of hundred tasks, the app slows down discernibly and it becomes easy to make mistakes, such as marking the wrong task as complete because of unpredictable scrolling in the task list. Nevertheless, it’s a nice way of browsing tasks to update those that need refinement and remove those that are complete.

Recurring Tasks

The implementation of recurring tasks is interesting. A task exists as a single instance, so each occurrence of a recurring task is a separate task. After creating a new task, you can edit its properties to set a start date, end date, and interval (Figure 3). This task exists until you complete it. At that time, Planner creates a new task and adjusts the start and end dates by the set interval.

If you remove the due date for a task, it loses its recurring status because Planner cannot advance the next iteration of the task to a new due date. If you delete the active instance of a recurring task, you can delete the task or all future tasks. Deleting the current task deletes the task and creates the next task in the series. It’s a simple and effective mechanism.

Planner Graph APIs

From a development perspective, Microsoft tweeted that application permissions for the Planner Graph APIs are rolling out and should be available to all tenants by the end of January. Up to now, the Planner API only supported delegated permissions, which meant that an account had to be a member of a plan before it could access task information. This made scenarios such as reporting very difficult (you could make the account used to generate reports a member of every plan in the tenant, but that’s not realistic). It will be interesting to see what kind of solutions appear based on the new APIs.

Insight like this doesn’t come easily. You’ve got to know the technology and understand how to look behind the scenes. Benefit from the knowledge and experience of the Office 365 for IT Pros team by subscribing to the best eBook covering Office 365 and the wider Microsoft 365 ecosystem.

Imprecise Description of Limits

A browse of Microsoft’s documentation for Planner limits caused my brow to furrow. On the surface, the limits are precise and cover both plans and tasks. The problem is with the words used to describe limits.

For example, we learn that a plan can have up to 2,400 active tasks. Presumably, these are tasks in the not started and in progress status, but Microsoft doesn’t make this clear. I infer this meaning by reference to the limit for tasks in a plan, 9,000, meaning that 6,600 tasks can be closed to allow room for the 2,400 active tasks. Again, Microsoft is mute on the topic.

Twenty-four hundred active tasks is not a very large number. Indeed, 2,400 and 9,000 both seem arbitrary limits in a suite where it’s common to store hundreds of thousands of messages or documents. It might seem that 9,000 tasks is more than sufficient for even the most comprehensive plan, but some plans do span large numbers of tasks.

Indeed, the first time I looked at the documented Planner limits, I was worried that the plan the Office 365 for IT Pros writing team use to synchronize and track notifications from the Microsoft 365 message center was getting close. Fortunately, we close tasks as their subject matter appears in a book update, so the current overall total of 2,077 (Figure 1) still has room to grow.

Buckets

The maximum number of buckets in a plan is 200. The layout used by Planner resembles a Kanban format where the cards on the board help people to visualize work. Usually, the columns on the board represent a workflow stage, but Planner buckets can be used for anything, and 200 appears to be more than sufficient.

User Limits

We also learn that an individual user can own up to 200 plans. By owner, I assume that Microsoft means that the user is the owner of the group which owns the plans (a group used by a team can have multiple plans). Although 200 seems a lot, I could see how the limit might be reached if an account is used to create a lot of groups or teams.

Up to 300 plans can be shared with a user. I do not know what this means. Perhaps it’s where an account is a member of a plan. But then Microsoft documents that up to 100 users can be shared with a plan? And there can be up to 10 contexts on a plan. I have no idea what either limit refers to. Thankfully, I don’t seem to have encountered either limit in the six years that I’ve used Planner. Or maybe I have and I haven’t noticed.

Task Limits

Moving on to the Planner limits for tasks, the fundamental building blocks of plans, we find that a task can be assigned to a maximum of eleven people. Most tasks are assigned to one or two team members, so eleven seems sufficient, even if the limit seems a tad arbitrary. A task can include a set of checklist items used to describe individual elements which are part of the task. There can be up to 20 checklist items in a task.

An individual user can create up to 20,000 tasks spread across all the plans they are a member of. They can be assigned a maximum of 3,000 tasks, but there’s no clarification whether this number includes completed tasks or just active tasks.

Then we come to some oddities that Microsoft doesn’t explain. There can be ten references on a task. This might refer to the number of attachments that users can add to tasks, but the Planner UI restricts this to nine. The limit doesn’t refer to comments: I know of tasks with more than 20 comments, each of which is transmitted by email to plan members.

References on a task is a mystery and so is “maximum user data count in user details.” Although I have no idea what this limit is, there can be up to ten of whatever they are for a task.

Practically Speaking

Apart from Microsoft wanting to keep the Planner limits low enough to be useful but not high enough to threaten Microsoft Project, I can’t understand why some of these limits are not higher, especially considering that a team can have multiple plans attached to channel tabs.

Helpfully, Microsoft closes the page by telling us that the Planner limits can be raised or lower at any time, which is nice to know. It would be even better if they documented what each limit meant in a practical sense. However, given the pace at which things happen inside Planner (like creating the ability to move tasks between plans in other groups or creating a way to block users from deleting tasks, I won’t hold my breath.

Learn more about how the Microsoft 365 applications really work on an ongoing basis by subscribing to the Office 365 for IT Pros eBook. Our monthly updates keep subscribers informed about what’s important across the Office 365 ecosystem.

Apply a Block Policy to User Accounts

Planner uses the Microsoft 365 Groups membership model, which means that all members of a group share equal access to group resources, like the plans owned by the group. The default is therefore to allow anyone in the group to delete any task in a plan. The lack of a recycle bin, wastebasket, or other recovery mechanism to allow Planner to recover tasks deleted in error is one reason why you might want some control over task deletion, especially in large and complex plans.

Until recently, I never noticed that it is possible to block people who don’t create tasks from deleting tasks. But administrators can by running the Set-PlannerUserPolicy cmdlet to assign a block policy to an account. For example:

Set-PlannerUserPolicy -UserAadIdOrPrincipalName Kim.Akers@Office365itpros.com -BlockDeleteTasksNotCreatedBySelf $True

Planner applies the block policy on the server, so it is effective immediately. Blocked users can still update tasks, including marking tasks as complete.

The block applies to tasks in all plans. There’s no way to allow someone to remove tasks in all plans except a couple of selected plans.

To check the block status of a user, use the Get-PlannerUserPolicy cmdlet:

Get-PlannerUserPolicy -UserAadIdOrPrincipalName Kim.Akers@office365itpros.com | fl

@odata.context                   : https://tasks.office.com:444/taskApi/tenantAdminSettings/$metadata#UserPolicy/$entity
id                               : Kim.Akers@office365itpros.com
blockDeleteTasksNotCreatedBySelf : True

You need to download the Planner PowerShell module from Microsoft to use the Set-PlannerUserPolicy and Get-PlannerUserPolicy cmdlets. Because it’s really only a wrapper around some Graph API code, the module works oddly, explained in this post.

Applying the Block to Multiple Accounts

If you want to set a block policy for a bunch of accounts, a simple loop does the trick. This code uses the Get-ExoMailbox cmdlet to find all user mailboxes and sets the block for their accounts:

[array]$Users = Get-ExoMailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited
ForEach ($User in $Users) {
    Write-Host "Disabling delete access to non-owned tasks for" $User.DisplayName
    Set-PlannerUserPolicy -UserAadIdOrPrincipalName $User.UserPrincipalName -BlockDeleteTasksNotCreatedBySelf $True
}

What Happens When a Blocked User Tries to Delete a Task

When a user is blocked from deleting tasks they didn’t create, any attempt to remove a task they didn’t create fails. The user experience differs slightly from client to client.

A deletion from the Planner browser UI first seems to work at first (the Delete option is still available). However, after a short delay, the task comes back when Planner realizes that it shouldn’t have allowed the delete to happen. The reappearance of a deleted task is kind of funky until you understand what’s happening.

The same happens in the board view of the Tasks by Planner and To Do app in Teams. However, if you use the list view, the app flags an error and fails to delete the task (Figure 1).

The longest delay between an attempt to delete a task being made and the task coming back is in a To-Do mobile client. This is likely because of some synchronization lag. At first, the task deletion works, but after a delay of several minutes, the task reappears.

Reversing the User Block Policy

To reverse the block policy for a user, revert the setting to False (the default):

Set-PlannerUserPolicy -UserAadIdOrPrincipalName Kim.Akers@office365itpros.com -BlockDeleteTasksNotCreatedBySelf $False

Poor Implementation of Task Deletion Block

Overall, blocking task deletion works, but the user experience is confusing and could result in help desk calls. On the upside, at least the help desk can explain what happens. They can do nothing when an unblocked user deletes a task in error. The lack of client support in the implementation has the hallmark of a quick job, perhaps one done to assuage the complaints of an important customer. It’s a pity if that’s the case. Controls like the block policy are important and should appear as an application matures (and Planner is very much a mature application at this point). Perhaps now Microsoft has this block in place, maybe they can concentrate on creating a recycle bin for tasks?

