Box.com to SharePoint migrations & O365 improvements

Box.com Tenant to SPO Tenant migrations:  Mover has been bought by MS and allows moving files from Box.com, drop box and others into SharePoint (it's going to be free).

• Fast Track has a tool that can do Box.com migrations, but the Mover tool is a great option.  
• Mover allows for incremental update, permissions are roughly copied.  
• File versions are not copied, only the latest file.  
• Look out for file size and file types in the source.  
• Look out for file names, 0365 has restrictions on special chars, and Mover shall remove them from the destination file name e.g. *,/<>.:
• Original Box.com timestamps are kept
• I didn't need to move custom properties from Box into SharePoint metadata and I can't see this functionality (I did read the ProvenTeq do metadata migrations)
• A scan of the source data and a spike/PoC is a good idea to know what limitation you shall face.
• Mover is a good starting place for the technology to migrate from Box onto SharePoint Online.
• ProvenTeq have a Box.com to SharePoint migration tool - I haven't used it.
• MigrationWiz can migrate from Box.com to SharePoint (I've never used it).  
• Use "Box embedded widget" to access Box content from inside SharePoint.
• Custom code for migrations: Box.com and SharePoint REST have great API's but you'll need to manage the throttling, changes/updates and permissions yourself.  Use a tool unless there is no suitable tool.  
• The same common sense approach as outlined a few years ago for Lotus Notes to SharePoint on-prem. migration is essential.

Key SharePoint online limitations have been increased namely:

• 500k site collections per tenant is raised to 2 million SC/tenant
• SharePoint Online & OD4F file upload max size increased to 100GB max size

Sensitivity Labels: AIP, DRP, Teams, unified labeling experience across O365.  Sensitivity labels will be added to document added using an O365 E5 licence for the import from Box.com. 

• Sensitivity labels work with teams now!  
• Private channel are now available.
• Sensitivity labels therefore allow for governance and protecting your teams and team channels.

OD4B: Allows external upload only permissions.  Really useful as the number of large clients that still only support SFTP/SSH or worst FTP to share files.  Very quick low risk locked down way of getting files from clients and partners.

O365 tenant to tenant migrations: There seems to be a lot happening in this area but right not it's use the tools and Fast track.

Plus Addressing in Exchange Online: Exchange online offer Plus Address.  Allows you to signup to newsletters and you can identify if you email address is sold on.  e.g paul@radimaging.co.uk, i will get the email for paulnews365@radimaging.co.uk, if it is sold on, you know where news365.com have sold on my details.
https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/18612754-support-for-dynamic-email-aliases-in-office-36

Troubleshooting Box.com programmatic access

This post is loosely connected to:
Using Box.com Programatically (JWT)
Using Box.com Programatically (Part2)

Troubleshooting:
Box has a brilliant Connectivity Test Tool

Error: System Error: System.AggregateException
System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) as System.Threading.Tasks.Task'1.GetResultCore(Boolean waitCompletionNotification)
Initial Hypothesis:  As my Box programmatic access was working on 1 machine but not on a VM at my client i suspected it was a difference in the environment or network connectivity.
Resolution:  I added System.Threading dlls, it did not fix the issue as i assumed it was GAC on my machine but on on the server.  No effect.
Resolution:  Check traffic using Fiddler and could see URL were not reachable/returning data.  Use the Box.com Connectivity Test tool and I could see multiple outbound https/443 URL were being blocked by the corporate firewalls.

Error:  Error Message: System.AggregateException
 Stact Trace:    at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
   at System.Threading.Tasks.Task`1.get_Result()
Initial Hypothesis:  This happened after the networking was corrected and from a machine on the Internet, so the issue is not networking.  I was not pushing the config.json file out to my bin directory, so the upload of a file was using an expired JWT.
Resolution:  The message did not give me a good inclining into the issue.  My output directory e.g. /bin folder was not getting updated with the config.json file.  I copied the correct JWT/config.json file and the error is resolved.

Error: Error Message : System.IO.IOException : based64 data appears to be truncated
Resolution:  Check the config.json file, my file got corrupted.

Error: Error Message : invalid_client
The client credentials are invalid.
Resolution:  The config.json was to a trial tenant that I previously has setup, get the correct config.json file.

