Important MyWorkDrive Office Online changes effective July 28th

What is changing

Effective July 28th customers without an upgrade patch will no longer be able to edit Office files online using Microsoft Office 365 in the browser or mobile apps with their Office 365 accounts using the existing connection built into MyWorkDrive, which enables automatically saving changes back to their local file shares.

What will continue to work without upgrading

  1. Editing of Office files in local office through the browser is not affected.  The MyWorkDrive Web client supports editing in local office for desktop users on Windows and macOS.  This permits users to edit documents accessed via the web client from locally installed office applications.
  2. Editing of Office files in local office through the MyWorkDrive mapped drive clients  is not affected.
  3. Office Online Local Server – Customers may also continue to run their own Office Online Server locally to provide editing capabilities in the browser without local office installed.
  4. Download to OneDrive through the browser is not affected.
  5. Editing/saving files using iOS files provider via the MyWorkDrive mobile app

Server Upgrade Required by July 28th

For those customers who utilize the Office 365 Online Editing option we have developed an upgrade patch.  The upgrade will need to be installed by July 28th when the old method will be removed by Microsoft.  We have developed 2 new options for editing documents in Office Online while saving them back to MyWorkDrive file shares using the Microsoft Graph API.   The new workflows utilize either the company’s OneDrive for Business accounts or a dedicated SharePoint site to enable Online Editing.  Full details are provided in our support articles here:

Both of these options provide the same workflow as we implemented previously except that instead of using Microsoft’s shared Office Online Editor cache, it now uses either on your own organizational SharePoint Online Site or the User’s OneDrive for Business internal organization account.

From a user perspective the workflow looks nearly identical:

We have released a patch to Version 6.0 that you can apply to your production servers here.

6.0.2 Patch Download

Register or Login, then click to Download from Portal menu

Download

As part of the upgrade if we notice your server is currently using our Office 365 Online editing option we will automatically switch it to our new default option – OneDrive Office Online Cache Editing experience.   The Server update requires .NET framework 4.7.2. You will be prompted to install it automatically as part of the upgrade patch as needed (Server 2019 already include .Net framework 4.7.2).

After the upgrade is complete, please review the Server Settings – Office Online Edit to add and approve your Office Tenant ID.  Additionally you may also choose one of the alternative options (SharePoint or Local Office Online Server).

When using either our SharePoint or OneDrive Office Online editing options, we recommend all customers approve and restrict which allowed Azure AD Tenant ID’s are enabled for Office Online Editing.  The Allowed Tenant ID option provides 2 capabilities:

  1. Approval of the Azure AD Application for use by all users in the organization.
  2. Restricting login to the Application to only users with OneDrive accounts in the internal organization.

After Entering the Tenant ID click Approve. Login with a global administrator with rights on your Azure AD to approve applications for your organization.

Comparison Grid:

A comparison grid of the Office file online editing options is available on our support site here. We will continually update this article with changes as our work progresses. Customers may refer to this article for ongoing changes.

Office Online Editing Server Settings Overview:

We created this short video here that walks through the changes, Server settings and comparison between SharePoint or OneDrive Office Online editing.

Setup Assistance:

If you need assistance with planning or performing your server upgrade feel free to email us questions or feedback, support@myworkdrive.com

Coming Soon: 6.1.1

Only Office

We have prototyped editing of Office files using open sourced based Only Office Docs Server. With this option customers will have the ability to run their own Only Office Docs server that provides the same browser based editing functionality as Office Online without the need for Office 365 licenses.  We expect to preview release this option along with updates to 6.1 currently in preview by July 31st.

SharePoint Service Mode

The SharePoint Office Online Editing Service Mode option works by temporarily copying the file to be edited using the Azure Graph API running as an AAD Application Service with permissions to a dedicated SharePoint Online site.  A file lock is placed on the file on-premises, monitored for edits and coedits and finally, removed once editing is completed from the SharePoint Site.  Unlike our OneDrive option the SharePoint Editing option centralizes temporary files to a single site instead of placing them on each user’s OneDrive folder and does not require any user permissions on the SharePoint site.

With the SharePoint Office Editing option customers will need to specify a SharePoint Site to store temporary documents and secure it with permissions to only the SharePoint Site Owners and the dedicated Azure AD Application.   By locking it down to only SharePoint Site Owners and their own Azure AD App registration, administrators are ensuring the highest level of security.

Numerous other enhancements and fixes – Release notes are here.

 

6.1.1 Preview Download

Register or Login to Download from Portal

Download

Frequently Asked Questions

What are the advantages of using our own Azure AD App Registration instead of using the MyWorkDrive Azure AD App?

To work with the users files our Azure AD App needs permissions through the MS Graph API to view/edit users files and read their information in OneDrive or SharePoint. While this is locked down in MyWorkDrive to only use the user’s session to access it and locked down customer or MyWorkDrive uniquely assigned URL’s, some customers may want to only grant these permissions to an Azure AD App that they manage and control.

Note that even with the shared MyWorkDrive Azure AD App registration we do provide the option to allow customers to set it to only be accessed for their server to their locked down tenant ID’s.

The shared MyWorkDrive Azure AD App also has the advantage that it gets and maintains its configuration automatically. If customers use their own azure ad app registration it will need to be maintained and the app secret will need to be regenerated at least every 2 years.

What options do I have for editing office files online with MyWorkDrive?

If you want to be able to edit office files online in a web browser using MyWorkDrive, you have 4 options:

1. Office Online Server – you can run and license your own Office Online Server
2. You can use our Azure Graph API integration where we put the file to the user’s OneDrive during editing
2. You can use our Azure Graph API integration where we put the file to a dedicated locked down SharePoint Online site during editing
3. Only Office – you can run and license your own Only Office Server

Why would I choose SharePoint over OneDrive?

OneDrive is easier as it requires no site to be setup in SharePoint Online and it works with no configuration needed. This is the default option when enabling Office Online editing using MyWorkDrive.

SharePoint is more suitable for larger companies. With a dedicated SharePoint online site, it has the advantage of allowing external sharing to be disabled at the site level (with OneDrive external sharing can only be disabled at the Organizational level).

The SharePoint dedicated site option also has the advantage of a centralized recycle bin and file store so that in the event of a file needing to be restored or cleaned out automatically that can be performed by the site owner or using Power Automate scripting type tools.

Unlike our OneDrive option the SharePoint Editing option centralizes temporary files to a single site instead of placing them on each user’s OneDrive folder and does not require any user permissions on the SharePoint site.  By locking it down to only SharePoint Site Owners and their own Azure AD App registration, administrators are ensuring the highest level of security.

I am worried about user’s downloading, sharing files to OneDrive – how can we limit that?

If the user has been granted download permissions in MyWorkDrive there is nothing preventing them from downloading files to other programs, their desktop or OneDrive. Our Office Online Editing does not grant more permissions than they already have – it simply automates that process while performing housekeeping functions after the user completes their editing to place the file back on the company file share and remove it from the user’s OneDrive account.

If customers wish to prevent file downloading or external sharing, we recommend they investigate enabling our Data Leak Prevention option by Share, Group or User within each MyWorkDrive Share. With our DLP option files can be restricted for view only access with watermarks while preventing clipboard access, download or printing.