Make sure that you’re not surprised about changes which appear inside Office 365 applications by subscribing to the Office 365 for IT Pros eBook. Our monthly updates make sure that our subscribers stay informed.

Tasks and Exchange Online

Office 365 Notification MC229058 (8 December 2020) had the headline “Planner tasks storage location update.” In fact, it meant nothing of the sort. Planner continues to use Azure to store its plans and tasks while taking the same route as Teams and Yammer by storing copies of tasks (compliance records) in Exchange Online mailboxes to make those items available for eDiscovery. Microsoft’s original intention was to push the change out in early 2021. Things didn’t quite turn out as they thought, but Planner data is now in Exchange Online mailboxes. In my case, it seemed like a background process populated data for preexisting tasks on 14 December 2021. This closes a gap in Microsoft 365 compliance which existed since Microsoft launched Planner in 2016.

The copies of Planner tasks stored in Exchange Online are automatically indexed and become available to compliance functionality like eDiscovery (core and advanced), communication compliance policies, and retention policies. Microsoft hasn’t said yet when Planner data will be picked up by other compliance features but this can be expected over time.

Substrate and Digital Twins

The Microsoft 365 substrate and brings items together from across Microsoft 365 to let common services like Microsoft Search and eDiscovery work efficiently. Obviously, it’s much easier when a service like Search doesn’t need to process multiple repositories. To make this possible, Planner uses the substrate to create “digital twins” when tasks are created and edited and stores them as items in the mailboxes belonging to the assignees. These items are also called compliance records or secondary copies. The Planner data in Azure remains the storage repository of record.

Tasks assigned to a single user result in the creation of a compliance record in their mailbox. Tasks assigned to multiple users generate compliance records in the mailboxes of all assignees. This mimics the approach taken by Teams when it creates compliance records for personal chats and conversations in private channels.

And like Teams and Yammer, digital twins of tasks assigned to hybrid and guest accounts are stored in cloud-only mailboxes (aka shards), which are also indexed. Unassigned tasks are ignored.

Teams stores its compliance records to a hidden folder in the non-IPM part of mailboxes, the part which isn’t usually exposed by clients like Outlook and OWA. Yammer stores its compliance records in a similar place. Planner uses a folder called AllToDoTasks to store its compliance records. This folder also holds compliance records for To Do items. To generate just the items for Planner tasks, Exchange Online has a MAPI search folder called Folder Memberships\Assigned to Me. Planner displays the contents of this folder when users take the Assigned to Me option in the Planner hub. Exchange Online also stores personal tasks created with Outlook or To Do in the Tasks folder in the client-visible part of the mailbox.

End users aren’t affected by storing compliance records for Planner in Exchange Online. The Planner browser and mobile clients continue to use the Graph API to access plans and tasks in Azure.

Integration with To Do

The original text of MC229058 says that the update supports work “to build deeper integrations between To Do and Planner. Perhaps the existence of copies of Planner tasks in the same mailboxes will make the type of integration demonstrated in the Teams Tasks app easier. There’s no obvious sign of what these integrations might be, but time will tell.

Learn more about Planner, the Microsoft 365 substrate, and eDiscovery in the Office 365 for IT Pros eBook. Updated monthly to keep abreast with important changes in apps like Planner.

Two New Features Delivered in September

For whatever reason, perhaps because they’re part of the Project development group, the Planner team is not good at making new features known to its users. For instance, many new features are not described in the Microsoft 365 message center, and Planner doesn’t appear to have anyone who tries to excite and delight its users with news and advice by posting to Twitter or other social media. You need to keep an eye on its Microsoft Technical Community blog to learn what’s going on. And judging by the small number of views the blog clocks up, few people do that.

Which brings me to the September 30 announcement describing two new features. The first is recommended plans, a new section in the navigation pane in the Planner hub to reveal plans containing assigned tasks for the user that they haven’t opened yet. In other words, it’s a way of drawing user attention to plans where new and unknown tasks lurk waiting for their attention. I’m afraid that I can’t get too excited about this development for the simple reason that it should have been in the product from the start, just like a mail folder flags the existence of unread items.

Moving Tasks in Planner and Teams

The other new feature is more important and useful. Moving tasks between buckets in a plan has always been possible, and it’s also been possible to move tasks between plans belonging to the same Microsoft 365 group. Moving tasks to plans in other Microsoft 365 groups has not. This gap is now closed, and you can now move tasks to any plan in any group you’re a member of. The feature works in both the Planner browser app and the Tasks app in Teams. One difference between the two is that after it moves a task, the Planner browser app displays a link to bring you to the moved task in its new location. The Teams app doesn’t do this.

Moving a task to a plan in a different group is just like moving a task between plans in the same group. After selecting the Move option in the […] menu, you select the target group (Figure 1) and the bucket within the target group and Planner moves the task.

Microsoft’s blog notes that certain fields might not be moved along with a task. For instance, labels are specific to a plan, so they won’t move. To gain insight into what task elements won’t move, the blog points to the support page for the topic. Unfortunately, the page has details of what a copied task contains but nothing about a moved task, so I did a quick test.

Figure 2 shows a sample task before moving while Figure 3 shows it after moving to a plan in a different Microsoft 365 group.

Looking through the different task components, we can see that:

• The assigned owner remains.
• Labels are gone, as expected.
• The progress, priority, start, and end date are preserved, as is the description and checklist items.
• The file attachment is present and points to the original location in SharePoint Online. This is not an issue if the users in the new group are all members of the source group and can use their membership to access the file in SharePoint. It is an issue for people who aren’t members of the source group as they won’t have permissions to access the file.
• No comments exist apart from the “New task created” entry. This is logical because the comments are in the original group’s mailbox.

Overall, moving a task to a plan in a different group results in an acceptable outcome. Labels can be replaced easily, and any problem attachments can be replaced to allow access for all the members of the new group.

Rich Text and Images for Notes

As soon as I complain about the lack of Planner items in the Microsoft 365 message center, one turns up. MC295027 (October 29) describes how a new rich text field will arrive in mid-December to allow users to format notes in tasks instead of being limited to plain text as is the case today. The new control also accommodates images. Initially, only the Planner web client and the Tasks in Teams app will support the new text field, which is being implemented as a new Graph API capability. Microsoft will transfer existing plain text note content to rich text notes automatically, ready for the introduction of rich text support in other Planner clients (mobile, SharePoint Online, and Power Automate). They’ll also make sure that any changes made in one note field will synchronize to the other.

So much change, all the time. It’s a challenge to stay abreast of all the updates Microsoft makes across Office 365. Subscribe to the Office 365 for IT Pros eBook to receive monthly insights into what’s happening.

Rosters are Lightweight Plans

Six months after their original attempt, Microsoft seems ready to relaunch rosters or lightweight plans (MC279089, August 18) by enabling the feature “on Graph for all tenants starting in mid-September and expect to complete by mid-October.” The mention of the Graph is a little confusing because of the use of PowerShell to disable or enable rosters (see below). It means that Microsoft will enable lightweight plans by lighting up the necessary Graph API in Office 365 tenants.

Lightweight plans are Planner plans without Microsoft 365 Groups. Originally, Planner had a 1:1 relationship with Groups and each plan had an associated group. Teams then broke the 1:1 connection by supporting multiple plans per team (group). Lightweight plans have their own list of members (the roster). Members have Azure AD accounts in the tenant. The plans themselves do not exist as Azure AD objects. Instead, Planner manages lightweight plans like other (group-enabled) plans using the same Planner browser interface (references to resources available to group-enabled plans are suppressed). Planner deletes lightweight plans automatically upon the removal of the last member.

Using Fluid-Based Lightweight Plans in Teams Meetings

Microsoft says that the only way to create lightweight plans is through the Graph API for Planner, which Microsoft is extending to deal with roster containers. This brings me neatly to how Microsoft will use lightweight plans. In MC279089, a reference is made to New hybrid work innovations (June 2021), where Microsoft CVP Jared Spataro discussed new features coming to Microsoft 365, including the Fluid Framework.

We know that Teams will soon support fluid components in chat. The natural connection between lightweight plans and Teams is in meetings, specifically to allowing meeting organizers to add a fluid component to track tasks assigned during meetings (the meeting participants form the plan roster).

Fluid components already include a task list, but the tasks captured in this component exist only in the fluid file created in the originator’s OneDrive for Business account. The advantage of linking a fluid component to a Planner lightweight plan is that the tasks captured in the lightweight plan can synchronize with the rest of the Microsoft 365 task ecosystem and be available in apps like To Do or, perhaps more importantly, the Teams Tasks app. Synchronization should mean that the tasks assigned during meetings show up under the Assigned to Me list within My Tasks in the Tasks app. We’ll have to see how the implementation works in Teams. I imagine that the same component will show up in Outlook meetings later (OWA first and later Outlook desktop using the Edge WebView2 component).