Error: Error Message: invalid_grant
 Stact Trace: Signature verification error. The public key identified by "kid" must correspond to the private key used for signing.
Resolution: The Box admin team had revoked the JWT, a new config.json file was generated and fixed the issue.

Using Box.com Programmaticly - Part 2

Also see: Part 1 post on Using Box.com and Troubleshooting Box.com programmatic access.

Overview:  The last post outlines programmatic access box.  This post shall do the same but use the JWT approach that does not expire the access token.

Steps:

1. Setup the JWT
2. Retrieve the config.json file
3. Program out access as shown below using the .NET SDK for Box.com:

        private static BoxClient GetAuthenticatedClient()
        {
            try
            {
                IBoxConfig config = null;
                using (FileStream fs = new FileStream(ConfigSettings.ConfigFilePath, FileMode.Open))
                {
                    config = BoxConfig.CreateFromJsonFile(fs);
                }
                var jwt = new BoxJWTAuth(config);
                var userToken = jwt.UserToken(ConfigSettings.UserId);
                return jwt.UserClient(userToken, ConfigSettings.UserId);
            }
            catch (Exception ex)
            {
                Utilities.WriteLog("GetAuthenticatedClient", ex.Message, ex.StackTrace);
            }
            return null;
        }

var fr = new BoxFolderRequest                {
            Name = FolderName,
            Description = "Created through code",
            Parent = new BoxRequestEntity { Id = "6665556661"}

            };   // Specify the new folder details
BoxClient = GetAuthenticatedClient();
var folder = BoxClient.FoldersManager.CreateAsync(fr, null).Result;  // Create a new folder

Alternatively create the JWT by hand and don't use the SDK's:

Simple C# SDK example using a JWT

The below image outlines the Developer console settings I used to get Box.com SDK working for C#

Tip:  Ensure the App has been shared with the folder you are working on, unless your app has enterprise rights, then it's work anyway.

To see the email adress of the app, you can use the following URL: https://paulbeck.app.box.com/app-api/enduserapp/contacts

Using Box.com Pragmatically

Overview:  In the SaaS Document Management space Box.com is a competitor to SharePoint Online.  A medium size client request recently came into integrate with a client and deliver files into Box.com, as it is something I have not done before I was eager to see how easy it is.

Requirement:

1. I merely need to create folders within the clients tenant if needed and drop files into specific folders from a scheduled job that runs every 5 minutes.  
2. Box.com has API similar to SharePoint CSOM to pragmatically work with your Box tenant.   
3. Box.com functionality is specific to Documents so the API is really small and easy to learn.
4. There are multiple ways to pragmatically authenticate to you Box.com tenant, PoC keeps it simple.  Actual must use JWT for the connecting service account.

Implementation Details:
Box.com has several was to problematically connect and to test the API's.  For my PoC I used the Developer Token approach.  We should switch this over to the JWT OAuth approach but for the PoC and working with the API's I used the Developer Token approach.

1. Once you tenant is setup and you have configured your client, set the developer Token that last for 1 hrs as shown in the screen above.
2. Create a new C# console and add the Box C# SDK reference as shown below.

3. You will need to add the Developer Token, Client Secret and ClientId in order to programtically connect from the console.  Below is my app.config.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <startup> 
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />
    </startup>
  <appSettings>
    <add key="ClientId" value="f9y555fiqwqcbv555lst88dmzbxzqa7n"/>
    <add key="ClientSecret" value="CoTT555U7oN555wKF555aPYz5555"/>
    <add key="DeveloperToken" value="TjxJh555ivvW555EE555NTerb555"/>
  </appSettings>
4. Connect to your tenant using Box.com's API's/ SDK

5. Run the Console and the console looks as follows:

6. Code the file upload logic:

Final Thoughts:

• Overall I think Box.com is a good option if you don't already have O365.  It's pretty expensive for a small feature set but it is a valid option for clients.
• The search indexing is ridiculously slow so very hard to build search based solutions using the API.
• Microsoft Flow has connectors for Box.com before developing, check if Flow can meet your migration, moving requirement.

Part 2 of using Box.com programmatically, I discuss using JWT for access.
Troubleshooting Box.com issues