Afraid of data breach? Locking everything may not be the answer.

“Cloud first, mobile first” and the news of data breach becoming routine, company owners are more and more sceptical when realising that what we call their “digital company assets” could be available by external users in just one click. I am often asked this question by my clients, “can I lock it down so that nobody can share externally?”. So I thought it was worth a bit of braindump from my experience.

The answer may not be the simplistic one of locking everything down and opt for the ivory-tower policy!

Turning off all external sharing for users may be a short answer to a problem of trust. But they will need to share with external partners, customers so.. trust me ;-) they will find other ways to share, and then it will be even more disastrous if that data is duplicated outside the business’ environment and gets into the wrong hands.
What happens when a child if forbidden to play with fire without being taught the reasons? He will burn himself with something else!
Some 4 years ago, I recall speaking at a SharePoint conference and we were already predicting to customers that in the next decade what we call “end-users” will not be just users but “data agents”. With the reinforcement of the personal data protection in Europe this year, every business owner without exception should now be aware that these new users even have a specific title: data processor or data controller.

Trust vs. training.

Users can make mistakes, they are human! But (unless deliberate mischiefing) they cannot be blamed if they have not been trained on how to use the tools that are available for doing their work.
You mean sit in a training room?!

Training can take several forms

Training nowadays is not just the classic day long listening to a trainer explaining a tool where 70% of it do not apply to the user’s work. It can be a classroom training but can also take different form:
  • workshop activity to define what the user’s tasks are and can be with the tool
  • brainstorming on what a tool is for and what not
  • group demonstration
  • one on one remote screen sharing by the “IT Guy”
  • and my favourite: – have a “Power user” (the champion who has used the tool a lot in the business), to organise breakfast or lunchtime sessions showing how they use the features and warn about pitfalls.
All these activities need to be suggested, if not coordinated within the deployment plan of the tool, otherwise they may not happen at all.

What to do for sharing the right way?

  • Let your users share, but restrict what can be shared
  • Publish clear rules for sharing and how to report when it goes wrong (ie. part of the organisation’s data governance)
  • Train staff on how to share and what to share
  • Define the governance in detail, apply it but also have the power to action it when it is not respected
  • Examples of automated rules include:
    • enforce an expiration time to all sharing
    • allow sharing to only certain domains
    • allow sharing to only certain IP addresses
    • allow sharing of only some sites and not others
  • And finally, review reports on sharing regularly!
Office 365 has some great features to configure and monitor sharing, for instance using activity alerts when a permissions has been loosened but I am more in favour for using a third party tool such as ShareGate. At Paperblade, we talk to business owners on how to make the most of current technologies at the lowest cost and in the most secure, reliable and responsible manner. Governance and sharing policies is a integral part of it.

What do you think?

My views are not set in stone and I do not believe that there is only one correct way, so please comment below or speak me to bounce an idea or start a debate.

Left navigation intranet is so last year!


I have always been a defender of using the “OOB” Out Of the Box tool of a product before it comes to adding some custom code to it. However, let’s be honest, for years SharePoint was not great at it when only using out-of-the-box features. I even gave a talk in the past where we discussed how to gain the love back from users.

Image result for sharepoint team siteIn the SharePoint world, “Team site” was the default layout for any SharePoint Intranet for years, and still are. Left navigation being super boring, especially when more than 15 links and scrolling 2 meters down the page! So most companies ended to customise their site so much that the next version of SharePoint meant to do it all again.

But with the latest SharePoint modern sites and pages, it’s sleek, minimalist,  MODERNSITE.pngclean and .. well, not clunky anymore! SharePoint owners are now super excited to use them as their intranet pages.

There is just one problem:

we haven’t been told how to use these as the “top level page” of an intranet. The first page that user will see when they click on the SharePoint homepage:

Thanks to this blog article by Jimmy Hang and reading the comments, I have summarised how to do so. And I can confirm to have repeated the steps in 3 different tenants, therefore, no, Microsoft did not remove the ability to use these “workarounds.”

  1. Delete Top Site

    the top site collection of SharePoint already exists (as a boring team site), go to SharePoint admin and delete it (if empty ;-).

  2. Recreate top site collection without selecting a template

    Do not select any template, use the option “Custom / select template later”


  3. Create a modern communication site anywhere

    Create a new site from the new SharePoint Admin Center or from the “SharePoint” site list, if this option is not disabled for your tenant.


  4. Enable to run custom scripts on self-service sites on your tenant

    Preferably from PowerShell for quasi-immediate effect.

    Connect-SPOService -Url -credential
    Set-SPOSite -Identity -DenyAddAndCustomizePages 0
  5. Save this communication site as a template

    Adding /_layouts/15/savetmpl.aspx after the site URL

  6. Open top site collection

    When prompted for a template, upload the template file to solutions, activated it.

  7. Create the site using that template

  8. job done!

But remember, if Microsoft decides to change only one small parameter in the root site or the template, it may break, so don’t do it in a live environment.