Planner’s Ongoing Poor PowerShell Support

In my March post, I commented about the poor support of PowerShell by Planner. Things haven’t improved very much since. Why Planner goes through the current rigmarole instead of supporting the distribution of the PowerShell module via the PowerShell Gallery is beyond me.

If you want to disable rosters (or turn them back on later), you must:

• Download a Zip file containing a PowerShell module file (psm1) from Microsoft.
• Unzip the file to somewhere suitable and block the script module and DLL files.
• Adjust the execution policy for the workstation to allow execution of the downloaded files.
• Import the module file (remember to include the full location of the psm1) into a PowerShell session.
• Check the Planner configuration with the Get-PlannerConfiguration cmdlet.
• Adjust the roster setting with the Set-PlannerConfiguration cmdlet.

For instance, here’s what I did to load the files, examine the configuration, and update the configuration to disable the creation of rosters.

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic at
https:/go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): y

Import-Module "c:\temp\plannertenantadmin\plannertenantadmin.psm1"

Get-PlannerConfiguration
AllowRosterCreation AllowTenantMoveWithDataLoss AllowPlannerMobilePushNotifications AllowCalendarSharing
------------------- --------------------------- ----------------------------------- --------------------
               True                       False                                True                 True

Set-PlannerConfiguration -AllowRosterCreation $False

Exporting Planner User Data

The Planner script module contains the Export-PlannerUserContent cmdlet, which administrators can use to export Planner data for a selected user. For example, to export my Planner data, I ran:

Export-PlannerUserContent -UserAadIdOrPrincipalName Tony.Redmond@office365itpros.com -ExportDirectory C:\temp\plannertenantadmin

The cmdlet took 35 seconds to export 13.7 MB of Planner data from 51 plans. The data for each plan is in a separate JSON-format file (Figure 1) containing details of the tasks and other information used by Planner.

MVP Alex Holmeset has written about using the Planner Graph API to extract data for users and import the data into accounts in a new tenant. Maybe the existence of this capability will make moving Planner data around just a tad easier, even if there’s no equivalent import cmdlet (yet) to process the JSON files.

Moving Forward

Lightweight plans open new possibilities for any app which needs to capture and manage tasks for a small set of users. I’ve been a happy user of Planner for years and use the app to manage the development and progress of the Office 365 for IT Pros eBook. The Tasks app in Teams delivers a nice overhead of personal (To Do/Outlook) and organizational (Planner) tasks. Adding tasks assigned in meetings managed through lightweight plans should be a useful extension. We’ll see when the functionality turns up in apps.

Create Tasks from Teams to Assign Work to Yourself and Co-Workers

Updated 6 February 2023

Message center notification MC250796 (April 15) covers an update to allow Teams users to create tasks from chats and channel conversations. Rollout was supposed to be complete by the end of May, but Microsoft 365 roadmap item 68696 says that delivery is in June. You can access the functionality today using the public preview of Teams.

The idea is very simple. Many discussions happen in chats and channel conversations, some of which end up as tasks which people need to follow up. Microsoft 365 has a tasks subsystem based on To Do/Outlook (personal tasks) and Planner (group tasks), all of which come together in the Tasks app in Teams. Letting people create tasks from Teams messages is logical. When you create a task from a chat, it’s regarded as a personal task. Tasks created from channel conversations are usually group tasks but can also be personal. Guest users can’t create personal tasks, but they can create tasks in any plan they have access to.

Fellow MVP Ståle Hansen is very fond of the feature, which he calls a lifehack. Let’s see how it works.

Creating Personal Tasks

Tasks can be created for any message in a personal or group chat. If you don’t see the Create task option, it’s likely in the More actions menu (Figure 1).

Creating a task takes a single message from a conversation and populates the new task form. The text of the message becomes the title (as shown in Figure 2, you’ll likely want to update the title to make it more obvious what the task is about). It’s also inserted in the task notes along with details of who’s involved in the chat and a deeplink to the thread.

Saving creates the task in the My Tasks section of To Do, the Tasks app in Teams, and the Tasks folder in Outlook (Figure 3). Apart from having some information captured from Teams in the body of the task, they’re just like any other task.

Creating Tasks from Channel Conversations

A team can have one or more associated plans to hold group tasks and a task can be either personal or a group task. These factors make it a little more complicated when you create a task from a channel conversation because you need to select the destination for the new task.

When you choose to create a new task, Teams lists the available target destinations, just like they appear in the Tasks app for Teams (Figure 4). Personal task destinations are first followed by teams with associated plans. Naturally, you only see teams you are a member of. A team might have several plans (like Office 365 for IT Pros in Figure 4), and you then need to expand the list to reveal and select the right plan.

The resulting Planner task created is not fully populated (Figure 5):

• By default, you don’t need to assign anyone to a new task. It is possible that the person creating the task is responsible to carry it out, but it’s also arguable that if I create a task, it’s to remind me to do something. I can always edit the task afterwards if it should be assigned to someone else.
• Any attachments in the Teams message are missing. Planner supports attachments for tasks. However, an attachment to a Teams channel message is posted to the SharePoint Online document library belonging to the team and the plan selected for the task might not be associated with the same team. However, it’s feasible for software to detect these conditions and create a copy of the attachment for the task if necessary.
• Any emoticons or Gifs in the Teams message are missing. This is fine because there’s no way for Planner to capture these graphic elements.

In any case, it’s easy to update the new task using Planner or the Tasks app for Teams to add whatever detail is necessary, including one or more of the 25 labels Planner now supports to help categorize tasks.

Private Channels and Tasks

You can’t create tasks for conversations in private channels. This is likely because Planner isn’t currently supported for private channels.

Guests Can Create Tasks

Guest members of teams have full access to the resources owned by the teams, so although they can’t create a personal task (because guests don’t have Exchange Online mailboxes in the host tenant), they can create tasks in Planner.

Good New Option

Being able to create tasks from Teams chats and channel conversations is a surprisingly useful new capability. It’s only after you’ve used it a couple of times that it becomes apparent quite how useful the smooth interaction between Teams and tasks is. Overall, this is a nice extension to the Tasks in Teams app.

Learn more on an ongoing basis about how Office 365 really works by subscribing to the Office 365 for IT Pros eBook. Our monthly updates keep subscribers informed about what’s really important across the Office 365 ecosystem.

Avoiding the Need to Remove and Recreate Guest Accounts

Microsoft 365 applications like Microsoft 365 Groups, Teams, SharePoint Online, and Planner use Entra ID B2B Collaboration to enable guest user access to their resources. The result is that many tenants have a proliferation of guest accounts to manage. I’ve written quite a few tools to help, including a report of guest accounts and their membership of Microsoft 365 Groups and a comprehensive report of tenant and guest members in Groups and Teams. Management can even be a challenge for guests who want to renounce their membership of a tenant.

In any case, the details of some guest accounts change over their lifetime. On March 2, Microsoft issued documentation for Reset redemption status for a guest user. This doesn’t sound very exciting, but it’s really very interesting because the feature allows tenant administrators to adjust how a guest account is signed into without using the previous technique of removing and recreating an account. The downside of that approach is that access is lost to all the resources available to the guest account like Teams, SharePoint sites, shares to individual documents, and so on. After recreating the account, access must then be regranted for each resource. This process is tedious, especially when the guest features in multiple groups.

Microsoft anticipates that the reset feature will be used in scenarios such as:

• The user wants to sign in using a different email and identity provider. In other words, they now have a different account. For instance, the user might have moved companies and wishes to continue working with your company (a common scenario for professionals like IT consultants and lawyers).
• The account for the user in their home tenant has been deleted and recreated. Entra ID won’t recognize the link between the guest account and the user’s new account.
• The user’s responsibilities have been passed along to another user and they want to assign access to the resources which supported those responsibilities to that user.

Part of the change is performed using the Entra ID admin center. The rest is done with PowerShell cmdlets from the AzureAD Preview module, which you can download from the PowerShell Gallery.

Change the Email (Sign-in) Address for a Guest Account

Unlike tenant accounts, guest users don’t use their user principal name to sign in. Instead, they use their email address. To work, the reset feature changes the sign-in name for the guest account and nothing else. The mail user object created in Exchange Online to allow guest users to receive email is also updated.

In this example, I have a guest account for Jacko Winters. The original email address for this account is Flayosc@outlook.com. The guest is a member of multiple teams and shares some SharePoint documents. I want to reassign access to all these resources to another account called Flayosc@yandex.com. It’s an example of the first scenario described above.

The first step is to update the Mail attribute (Email address) for the guest account with the email address you want to use. Do this through the Entra ID admin center (Figure 1). The new email address cannot belong to any other mail-enabled object in the tenant, such as another guest account. If it does, Entra ID won’t allow you to update the account.

Moving to PowerShell, connect to AzureAD and get the Entra ID account identifier for the guest account you want to replace.

