SharePoint Document Management – Facts about versioning

Main selling point

Versioning has always been one of the main selling points for SharePoint Document Management. At least, that’s what I always use as an, there are more of course, argument for storing documents in SharePoint instead of file shares. While I was preparing my presentation about Best Practices: Document Management in SharePoint 2013 for SharePoint Connections Amsterdam 2013, I started to wonder if versioning worked as well as I thought it did. Let’s take a closer look.

New versions

When are new versions actually created in SharePoint? A new version is created when you:

  1. Upload a new document
  2. Upload document with the same name
  3. Change the properties of the document
  4. Open, edit or save the document

Upload a new document

The first version is created when I upload a new document into a SharePoint document library:

Upload document with the same name

What happens if I upload the same document again? The following pop-up appears:
Yes, I am sure! So I click on Replace it:
The document is now version 0.2.

Change the properties of the document

Let’s change the name of document:
This also results in a new version:
Please be careful! Even without actually changing the properties but clicking on Save results in a new version.

Open, edit or save the document

This one makes sense of course so after I open the document in the browser and edit some text a new version is created:


What about co-authoring? Working together with multiple people in the document, how does this impact the versioning? This is the official answer from Microsoft:

“During co-authoring of a document, when a different user begins working on the document or when a user clicks save to upload changes to the library. The default time period for creating new versions during co-authoring is 30 minutes, but an administrator can change that setting.”
I actually tried this in my Microsoft Office 365 demo tenant but without success. After staying in the document, with multiple users, for over 30 minutes no new versions were created. Unfortunately I cannot test this in an on-premises SharePoint site.

Does it work?

To be honest, that really depends on your situation and business requirements. Let’s take a look at my work situation:
I write project proposals together with a technical specialist, project manager and account manager. I create the proposal and for me its now version 0.1. After I am done, this can take multiple days, I create version 0.2 and hand the document over to the technical specialist. He or she writes her part of the proposal and turns it into 0.3 before handing it over to the project manager. After the project manager and the account manager are done, the proposal is at 0.5 and can be send to the customer as version 1.0.
This doesn’t work with SharePoint versioning because SharePoint keeps creating versions after I continue working the next day and after I close and reopen the document. You can have more control with versions. You have to work with check-in and check-out. The only downside is that it disables co-authoring.
Please really take a look at your or your customers, or your own, requirements around versioning to see if SharePoint versioning works.

Time to patch your Office 2013/Pro Plus: ms13-104

The token security issue reported in May 2013 (Read the full story on, that Office Pro Plus could be tricked in sending out it’s token for Office 365 while talking to a malicious site. Through that mechanism users tokens could be collected and be used for easy access to the users data, mailbox, …

The resolution is finally released as a part of the automatic updates of Windows/Office. You can download the patch on if you only want to deploy this one.

I urge you to install it as soon as possible.

Read also Paul Robichaux’ blog post about the topic:

The influence of Activating SharePoint Server Publishing Infrastructure on Security Trimmed Navigation

Security and Navigation, it’s something we need to be really careful with. it’s really frustrating seeing navigation items where you don’t have access to and it’s even more annoying to not see your navigation even though you have access to the library or to one of the items in it. According to the technet article giving access to an item is a SharePoint Library for a certain user will result in the assignment of Limited Access on the top levels to

“is to allow enough access to the object hierarchically above the uniquely permissioned item so that the Object Model (OM), master pages, and navigation can display when the user attempts to navigate to the item. Without the Limited Access permissions at the parent scopes, the user wouldn’t be able to successfully browse to or open the item that has unique permissions.”

This results in:

IIustrates object hierarchy for a document library, in which all objects but one inherit their scope from their parents.


IIustrates how the hierarchical depth of scopes can affect the amount of work required to add Limited Access users to parent scopes.

Let me transform this into a Real Case Scenario:

We have a Document Library Finance where only the CFO and his team have access to. In the current navigation (left side menu) only the CFO and his team will see the Document Library Finance. Every other employee will not see it since they don’t have access to the Library or to any document in that Library.

One document Expenses.xlsx must be editable for every user since they have to add their expenses in that spreadsheet. So the CFO assigns everyone with Contribute rights. As mentioned in the technet article everyone will receive Limited Access rights on the Library. In SharePoint 2013 limited access rights are not shown in the Permission Overview to avoid any confusion like we had in SharePoint 2010. So Far So Good, everyone can see the library Finance.

Since we want to incorporate some publishing features like Master Pages, Page Layouts, … we need to activate SharePoint Server Publishing Infrastructure. At that exact moment the library Finance disappears from the Current Navigation. It is only visible to the CFO and his team. The document Expenses.xlsx is only available through a direct link or when used by the WebPart/AppPart Finance. 

Deactivating the feature doesn’t rollback the damage. So Be Very Careful. Since it occurs in SP On Premises & Online I doubt it that it’s a bug but a change/feature/opportunity in the platform. In my humble opinion a bad one. I’m still hoping it’s a bug. I’m also hoping pigs can fly and hell freezes over, …

I’ve made a screen cast of a similar process which you can find on YouTube : ..

Resources/Room mailboxes, automatically decline meeting if there is a conflict

When we create a room mailbox, we can define if the room uses delegates or does an auto accept when possible. We can define a basic setting during the creating of the room mailbox. Do to define a resource mailbox, go to Admin > Exchange > Recipients > Resources  and click on the +


When we edit the Room mailbox we have more settings.


But there is one little caveat. In this scenario every conflict will result in a Tentative instead of a Rejected meeting. The reason for this behavior is a little parameter called: AllRequestOutOfPolicy. By default this parameter is true. This effectively treats all conflicts as “Out Of Policy” and requires delegate approval for the meeting to be scheduled. This causes the “Tentative” email response.