Using Nintex Connection Manager with SharePoint Administrator privileges


A couple of months ago Nintex released the Connection Manager for SharePoint Online which -finally- gives a much awaiting supported feature for using elevated permissions in a Nintex Workflow, previously we always used some workaround but the super user’s credentials had to be passed to the workflow unencrypted (example here).

It all looked fine in principle but my action kept returning an “unauthorised” error after I converted it to that new connection manager.

createsitecol.pngThe action that was failing on was “Create Site Collection”, and it was simply because the new connection I created had rights at List/Library level, Site Level and Site Collection Level, but in my case I needed that permission to apply at Tenant level (higher than all site collection: just like a SharePoint Administrator).

The Nintex connection manager documentation definitely mentioned using it for action Create Site Connection but clearly, it was a fail.

Since I knew that Microsoft would not let a third party tool like Nintex have its settings page on their Central Admin, I sensed that it would be tricky to create the new connection manager at tenant level, so where would that be done?

After a couple of interaction with Nintex support and escalation to product developers, we found out that to tell the connection that to apply the permission to the tenant you had to specify the URL of the SharePoint site to be the Central Admin site, hence just adding -admin to the URL is enough. Since Nintex connection can exist in any site or site collection, setting a tenant-wide connection can be done anywhere too.



The documentation is now reflecting this



Thanks, Nintex for this precision.


A digitally organised business starts from finance

To run a small business should not take longer than running your own client’s projects, otherwise, there is a problem somewhere!

The stress of the solopreneur

I am referring here to the dreadful end fo the month that so many business owners fear and are stressed about because they have to produce their invoices. tim-gouw-68319

Why are they stressed?

  • because they often have to work for clients (“working in their business”) and at the same time they need to collate the services and products they worked on into a justifiable note to each client.
  • this task should be a piece of cake!

An accounting portal to remove that stress

It has been years that I use an online accounting portal and a mobile app where I input each time I work on a task. At the end of each month, I just have to log in to my portal and generate an invoice for each client. All the tasks for that project and client are automatically added to the invoice, regardless of how many staff is adding timesheet for that project. Done!

A platform, workflow and ecosystem to improve daily tasks are what I enjoy to bring to my clients and therefore I applied it to my personal productivity and business for years.


We use a few other Apps around to connect everything together and make reporting on work we have done while we walk in the park.

Two examples:

  • Our expenses are all recorded in Xpenditure so that very little input is entered manually (automatic OCR of receipts), an approval takes place and then send the expenses to our accounting portal.
  • Our holiday is entered via a SharePoint form and workflow approval

Not every portal is the right one for your business

Until this month I was using FreeAgent as it was included in the fees of my accountant. I really liked it for quasi 4 years, the usability is great, but after a while, I found the connexion to other  SAAS (Software as a Service) and add-ons were a bit limited, especially when the competition is providing so much extensibility and connectivity. My business activity increase also meant that we need advanced reporting and budgeting that FreeAgent doesn’t really provide.

So of I went and looked at a new portal. The world is talking about Xero so I had to check it out. I created a trial login, imported some contacts, add the first invoice and create some employees. timesheet xero

It is only when I tested the timesheet submission that I was shocked to see that there is currently no way to create a timesheet per client and project.




It seems that Timesheets in Xero is only a way for employees to be paid for their time (a sort of clocking system then!?) but no ability to add any notion of a project and forget about subsequent reporting on how much this project invoices as opposed to that other.


A bit of googling taught me that Xero has been working on a “project” extension and will roll it out in 2018, but really… if this is not the heart of your system then I am out of the picture.

Quickbook timesheet

My new accountant was advising me to go for QuickBooks and maybe because I wasn’t convinced of his technical ability to compare two packages I was doubting it, but having use QuickBooks trial for a few days, the bank feeds are easier to setup, and especially for my business: I can register all my staff and contractors to the timesheet, create projects and tasks and generate an invoice automatically again.

The timesheet input is clear and staff have to select which client for that task

As always with a lot of software package and SAAS in the market, the one that makes the most noise may not be the “best one” for your requirements since the notion “best” is relative. Xero might the best accounting portal for a business owner of a construction company because they have fix price on an end to end project, or a hairdresser shop, but not so best for a man-hour business services company like mine.

Nice to have the confirmation once again that comparing feature-to-feature and using a product in real life scenario is the “best” way to make a decision.

Note: this blog post is not endorsed by any of the portals I mentioned here and as always the views and opinions are personal.


How to create two Shared Mailboxes with Same Alias at Different Domains in Office 365 


Who would guess that some simple features in any email system including exchange on-prem can become a problem in Office 365, using the web UI.

Thanks to this blog article, I was able to find a solution to my requirement: have one email an, both managed by Office 365.

—>  Create Shared Mailboxes with Same Alias at Different Domains in Office 365 | Cogmotive Reports Blog

Work can be so much better than “work”


A few months ago, I was training a client in Nintex and since we got to be on a friendly level I asked him how his work and and career prospective was pleasing him, he just said “well you know, work is work“. I was enraged! What the hell does it mean?! What’s the point of going to work if you don’t enjoy it a tiny bit ?!