Connect-AzureAD
$ObjectId = (Get-AzureADUser -SearchString “Jacko Winters”).ObjectId
$ObjectId
558d8cbb-a5a2-4ea1-b950-0d0748ca5634

Now create a new User object and populate it with the object identifier for the account.

$OldUser = New-Object Microsoft.Open.MSGraph.Model.User -ArgumentList $ObjectId
$OldUser

Id                                   OdataType
--                                   ---------
558d8cbb-a5a2-4ea1-b950-0d0748ca5634

Issuing a New Invitation

The next thing to do is check that the values returned from the two commands match. If they do, use the New-AzureADMSInvitation cmdlet to reissue an invitation to the new email address. The identifier for the guest user account is passed in the InvitedUser parameter. The myapps.microsoft.com landing page is a default site showing apps available to a user. Here’s the command I ran:

New-AzureADMSInvitation -InvitedUserEmailAddress Flayosc@yandex.com -SendInvitationMessage $True -InviteRedirectUrl "http://myapps.microsoft.com" -InvitedUser $OldUser -ResetRedemption $True

Update: Given the deprecation of the AzureAD module in March 2024 (and the disappearance of the ResetRedemption parameter from the New-AzureADMSInvitation cmdlet), you should switch to the Microsoft Graph PowerShell SDK. This code is the equivalent using the Get-MgInvitation cmdlet:

$User = Get-MgUser -Filter "startsWith(mail, 'Flayosc@yandex.com')"
New-MgInvitation `
    -InvitedUserEmailAddress 'Flayosc@yandex.com' `
    -InviteRedirectUrl "http://myapps.microsoft.com" `
    -ResetRedemption `
    -SendInvitationMessage `
    -InvitedUser $User

See this documentation for more information.

Entra ID creates a new invitation to access the resources currently available to the guest account and sends it to the new email address. You’ll see a response like this:

Id                      : 129c1c12-da99-4879-b258-d14b34601d46
InvitedUserDisplayName  :
InvitedUserEmailAddress : Flayosc@yandex.com
SendInvitationMessage   : True
InviteRedeemUrl         : https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%
2f%3ftenant%3db662313f-14fc-43a2-9a7a-d2e27f4f3478%26user%3d129c1c12-da99-4879-b258-d14b34601
d46%26ticket%3dLStZd8uAONAIbLNIZyfaUZ91VsRczLbzqbFOeHsonSE%253d%26ver%3d2.0
InviteRedirectUrl       : http://myapps.microsoft.com/
InvitedUser             : class User {Id: 558d8cbb-a5a2-4ea1-b950-0d0748ca5634
OdataType: }

InvitedUserMessageInfo  : class InvitedUserMessageInfo {
                            CcRecipients: System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.Recipient]
                            CustomizedMessageBody:
                            MessageLanguage:
                          }

InvitedUserType         : Guest
Status                  : PendingAcceptance
ResetRedemption         : True

Accepting the Reissued Invitation

The invitation arrives at the email address (Figure 2) and the user can accept the invitation to confirm their credentials (set a password) and create an OAuth consent to allow the tenant to read details of the user’s account (Figure 3).

Once the user consents to the permissions, the user account is updated to set the UserState property to Accepted and write the date of the redemption in UserStateChangedOn. We now have a fully functional guest account again. The important point is that the object identifier and user principal name for the account do not change. The only thing which changes is the mail address associated with the account.

The Entra ID audit log contains details of the issue (Figure 4) and redemption of the invitation. While the activity tab confirms the target address for the invitation, the target tab confirms the guest account.

Accessing Resources

In this instance, the guest account has access to several teams and some SharePoint documents. SharePoint access is immediate, including the sites used by Teams. Guest access to Planner also works properly.

After testing that access worked for SharePoint and Planner, I turned to Teams. I expected access to the Teams app to take longer because of the need to complete the process which synchronizes Entra ID with the membership roster used to control access to individual teams. Until this happens, the user is refused access to Teams (Figure 5) and the old email address assigned to the guest account remains visible in Teams (Figure 6). [Note that the display name of the guest account has reverted to Flayosc instead of Jacko Winters]

Unsurprisingly, because the account information in Teams is now outdated, any attempt to add the guest account as a new member of a team also generates an error (Figure 7).

To try to force synchronization, I updated the display name and several other attributes of the account. This had no effect, so I added a couple of new users to the group using Teams to force Teams to refresh its membership roster. The updates flowed through to Entra ID, but nothing happened in Teams.

Get-AzureADGroupMember -ObjectId b647d5ff-3bda-4333-b768-7990084569b6

ObjectId                             DisplayName                   UserPrincipalName
--------                             -----------                   -----------------
cff4cd58-1bb8-4899-94de-795f656b4a18 Tony Redmond                  Tony.Redmond@office365itpros.com
b3eeaea5-409f-4b89-b039-1bb68276e97d Ben Owens (Business Director) Ben.Owens@office365itpros.com
a6bfb216-e88c-4f1f-86d7-04747e5fc686 Ben James                     Ben.James@Office365itpros.com
9ba20686-f869-46e8-85a2-00ec8a035e48 James Joyce                   James.Joyce@office365itpros.com
acb778e8-f587-45de-ae3a-e76007e043b2 Paul Howett                   Paul.Howett@office365itpros.com
98dda855-5dc3-4fdc-8458-cbc494a5a774 Sean Landy                    Sean.Landy@office365itpros.com
6b52fba5-349e-4624-88cd-d790883fe4c4 Ken Bowers                    Ken.Bowers@office365itpros.com
558d8cbb-a5a2-4ea1-b950-0d0748ca5634 Jacko Winters                 flayosc_outlook.com#EXT#@office365itpro

Get-AzureADuser -ObjectId 558d8cbb-a5a2-4ea1-b950-0d0748ca5634 | ft mail, displayname, objectid

Mail               DisplayName   ObjectId
----               -----------   --------
flayosc@yandex.com Jacko Winters 558d8cbb-a5a2-4ea1-b950-0d0748ca5634

The Original email address can’t be used to sign into Teams either. Eventually, after a couple of days, Teams synchronized with Entra ID and the updated account details became visible in Teams. However, the updated account could not sign into Teams.

Come Home to Teams

Working with the Entra ID development group, the problem was diagnosed to due to the way Teams tries its best to bring a user to their home tenant. In the case of guest users, Teams uses the sign in address to locate the tenant and headed off to the wrong place. When using an explicit redirect to the tenant identifier, like https://teams.microsoft.com/?tenantId=c662313f-14fc-43a2-9a7a-d2e27f4f3478, the user can connect.

Obviously, there’s some work for Teams to do to cope when administrators assign new email addresses to guest accounts, but at least the problem is known, and Microsoft will no doubt fix the issue soon.

All this work for a few lines in Chapter 13 of the Office 365 for IT Pros eBook. It just goes to prove how much work and effort the writing team puts in to keeping content accurate, refreshed, and updated. Subscribe now to receive monthly updates of goodness.

Update: On April 14, 2021 Microsoft said that they will not be moving forward as planned and will announce a new approach once they have considered feedback received from customers. On August 18, Microsoft posted MC279089 to say that they would roll-out “lightweight plans in Planner” in mid-September. A single roster container can hold a single lightweight plan,

Planner’s Odd Attitude to PowerShell

I really wish a proper PowerShell module existed to manage Planner. If the Power Platform people can create a module to control the settings for self-service purchases, it’s not beyond the wit of the Planner team to create a module for its settings.

The problem has existed for a long time. Back in 2018, Planner introduced the capability to synchronize tasks with Outlook using an iCalendar feed. The Planner team also gave tenant administrators the ability to block the feature. It was clunky and horrible.

Planner Makes PowerShell Easy. Or Maybe Not

Three years later, Planner hasn’t delivered many other management settings for tenant administrators, but when it does, the same approach is rolled out. There’s no UI in the Microsoft 365 admin center. Instead, administrators get down and dirty with PowerShell to:

• Download a Nuget package containing the Microsoft Active Directory (ADAL.NET) class library and other bits.
• Rename the file to be a ZIP (which it is) and extract all the files to a suitable location on the PC.
• Make sure that all the DLLs are unblocked (through file properties).
• Create PowerShell psm1 (script module) and psd1 (module manifest) files by copying code from a web page.
• Import the script module into a PowerShell session.
• Run commands contained in the script module.

It’s a boring process that the Planner team should fix to make it easier to manage their app settings in a regular PowerShell module published in the PowerShell gallery. For instance, it would be nice to be able to define a default set of labels (now that a plan has 25 labels to play with) or define a default background for a plan instead of letting Designer do its best. But no, Planner and PowerShell is a total mess undermining the intention of PowerShell to make it easier for administrators to accomplish tasks.

New Roster Containers and Plans Coming in April

Normally, I avoid this kind of messing around and leave it to people with more patience and available time. On this occasion, the announcement in message center notification MC242586 (March 3) of “Planner’s New Roster Containers” brought me down the sorry path to PowerShell hell.