You can only change this by using PowerShell.

Set-CalendarProcessing “Name of Room” -AllRequestOutOfPolicy $False

This sets it to false and automatically sends a declined email to the meeting requestor for all “Out of Policy” Meeting requests, which includes conflicts.

SharePoint Designer Workflow Move Document with Rest API

One of the things that are missing in SharePoint Designer is an action to Move a document from one location to another. There are a lot of awesome articles out there to get started with SPD and Rest API’s. I personally had a lot of Fabian Williams his posts. .. Paolo Prialorsi has a WSP with a custom move action:

I wanted it to do with REST to check out the possibilities. Workflows run under the credentials & user permissions of the one who initiates the request. So if we want to run the the workflow using different rights we need to use a App Step. Read more on:

In my case I need to call {currentWebUri}/_api/web/lists/GetById(guid'{ListId}’)/Items({sourceItemID})/File/MoveTo(newUrl='{targetFolder}’,flags=’1′) .

When I translate this to SPD I’ll get:


A REST API Call has also a Request Header. This we need to fill up with the necessary parameters. To see what your parameters need to be, use fiddler to simulate your Rest API Call. I urge you to check Fabian’s blog for detailed information about how to do this. In my case I need one parameter Accept. If I want to provide this to my Rest API Call, I need to add it to a Dictionary.


When we combine these things together we’ve got:


If you move the file/item that this workflow was running on outside it’s document library/list, the workflow will become disassociated. The workflow will keep on being in a running state but it will have no document/item that it can attach to.

Manage your retention policy

In the previous tip we talked about how to use your archive mailbox, using the retention and archiving tips. But not every business has the same needs, not every company is using the same retention & archiving time, …

So in some point in time we want to customize or even make our own retention & archive policy. Some basics: a retention policy consists of or or multiple retention tags. A user gets a retention policy assigned to him or her.

Step 1 Create your own Retention Tag

Go to Admin > Exchange > Compliance Management > Retention Tags

When we create a new tag we have to chose if that tag is going to be assigned automatically to the entire mailbox, a default folder or you can also decide to let the end user decide.

Screen Shot 2013-12-29 at 17.08.04

In this example we create a Personal assignable Retention Tag: 6 months move to Archive.

Screen Shot 2013-12-29 at 17.13.02

Step 2: Add Retention Tag to Retention Policy

Edit the Retention Policy.

Screen Shot 2013-12-29 at 17.17.55

Click on + and select the retention tag we just created, followed by a click on Add

Screen Shot 2013-12-29 at 17.18.32

Click on Save to make it final. Now you can use this new retention tag in your archiving strategy.


If you’ve created a new policy, you need to assign this to the users. Go to recipients, open the user you want to give the new retention policy and assign the new policy.

Screen Shot 2013-12-29 at 17.21.24


How to use the archiving mailbox?

One of the features of Exchange Online within Office 365 I like a lot is the use of the archiving mailbox. I see still people using pst’s for archiving. Well in this post I’m going to show how interesting the archiving mailbox actually is.

When we have a “ordinary” mailbox this will look like this in Outlook.


The first thing we need to do is active our archive mailbox. Out of the box your archive mailbox is not activated. We’ll do that in our Exchange Admin …


When we open Outlook again (you might want to wait a few minutes) you’ll see that a new mailbox has been attached to your outlook profile. You’ll have the same experience in Outlook Web App


We’ll see that we don’t have a button to assign retention policies yet. The reason for that behavior is that a specific Exchange Job ManagedFolderAssistant hasn’t run yet. And it is configured to process all mailboxes in a work cycle (7 days). If we want to accelerate this process we need to use PowerShell. I need to run Start-ManagedFolderAssistant –Identity<mailbox>

After running this cmdlet we’ll see this button:


Depending on what you select. A Mailbox, a folder or a mail you’ll get different options. You can use the Assign Policy button to set different policies.

You’ll have to differentiate between Retention Tags & Archiving Tags. The first keeps the mails for X amount of time and will delete (with the option to recovery) afterwards. The last will move the mail to the online archive.

A few advantages of the online archive:

  1. It will available in every Outlook Profile where that mailbox is attached in
  2. It will be available in Outlook Web Access
  3. It will take the folder structure of the Active Mailbox and reproduce it in the Archive Mailbox so you’ll have the same folder structure.

What with our pst’s?

You can import them into your archive.


One additional tip: if you want the archiving/retention policy to deal with your “old” mails and you don’t want to wait for 7 days, you might want to run this cmdlet again: Start-ManagedFolderAssistant –Identity<mailbox>

Hybrid Configuration with Multiple SMTP Domains

A colleague of mine at Catapult Systems, Michael Rinner, recently sent out the below information to our team. This is a great new feature that prevents the need for many Autodiscover Certs and configurations.

I would like to share something I learned. I am currently doing a Hybrid configuration between Exchange 2010 SP3 and Exchange Online with approximately 50 SMTP domains. Previously, the hybrid configuration required an autodiscover record for each domain and a SAN certificate with autodiscover for each domain. Exchange 2013 and Exchange 2010 SP3 RU1 or later introduced an autodiscover domain feature. The autodiscover domain feature tells Exchange to use the autodiscover settings of the primary smtp domain for all domains.

To make it work with the hybrid configuration wizard (HCW) do the following:

  1. Run the HCW with just the primary smtp domain and make sure it completes without any issues.
  2. Open the Exchange Management Shell from the hybrid server and run the following command.
    1. Set-hybridconfiguration –domains,,, (NOTE the autod) (Do not use quotes)
  3. Run the HCW again with all the domains populated.
  4. Then do a get-hybridconfiguration | fl and you should all the domains populated with the autod also.