He disliked most of what he did before the training subject I was giving him was only a small part of his daily tasks.  Granted, he also told me that he was only a few years to taking his retirement leave. 

This morning as I was leaving a new client’s meeting I reflected on this comment from the past, it has been haunting me for while because I wished not to ever be in that mindset. 

I am the lucky one, I love what I do because I take pride on explaining things to people, explaining how to can make their working day better. 

My best reward is when I see a smile on a user who suddenly realised how much time they will be able to save by using a better tool, how their job may change after their department site goes live, or a company director who can finally access his employees’s documents while travelling. 

I am a solution finder, I like to take a different perspective of a problem and consider an alternative view that may solve where others got stuck. I am no better than others, I just step back and reflect why we are trying to achieve that thing and it may come. 

As the years past it is never impossible that I think like that user and just wake daily for the only sake of reaching retirement day, but even if I had 20 days left to that, I certainly hope that I will make them to good use and get that smile of people’s face. 

Make everyday worth living for or something needs to change in that life. 

How I automate my business


I used to have difficulties to explain to a friend or family member what I do. That “I develop sites, forms and workflows to help businesses perform better”. Sounds rather dull and evasive, right? Be honest! ;-)

Nowadays, workflows are not the privilege of only corporations, but small businesses too and certainly any individual, for their own benefit: avoid doing repetitive tasks.

And therefore, when I explain what I do, I now tend to say something like:

I make systems that help you to be more organised, with the tools you already have or didn’t know you could use.

Yes, we are talking either your computer, smartphone, activity tracker or even home light switches.
Depending on the tool used, the term ‘workflow’ is substituted with “rule“, “recipe“, “applet“, “process” or “flow“.

So, the quote “Workflow for Everyone” that Nintex used a few years back is moreover true today, and across a wider range of services. With Nintex Workflow Cloud, IFTTT, Zapier, Microsoft Flow, Fujitsu RunMyProcess and others, there are dozens of ways to automate your daily tasks, here are a few of the ones I use to automate the admin side of my work.

PRODUCTIVITY ENHANCEMENT (or “personal workflows”)


As a consultant, I may work on different projects and clients in a single week and cannot always pause to report on which I have been working on at the end of each. I use an online accounting portal that my accountant have full access to and each time I finish a work item I input the times in the mobile app, even for a 30 min task. At the end of each month, an invoice is automatically generated for each project that has hours spent, and the portal will send it to my client as a PDF, including an automatic reminder for late payment.
When a PaperBlade crew member claims an expense, they can use the mobile app to scan the receipt and enter the amount and description.  If it was related to a project it will automatically be added to the client invoice.
freeagentMobileAgent iPhone app for FreeAgent


Unlikbank-feedse a personal bank account, having a business means that every bank transaction is accountable for. After years of uploading statements to my accounting portal, I switched to one of the banks that can automatically and securely feed the transactions into my portal. This way I can reconcile and explain the operations from my mobile phone.
Click here to find which bank provides feed in the UK.


Although SharePoint can do great things to improve productivity, its collaboration at item-level is not yet the best for small businesses. We needed a way to write a task, i.e. “create new site” and a developer to be able to ask any questions regarding that task, have the response in the task history, and move the task to the next stage until “done”. So we went for Asana.
I have setup these automatisms:
– “when new project created, create a new task in accounting portal”
– “when new item in Asana project [Support], create a new ticket in support portal”
– “when new user is added to Asana, create a new contact in Office 365”


At PaperBlade we are proud to maintain a close relationship with our clients and it is important that they are kept up to date with our news. We run an opt-in mailing list with a link to unsubscribe easily.

– Each time a new contact is being created in our CRM a new entry is also created in our marketing list, using a Zap.
– When I add a new contact to Office 365 Outlook a new entry is added to the mailing list,
– Each time a contact is added to our accounting portal a new contact is added to MailChimp.


I use two workplaces around London when not at clients, and one of them is limited to a number of hours per month on an honesty principle. I did not want to not know if I was over the hours and no way that I was going to remember or write down how many hours I have each month, so I used a simple workflow to log an entry each time I enter the location and each time I exit. It is then easy to have a repeated formula to total each hours per month.
IFTTT has an iOS App that can be triggered on a Geolocation, and write to a spreadsheet the time. The battery consumption isn’t too bad and I have used it for 8 months already.

Unfortunately, IFTTT does not offer to write directly into a SharePoint list or Excel Online but it would be quite easy to extend this using CSOM.


Last but not least, if only one FLOW should be used, is to automatically save all attachments received in Inbox to your OneDrive.

I hope for these tips to be useful to more people to automate their year in 2017, and I will post some more “personal” ones soon, from activity tracking (without a smart watch), sleep analysis to a few home automation that I use.

Please comment below with your own automatisms.

And Happy Productive Year to everyone!