According to the post, a roster container is a plan created without an association with a Microsoft 365 group. It’s an awful name that I hope Microsoft will change before the software is available. I assume the roster is the membership list for the container which replaces the Microsoft 365 group.

No UI is available to create a roster plan within a container, but a Graph API is due to be enabled in all tenants on April 5. If enabled, anyone in a tenant can create a roster plan and define its membership. Any member can add or remove other members. The resources belonging to a Microsoft 365 group like a SharePoint Online team site aren’t available to roster plans, which seems like they inhabit their own world.

Although Microsoft doesn’t say how they plan to use rosters, it’s easy to see how this might be useful for Teams shared channels. Unlike regular channels or private channels, both of which depend on Microsoft 365 group membership for access, shared channels use federation to allow individual users and other teams to collaborate in a channel. A roster-based plan would allow a shared channel to include a plan.

Disabling Roster Plans

Microsoft warns that disabling roster containers means that a tenant won’t be able to take advantage of some upcoming Planner features. Given that they don’t say what those features are, the information is not all that helpful. You can therefore disable roster containers until you understand what the new features are and if they are needed by the tenant.

This is when we need to re-enter PowerShell hell and follow the instructions to download code, create a PowerShell module, and run some cmdlets. All of which makes a task which should take a minute or so last much longer, especially when the documented instructions to set the Planner configuration are incorrect (Figure 1) and authentication is required before running each command. That’s a particularly charming and unique aspect of Planner’s approach to PowerShell.

For now, I have disabled roster containers on my tenant. I’ll review my decision when I hear more about how Microsoft plans to use roster containers and if necessary, I’ll go through the process again to enable rosters again.

Keep up to date with the important changes in Microsoft 365 by subscribing to the Office 365 for IT Pros eBook. We’ll tell you when it’s safe to go back into the torrid waters of Planner PowerShell among other more interesting topics.

Eliminate Boredom by Changing Backgrounds in Planner

Office 365 Notification MC227304 published on November 21 promised that Planner would get “smart backgrounds” (Microsoft 365 roadmap item 66578). Given the slow pace of development in Planner, it’s an odd decision to prioritize this update. Who knows that we needed to liven up the dull and boring backgrounds used by Planner to date? In any case, the update is rolling out now and is due to complete at the end of January.

The smart part of the moniker comes from the use of the PowerShell Designer component to come up with a suitable graphic background based on the plan name. Obviously, the backgrounds wouldn’t be smart at all if Designer did its own thing and never took the plan name into account. But it does, and the world is a better place.

Any Plan Member Can Change Background

Any plan member (member of the underlying Microsoft 365 group) can select a background. Go to the […] menu and select Plan settings. From the General tab, select one of the suggested backgrounds generated by Designer (Figure 1). Designer comes up with some nice images and it’s interesting that it often makes different suggestions to different plan members.

The background is a plan setting. Once a new background is selected, it applies until another plan member decides that it needs to be changed. This leads to the interesting notion of a background war where different people make their choice of background to frustrate other plan members. There’s no way for a group owner to lock the background and stop frequent changes. You must depend on people behaving maturely.

There’s also no way to upload and apply a background image, such as a corporate logo, either on a per-plan or per-tenant basis. I’m sure that there will be a clamour for this feature soon along with a demand for controls to stop people changing the logo.

New Plan Settings Layout

You might notice from Figure 1 that Planner is using a redesigned layout for Plan settings. The settings are now grouped into three tabs, with the Group tab available only to group owners (the settings which affect a group are here). The new layout is more logical and effective, so it’s a good change.

Changes Trickling Through

Smart backgrounds are one of the changes promised in October 2020. The other changes (being able to use 25 labels instead of six and being able to create tasks from a Teams chat or channel conversation) haven’t shown up yet.

Need more information about Planner? The Office 365 for IT Pros team uses Planner extensively to help track work done to update and refresh the book, which means that our Planner content is pretty good. At least, we think it is.

How to Share Sensitive Information Outside Your Tenant Through Planner Comments

Planner is the Office 365 group-based task management app. I like it a lot and the Office 365 for IT Pros team uses Planner to track things we need to do for the book, including importing Office 365 notifications as they appear in the Microsoft 365 message center. Sometimes the Planner developers can be accused of not telling people about new developments in the app, but here’s an example of where something in the app just doesn’t work the way it should.

A recent request by Mike Tilson on Planner User Voice asks Microsoft to close off what he considers a potential security issue. The issue is easy to reproduce.

• Create a new task in a plan and assign it to someone in the team.
• Add a comment to the task. Depending on the email distribution settings for the underlying Microsoft 365 group, team members will receive an email with the comment. Alternatively, they can open the group mailbox to see the messages containing the comments there.
• Reply to the message with the comment. Normally the message will go back to the person who created the comment and the Microsoft 365 group. Before you send the message, add the email address of someone else outside your tenant (not a guest account in the tenant).
• The external recipient receives the comment and any further comment added to the task. They can reply to the messages they receive with comment updates and those responses are added as comments to the task, which is what you can see in Figure 1.

Figure 2 shows the message thread as viewed by the external recipient. It’s obvious that they could learn about some sensitive information through this mechanism.

Obviously, people shouldn’t be able to add external recipients to task comments. The only people who should see this information are members of the team, which could include guests.

No Way to Fix the Problem

The big problem is that once an external recipient is added in this manner, there’s no way to highlight that an external person is receiving comment updates, nor can the plan owners remove the external recipient.

According to the user voice post, the problem was reported to Microsoft in a support ticket and the response came back that Planner is working “by design.” I can’t understand the logic of such an answer. There’s no good reason for anyone to design an app that allows possibly sensitive information to leak outside an organization without any method to prevent this happening or close the hole once it does. That doesn’t sound like normal Microsoft practice and it’s certainly not the response I would expect or accept from a product group.

It might be the case that the support agent handling the problem did not understand the potential impact that such a leak could have, but I think it’s more probable that the development group never anticipated that anyone would add an external recipient to a message containing comments and therefore did not think through what might then happen.

Vote for Change

If you’re concerned about this situation, please upvote the user voice request. I’ll share this information with some people who might take a more proactive stance than the support response. Let’s hope that this hole can be closed soon.

Planner Has Poor Record of Notifying Office 365 Tenants About New Features

Updated February 24, 2021

As has become the norm with Planner, another change has crept into the application without anything being notified to Microsoft 365 tenants. The new change increases the number of Planner labels available in a plan from 6 to 25. But the lack of notification is a continuation of a sequence including:

• Highlighting when changes are made to the app and tasks in a plan.
• Support in the Planner browser client for (limited) offline mode (also available in Planner for iOS).
• Sharing iOS items to Planner.

Some of these are small changes which probably don’t deserve much highlighting because they are small evolutionary steps, but it’s a pity that Planner doesn’t do more to let people know what they’re up to.

Better Labels

Take a change that showed up in my tenant this week. Planner has always had the ability to add up to six colored labels to a task to mark the task in a way chosen by plan members. Some use the labels to give different levels of urgency to a task, others to mark the task as being in a certain category. It’s up to you. Figure 1 shows the old-style Planner labels, which pop-out of the right-hand side of a task.

The new method of accessing and applying labels is better. The old approach was often hidden to users, who can now simply use the Add label option when editing a task to view the set of labels available in the plan and choose the labels they wish to apply to a task (Figure 2).

Like in the past, any member of a plan can edit the text name given to a label. There’s no way for the plan owner to lock the names assigned to labels. This is a curious omission because it’s entirely possible that a member can edit a label to give it a completely different meaning to its previous use.

In any case, labels are now more accessible and easier to use, so it’s a good change.

Changes Coming to Planner

According to Microsoft, more changes are coming to Planner. According to the Get more done with Microsoft Planner session in the Microsoft Technical Community video hub, Effective February 24, Planner supports up to 25 labels instead of the previous six. (see Figure 2).

Planner will also has customized backgrounds (delivered in January 2021) and is due to get a more intelligent way of selecting files to attach to tasks. The Teams integration with Planner will allow users to create new tasks from any chat or channel conversation through the Create task option in the […] menu. I totally overlooked the advent of “confetti” in Planner, used to sign when a final item in a checklist is achieved or when a task is complete, as well as a checklist completion bar to show progress as you work through a set of tasks.

Details of the arrival of 25 labels for Planner are in MC241349 published on February 24. I can’t recall seeing details of the confetti and progress bar being published in a message center notification. Such is life. You need to keep a wary eye out in many places to learn what’s happening in Planner. It’s part of the ongoing work required from tenant administrators to keep track of what’s happening across the Microsoft 365 ecosystem.

Details, details, details… So much changes in so many ways across all the Office 365 apps on an ongoing basis. Stay current by subscribing to the Office 365 for IT Pros eBook!

Planner Likes to be Connected

Planner is a browser-based app. A mobile app is available but not a desktop app. In short, Planner expects you to be online to work with its plans and tasks. The same is true of Teams if you work with Planner data through its Tasks app or a channel tab.

Although the Planner iOS client has read-only capability when offline, I’ve never attempted to work with the Planner browser client without a network connection. It seemed like a fool’s errand to try, and it was only by accident that I came to be working through a set of new Office 365 notifications imported into Planner through the synchronization with the Office 365 admin center when our ISP link failed. When I updated a task to move it to a different bucket, Planner noticed that it was offline and displayed the message shown in Figure 1.

Not Like Outlook

Many products include some form of offline capability. Usually data is cached locally to allow the app to continue working during a network outage. The app’s functionality might be reduced, but at least users can get some work done. Outlook is an example of a product designed with offline capability in mind. For almost 20 years (since the introduction of “drizzle-mode synchronization” in Outlook 2003), it’s been possible to have a complete copy of user mailboxes offline and to be able to work with the mailbox contents when no network is available. When the network link is restored, Outlook synchronizes any changes made offline and downloads new information available on the server.

Planner can detect network changes, caches information about tasks and plan structure (like buckets).  When the network connection is available, Planner synchronizes the changes made offline to the server. However, Planner is no Outlook.

What Planner Can Do Offline

After testing with both the Edge (Chromium) and Brave browsers on Windows, it seems that you can perform the following operations when working offline:

• Add a new task to a plan.
• Update task properties like progress (not started, completed), start and due dates, notes, comments, and priority.
• Add or remove a web link or file attachment.
• Add or remove checklist items for a task.
• Move tasks between buckets.
• Assign a task to team members.

You cannot:

• Start Planner when offline.
• Add a SharePoint item to a task.
• Create a new plan for an existing group or with a new group.

Using the cached data, Planner Graphs and Schedule View are available when offline.

Occasionally Planner won’t be able to update an item (Figure 2) and you’ll have to wait until the network is available before proceeding.

A Good Start

Planner’s offline capability is basic. It’s a version one implementation that should improve over time. Whether it’s enough to keep people working during extended network outages remains to be seen, but it’s enough to handle transient connectivity drops. It’s just a pity that the Planner developers say nothing when they introduce a new feature like this – not in their blog, an Office 365 notification, or in a Microsoft 365 roadmap item (only 10 items are listed for Planner).

Discovering stuff like this sometimes can only be done through ongoing use of Office 365 apps. The Office 365 for IT Pros eBook team uses Office 365 to create the book; it is based on real-life experience, which is why its content is so valuable.

Edge Now the Preferred Microsoft 365 Browser

Even if you spend time reading all that’s posted to the Microsoft Technical Community, you might have missed the August 17 post announcing that Microsoft 365 will soon end support for Internet Explorer 11. In a nutshell, support in Teams finishes on November 30, 2020 while August 17, 2021 is when support ceases in other Microsoft 365 browser apps like OWA, Planner, To Do, and Yammer plus all the administrative portals.

Microsoft’s advice is unambiguous: use Edge (the Chromium-based version). The legacy (original) version of Edge stops getting security updates on March 9, 2021. Curiously, Microsoft refers to legacy Edge as a “desktop app” instead of a browser, but I guess that’s just a matter of semantics.

Teams First to Dump Internet Explorer

While the other Microsoft 365 apps have a year left to support Internet Explorer, Teams stops in just over a quarter. Microsoft doesn’t explain why they want to accelerate deprecation of IE11 support in Teams, but it might be linked to the lack of calling and video support in IE11 for Teams meetings. Given the massive upswing of demand for Teams meetings since the pandemic started, it’s unsurprising that Microsoft would want to make sure that Teams users avoid Internet Explorer.

I doubt the demise of IE11 will cause many problems for Teams users. Mac users are more concerned about Safari support for Teams (audio is supported in meetings, but video is not). Linux users who don’t use the Teams Linux client have Chrome and Firefox browsers to choose from.

Another point to consider is that Teams uses a three-week update cycle to make new functionality available to clients. The longer IE11 remains supported, the further it falls behind in terms of the new meeting functionality recently introduced for Teams.

IE Gets More Time in Other Microsoft 365 Apps

Microsoft 365 has a bunch of browser clients, some of which are refreshed almost as quickly as Teams is (OWA is an example). The longer time allowed before the Microsoft 365 apps stop supporting IE11 might be linked to the relatively straightforward nature of the apps. SharePoint Online and Stream both support IE11 only in document mode, perhaps because of the video playback capabilities available in both clients. Forms, on the other hand, also supports video playback, but proclaims itself to be optimized for IE11.

Move Now

No matter what the reason is, the simple fact is that IE11 has a limited lifetime inside Microsoft 365. It’s time to move any IE11 diehards to one of the supported browsers, unless they enjoy discovering just what Microsoft means by “customers will have a degraded experience or will be unable to connect to Microsoft 365 apps and services on IE11.”

Degraded could be anything from “a feature just doesn’t work” to “a feature works slowly.” Being unable to connect is more fundamental but could come about through something like a change in conditional access policies which IE11 can’t handle. In either case, the experience is unlikely to be anything to write home about. Time to move. And soon.

The September 2020 update for the Office 365 for IT Pros eBook will remove most mentions of IE11 (there are twelve right now). It’s one of the nice things about having a book that’s updated monthly. When Microsoft changes, we do too.

Planner Slips Changes in Quietly

I’ve noted before that Planner is in the habit of introducing new features without posting a notification in the Office 365 message center. The Planner developers have been busy recently with the introduction of the Tasks in Teams app, which delivers a unified view of personal and team tasks, but they’ve also managed to polish the browser app. Two user interface changes I have noticed are:

• Planner prompts if you should refresh the app (reload the browser page) to pick up changes/fixes. This won’t affect you if you load Planner every couple of days or use it through Teams or SharePoint Online, but it’s a nice update for those of us who keep Planner open in a browser tab.
• Planner now notifies you if changes were made to tasks in a plan while you were inactive (Figure 1). This is a nice update that would be even better if it told you which tasks were updated and by whom, but you can’t have everything at once.

The Lack of a Change Log in a Plan

Today, no log exists to track what happens inside a plan Ideally, it would be nice for team members to view details of all changes made to tasks in a plan. The log might track:

• Creation of a task.
• Assignments of a task.
• Task updates, such as changing the progress, adding an attachment, or updating the notes.
• Task completion.
• Task deletion (this is especially important because Planner doesn’t have a recycle bin or other way to recover a deleted task).

Ideally, the log should be exportable to CSV.

Planner’s Lack of Support for the Office 365 Audit Log

In addition to providing a user-visible change log within a plan, Microsoft needs to do better about Planner support for the Office 365 audit log. Several user voice requests have been made to the Planner development team about the need for auditing, including one from 2016, soon after Microsoft launched Planner. The idea has also surfaced in the Microsoft Technical Community. In neither case, the technical community seemed relatively disinterested.

Three years ago, I noted that the Office 365 audit log doesn’t capture anything for Planner. The same applied to Teams at the time, but Teams has since fully embraced auditing and a great deal of useful information flows into the audit log. Planner is an outlier in this respect when you look at the list of Office 365 workloads which generate audit records for the audit log. I mean, if a relatively unused application like Sway can generate audit records, surely Planner can?

We think about details like this to make sure that we cover Office 365 topics at the right level in the Office 365 for IT Pros eBook. It’s the small, but important stuff, that makes the difference.

Planner’s Aversion to Office 365 Notifications

As we all know, it’s hard to keep up to date with changes inside Office 365. The task is a little harder when some Microsoft development groups don’t announce changes in the Message Center in the Microsoft 365 admin center and force you to go looking in different places for information.

The Planner development group is one such example. Despite the availability of a good integration between Planner and the Message Center, news about functionality changes in the Planner app seldom show up as Office 365 notifications. Compared to the Teams development group, which at times seems to make daily announcements, the Planner people are mute. It’s almost like they don’t want Office 365 tenants to know when they’ve done something good.

Sharing to Planner from iOS

Ignoring Office 365 notifications might be a cunning plan to increase traffic for the Planner blog, because that’s where new features are often announced. A recent browse of the Planner blog unearthed several interesting pieces of information, including the news that the Planner iOS app supports the share action. This is a good example of a new feature that should have been highlighted in an Office 365 notification.

You can select web pages, tweets, or even Facebook posts and share them as new tasks created in any plan you can access. In Figure 1, I’ve selected a tweet and opted to share it to Planner. You can see the target plan and bucket chosen.

Because tweets generally don’t have a lot of context, the resulting task created in Planner is simple. The task name is present along with a web link attachment and icon (Figure 2). To make the task useful, you’ll have to add the missing pieces like a description, start and end date, labels, and so on, and then assign it to someone.

How We Use iOS Share to Planner

Even if the tasks created by iOS sharing are barebones, the feature is still very useful in terms of capturing items that might need some response by a team. In our case, we track change inside Office 365 and need to know when something new happens so that the relevant update is made to a book chapter. Lots of information about Office 365 applications and the Microsoft 365 ecosystem is shared in social media and being able to create tasks from iOS makes it easy to remember and follow up a topic.

Not-so-Important Updates

Some of the other topics covered in the Planner blog aren’t quite as useful. For instance, the news that completed tasks are now celebrated with “digital confetti” is unlikely to make Planner more useful. It’s in the same category as OWA joyful animations: interesting for about 15 seconds.

On the other hand, the news that Planner has solved the problem of uploading attachments to tasks when Planner is used through Teams is good.

Other recent changes that I’ve noticed include that when you open a plan, Planner now tells you if someone else has made changes to a plan since you last accessed it. Again, not too important for many, but some will enjoy it.

Despite our frustrations with the way Planner releases news of new features, we’ll keep on plugging away to make sure that the readers of the Office 365 for IT Pros eBook are updated with the latest and most relevant information. It’s what we do.

Labels for Groups, Teams, SharePoint, and Planner

Microsoft announced at the Ignite 2019 conference that they were bringing Office 365 sensitivity labels to Office 365 Groups. The update will affect apps depending on groups like Teams, SharePoint Online, and Planner.

Today, sensitivity labels can apply visual markings and rights-management based encryption to documents and messages. Microsoft is expanding the set of properties managed for labels through the Security and Compliance Center to include a set specially for Groups. The new set includes the access type (private or public) for the group and if it supports guest users.

The Effect on Group Creation

Once published to users in a label policy, they can only create new groups based on the settings in the policy. If two or three labels are in the policy, users can select from those labels, and the settings for the selected label like access type are assigned to the new group.

It’s important to note that the classification property assigned to a group is unaffected by a sensitivity label. The classification for a group is a text-only visual marking to show the kind of content contained in the group. It has no affect on how the group works unless you write some PowerShell to apply settings based on the classification.

All the dependent apps, like Teams and SharePoint Online, are being updated to show when a sensitivity label is assigned to the underlying group. Teams already synchronizes the classification assigned to a group to any private channels and will also synchronize the sensitivity label to ensure that everything has the same label.

Labels Aren’t Stamped on Group Contents

Although Groups pick up settings from a sensitivity label, the data stored in a group are unaffected by the visual marking or protection settings in the label. In other words, if you create a new conversation in a group or add a new document to the SharePoint Online site belonging to the group, the sensitivity label is not assigned to the item, so it will not be marked with a header and/or footer or encrypted as defined in the label properties. That capability is likely to come in the future, but for now, sensitivity labels are being used as container markings rather than being applied to the individual items within the containers. Expect this to happen in the future.

No Retrospective Labels

It’s also the case that Office 365 only applies label settings to new groups. Microsoft says that they might provide some PowerShell scripts to retrospectively assign labels to old groups, but there’s no certainty on this point. Even if Microsoft doesn’t, the script is likely to be easily written as a call to Get-UnifiedGroup to find old groups (or, for better performance, to Get-Recipient) followed by running Set-UnifiedGroup to assign an available label to each group. Some care is needed in writing such a script to ensure that the right label is stamped on groups, but as they say, “it’s only a matter of programming.”

Public Preview Soon

The public preview of sensitivity labels for Office 365 Groups is likely to begin in about two weeks after the necessary updates roll out for Teams, Planner, SharePoint Online, and other affected apps. An update to the Exchange Online PowerShell module is also needed to allow labels to be manipulated for groups.

We’ll keep an eye on developments in this space and will report on what happens in due course.

For more information about the topics of Office 365 Groups and Sensitivity Labels, look no further than the comprehensive coverage in the Office 365 for IT Pros eBook. We really get this stuff!

New Priority Field Set to “Medium” for Existing Planner Tasks

Office 365 Notification MC189277 (August 30) told us that Planner had added a priority field for tasks. The change has been rolling out since and turned up in the Office 365 for IT Pros tenant over the weekend.

I think it’s fair commentary to say that most people expected Planner to make this change a long time ago. After all, Planner has been part of Office 365 since 2016. Despite many upgrades since to add essential features like guest access, support for multiple plans within an Office 365 Group (or team), and some moderately better graphs, no one within the Planner development group ever imagined that it’s natural for people to assign different priorities to items, or perhaps they didn’t want to add a priority field because it closed the functionality gap a little between Planner and Project. Well, now that inexplicable lack of a priority field is closed and we can all rest easy.

Four Priorities for Planner

The priority field accepts four values: Urgent, Important, Medium, and Low. The default priority assigned to new tasks is Medium (Figure 1) as is also the case for tasks created previously.

You don’t get the chance to set a priority for a new task when creating tasks through the default Group by Bucket view, so if you want to change the priority, you’ll have to open the task and update it.

Group by Priority

But then you discover the new Group by Priority view, which arranges tasks in priority order and sorts the tasks in descending due date within priority (Figure 2). Now it’s easy to create new tasks with the appropriate priority by clicking the + (plus sign) at the top of each column. You can also change a task’s priority by dragging it from one priority column to another. It’s a really nice and easy way to organize tasks that I think will be very popular with Planner users.

Client Support

The Group by Priority view is available in the browser client and Teams. The priority field is not yet visible in the Planner mobile client, so the Group by Priority view isn’t available there either.

Planner doesn’t support PowerShell, so you can’t update Planner items with a script. You can use the Graph to access Planner, but an update will be needed before the Planner API supports priority.

Need more information about using Planner? Look no further than the insightful and interesting coverage of the topic presented in the Office 365 for IT Pros eBook!

Teams Now Tells You About Planner Task Assignments

In an update posted to the Microsoft Technical Community on May 15, Microsoft announced that Teams running in enterprise and education tenants now creates notifications in user activity feeds for Planner task assignments. According to Microsoft, the new feature is available from May 16 (it works in my tenant). There’s no word when this feature might be available in Office 365 sovereign clouds.

Notifications Only for Integrated Plans

Notifications appear when people are assigned tasks using the Planner browser interface, the Planner mobile app, the SharePoint web part for Planner, or when a plan is integrated in Teams via a channel tab. The last point is important because a plan must be integrated with Teams before Planner knows that it needs to generate notifications. Adding a plan to a tab also adds the Planner bot, and it is the bot that posts messages to assignees. Teams treats the messages from the Planner bot like new messages from any other personal chat and flags them to the activity feed, which is how the notifications arrive. And like any other personal chat, the messages sent by the Planner bot also appear under Chats. Figure 1 shows notifications in both the activity feed and chat pane. The list of notifications in the Planner chat is a convenient way to make sure that you don’t miss an assigned task.

Notifications show up in the mobile clients too. Figure 2 shows two Planner notifications in the activity feed in a Teams for iOS client. The Planner bot is a little more obvious in this client as you see the offer to “chat with Planner.” Clicking this link brings you to the set of chats received from the Planner bot. If you click a Planner notification, the link brings you to the task in the Planner app (assuming it is installed on the device). I haven’t tested what happens when the Planner app is unavailable but assume that the link opens Planner in a browser.

Each notification includes the name of the assigned task, the person who assigned the task, the name of the plan, and a link to open Planner in the channel tab. Marking a task complete in Planner doesn’t remove a notification.

Notification Settings

Notifications only show up in Teams if an assignee’s Planner settings allow them (Figure 3). A small but important point…

Learn more about Planner in Chapter 15 of the Office 365 for IT Pros eBook. How to integrate Planner in a Teams channel tab is covered in Chapter 13.

Synchronize My Tasks from Planner to To-Do

Promised for Q2 CY19 in Office 365 Roadmap item 48624, the integration between Planner and To-Do is now rolling out (the option showed up in version 1.56.3 for the browser interface). The integration promises users can view, edit, and complete Planner tasks from To-Do, and that’s exactly what happens.

To enable To-Do to connect to Planner, set the Tasks from Planner slider in To-Do settings (Figure 1). Alternatively, accept the invitation to track tasks assigned to you in Planner that should appear in the lower left-hand corner of To-Do.

One-Way Traffic

The integration is one-way: Tasks assigned to a user in all plans in a tenant appearing in that user’s My Tasks list in Planner are synchronized to To-Do where they appear in the Assigned to Me list. All assigned tasks from all plans are synchronized, which means that the initial step to bring the tasks into To-Do can take a little time if, like me, you have hundreds of assigned tasks. Eventually, the synchronization completes and you can work with the Planner tasks (Figure 2).

To-Do does a good job of presenting Planner tasks in its interface. Some differences in nomenclature are obvious: Planner’s checklist for a task becomes steps in To-Do while a task description are shown as notes. Users probably won’t notice this because all they’re interested in is being able to work with tasks as if they were native To-Do items.

Some Compromises in Functionality

All integrations come with some compromises. In this case, you can work with tasks to:

• Change the completion date for a task.
• Mark a task as completed or mark a completed task as incomplete (but not mark a task as in-progress).
• Add checklist items.
• Update the task description.
• Hide completed tasks.

To-Do synchronizes any updates back to Planner where they appear almost immediately. On the downside, you can’t use To-Do to:

• Change the assignee(s) for a task.
• Add an attachment (file or link).
• Change the tab for a task.
• Create new tasks.

If you need to perform these actions, click the Open in Planner link to open the task using the Planner app.

Planner in To-Do Mobile

To see Planner tasks in the To-Do mobile clients, you need version 1.56 of that app (Figure 3). The mobile app seems to be a little smoother than the browser client, which sometimes pauses slightly when moving from task to task.

Remember that you can also synchronize Planner tasks with Outlook. However, that integration is not as slick or easy to use as the To-Do integration is.

Planner is covered in Chapter 15 of the Office 365 for IT Pros eBook.

Saving Time by Copying Plans

Yesterday, Microsoft announced that the option to copy a plan is now available in Planner. Copying an existing plan solves the problem where many similar projects exist in an organization, all of which have the same basic structure and need. The idea is that you can save some time by creating a template of a plan for these projects and then copy the plan as each new project spins up.

Copying a Plan

The Copy plan option is available in the ellipsis menu when a plan is open or when viewed through the Planner hub. In either case, when you copy a plan, Planner:

• Creates a new Office 365 group to host the new plan. By default, the display name of the new group is “Copy of” and the display name of the source plan. You can override this and compose a different display name before you copy the plan (or afterwards). The group description and photo are not copied.
• Copies the bucket structure, label assignments, and the tasks (including descriptions and checklists) to the new plan.
• Sets the person who copies the plan as the plan owner
• Sets the group privacy and classification settings to those selected in the copy dialog

What’s Not Copied to the New Plan

Copying a plan creates a new plan based on the source plan’s structure. Apart from task names, the copy does not include any metadata. The following information is not copied from the source plan:

• Task assignments, due dates, and progress (all tasks are marked “Not started”).
• Attachments and links.
• Comments (stored as conversations in the group inbox).

Copying even a very complex plan (like the one used to organize the writing of the Office 365 for IT Pros eBook) is very fast. Once Planner finishes, some work is necessary to clean-up the copied plan by updating the group description, adding a photo, and removing unwanted buckets and tasks. You can then get to the heart of the plan by updating task descriptions, setting due dates, and assigning tasks to people.

Restrictions on Who Can Copy a Plan

You can only copy a new plan to a new group and cannot copy a plan within the same group. Microsoft says that this feature is coming along with the ability to copy a plan within Teams.

Although the choice to copy a plan is revealed to all users, only those allowed to create new Office 365 groups can create new plans (and groups) in this manner. If you have a groups creation policy in place, anyone who isn’t allowed by that policy will see an error message if they try to copy a plan.

Planner is covered in Chapter 15 of the Office 365 for IT Pros eBook. We’ve just updated our content to reflect the new copy option. It’s just what we do to keep abreast of the changes that happen daily inside Office 365.

Planner For the G-Plans

On January 8, Microsoft announced that Planner, the task management app built on top of Office 365 Groups, is now available in the U.S. Government cloud (GCC). GCC is a special version of Office 365 where the software running in dedicated datacenters is tailored to meet the needs and standards demanded by U.S. federal and state government agencies. Planner is immediately available to GCC and GCC High tenants and will be available to DoD (Department of Defense) tenants “soon.”

Planner Progress Since 2015

Planner first appeared as an Office 365 app in September 2015. Its progress since has been slower than anticipated (at least by end users). Some useful changes happened in the last year, including web part support for SharePoint pages, support for guest user access, some new charts, and the ability to synchronize Planner tasks with an Outlook calendar. a Planner mobile app is also available.

Not Yet Equivalent to Commercial

Although Planner is available in GCC now, the version of the software is different to that running in Office 365 commercial regions. This is because Planner integrates with other Office 365 components and each integration must be certified before it can be used. The three integrations called out by Microsoft are:

• Teams (add Planner as a tab and personal app)
• Exchange (email notifications of task assignments and progress).
• SharePoint (include a plan in a page through a web part and as a full-page app).

According to Microsoft, the missing features will be available later in 2019. There’s no word whether the Planner mobile app will work inside GCC until the app is fully updated.

For more information on Planner, read Chapter 15 of the Office 365 for IT Pros eBook (Chapter 13 on Teams has some material on the integration between Teams and Planner too).

To Backup Or Not To Backup

I’ve noticed several backup vendors become very excited by the Microsoft Shared Responsibility model for cloud services (Figure 1), mostly because the belief exists that the model supports the need for backups. I’m not sure that this is the case. Like any generic model, interpretations vary with circumstances and it’s impossible to say that the model always applies in all circumstances.

Microsoft Service Agreements and Backups

Another Microsoft document often advanced in support for backups is the Services Agreement for Online Services. While undoubtedly true that the agreement mentions backups three times, two are in the context of closing an account and the need to copy data before closure. The other mention says, “We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.” At first glance, that sounds conclusive. And then you realize that the recommendation is for Microsoft consumer online services like Outlook.com and OneDrive.com. We therefore conclude that Microsoft recommends consumers to backup their data, which is reasonable advice.

Challenges in Microsoft 365 for Backup Products

The equivalent service agreement document governing Microsoft 365 doesn’t mention backup at all. I think several reasons exist why this is so.

• Microsoft 365 applications include features like Exchange Online native data protection to ensure that data loss does not occur. Some other features, like retention policies and labels, depend on having appropriate licenses (Office 365 E3 and above), and can be used to ensure that important data cannot be removed.
• Although APIs exist to backup some Microsoft 365 apps, the APIs were never created to underpin cloud backup and recovery. For instance, Microsoft created Exchange Web Services (EWS) for programmatic access to mailbox data. EWS was never intended to stream large quantities of mailbox data across the internet.
• Even worse, backup APIs do not exist for the newer cloud-only services like Teams, Planner, Yammer, and Stream. Microsoft can’t recommend backups when no possibility exists to take backups. Some vendors attempt to workaround the lack of APIs by copying compliance records from Exchange Online. This is acceptable if you recognize that the records are incomplete and cannot be restored.
• Backup products often focus on workloads, like Exchange Online or SharePoint Online. This is old-school thinking firmly rooted in the world of on-premises deployments where workload-specific processing is the norm. In the cloud, apps intermingle in a way which doesn’t happen on-premises. This creates a difficulty in restoring data. To achieve a complete point-in-time restore for Teams, for instance, the restore process might have to deal with Teams channel conversations, chats, configuration data, SharePoint Online and OneDrive for Business documents, whiteboards, calendars, attendance reports for meetings, meeting notes, approvals, and a bunch of data belonging to first and third-party apps. Teams is the most complex of any Microsoft 365 app to backup in terms of the web of connections it uses, but it does illustrate the problem faced for restore operations.
• Given the amount of data generated by Microsoft 365 organizations, I wonder if it is possible to restore more than a few accounts should a problem occur. The value from a backup is often best seen in granular recovery operations when you need to restore just a few documents or a couple of mailboxes. Once numbers scale up, the sheer amount of data which needs to be restored creates a real challenge.

Of course, backup vendors do not acquaint potential customers with these inconvenient facts. Instead, too much focus is given to the potential dire consequences of something like a cyberattack (which has happened to Microsoft 365 tenants) without exploring the methods to resist attacks, like enabling multi-factor authentication for all users.

Not Against Backups

I am not against organizations subscribing to third-party backup solutions to protect their Microsoft 365 data. Backups have their place and can be very valuable if you understand the situation and can leverage backup technology to solve a problem for your company. Any considered decision which takes all the facts into account before settling on a course of action is goodness.

What I am against is the lack of honesty which often happens in conversations around the need for backup of Microsoft 365 data. Too much FUD, like the rogue administrator who removes a bunch of data, is used to create the case for backups. It would be better if backup ISVs argued their case based on fact rather than fear. I live in hope.

Last Updated: 2 April 2021

The topic of backups is covered in more detail in the Office 365 for IT Pros eBook. We like to think we take a pragmatic and sensible approach to the topic.

No Azure AD Account Necessary

Today, if you invite someone with a Google account to join an application that supports Azure B2B Collaboration (like Teams, Office 365 Groups, or Planner), that person ends up with a guest user account in your tenant’s Azure Active Directory.

In the future, that guest account won’t be needed because Microsoft is enabling federation for Google accounts. The feature is now in preview and works for accounts with a Gmail.com address. What it means is that Azure AD will recognize the credentials belonging to Gmail.com accounts when their owners try to access applications in your tenant.

Apps Might Still Need Guest User Accounts

It’s early days yet and the documentation is naturally sparse because it focuses on getting federation going with Google and doesn’t get into the details of how this might apply to applications like Teams and Office 365 Groups. My guess is that guest user accounts might still be needed for applications that depend on memberships, but we shall see in time.

For more information on Office 365 Groups, see Chapter 11 in Office 365 for IT Pros. Azure B2B Collaboration and how invitations result in guest user accounts is covered in Chapter 12, while Teams is in Chapter 13 and Planner in Chapter 15.