Yammer is a collaboration tool integrated with Office 365. It is formatted in a feed-style layout, with content arranged under topics (called Groups), and enables users to post updates, files, pictures, polls, and announcements as well as acknowledgements (praise) for others. Yammer is accessed by the Office 365 tile, shown in Figure 20-1, or by browsing to http://www.yammer.com and signing in with your Office 365 credentials.
Yammer’s security and collaboration boundary is known as a network. From a subscription perspective, networks can be either stand-alone (basic) or Enterprise (integrated with Office 365 as part of an Office 365 subscription). From a configuration perspective, networks can be internal (corporate network or domains registered to the network) or external.
Before setting up your Yammer environment, familiarize yourself with the terminology, administrative roles, authentication methods, and the user interface elements and ways to add users to the environment.
To design and structure a Yammer environment, you should understand the basic components that make up a Yammer deployment.
At some point, you might wish to delegate certain levels of administration to various users in the organization. Yammer has three types of admin roles: group admins, network admins, and verified admins.
Group admins can only administer certain options of groups for which they are delegated admin access or for groups that they have created (and own). Network admins have all the rights of group admins, but only for public groups, plus the ability to configure some organization-level settings. Verified admins can administer any group.
Office 365 global admins with a user principal name (UPN) that matches a domain configured in Yammer inherit the Yammer Verified Admin role. For group administrative tasks, group admins can perform any of the listed tasks for their respective groups, and network admins can perform any of the tasks listed for public groups and networks for which they have been granted the network admin role. Table 20-1 lists the rights associated with roles.
Right |
Group admin |
Network admin |
Verified admin |
Configure network settings, features, and applications |
X |
X |
|
Set network design, including logo and color scheme |
X |
X |
|
Create Usage policy and require all users to accept it |
X |
X |
|
Configure defaults for users who log on in the future |
X |
X |
|
Configure user profile fields |
X |
X |
|
Invite anyone, including outside guests |
X |
X |
|
X |
X |
||
Delete any message |
X |
X |
X |
Post announcements |
X |
X |
X |
Grant and revoke network admin privileges |
X |
X |
|
Grant and revoke verified admin privileges |
X |
||
Remove or block any user |
X |
X |
X |
Manage user account activity |
X |
||
Perform integrations (such as for Microsoft SharePoint, Active Directory Sync) |
X |
||
Monitor keywords |
X |
||
Set data retention policy |
X |
||
Export data |
X |
||
Read messages in any private group |
X |
||
Configure security settings |
X |
||
Monitor private content in Yammer |
X |
||
Upload an image for a group |
X |
X |
X |
Set a group name |
X |
X |
X |
Set a group description |
X |
X |
X |
Add to a group or remove members from a group |
X |
X |
X |
Mark content official |
X |
X |
X |
Edit privacy of a group |
X |
X |
X |
Manage group membership options such as restricting membership |
X |
X |
X |
Deploying Yammer for your organization is straightforward. As soon as a verified admin logs on to Yammer the first time, the service is enabled. From that point forward, it is a matter of configuring it to fit your organization’s requirements.
The Yammer administration landing page opens in a new tab.
The Yammer Success page, shown in Figure 20-3, is the landing page for configuring Yammer and getting the most out of your subscription.
The following sections comprise the Yammer Success page.
To configure your Yammer network fully, you must complete each of the tasks in the Network section of the Admin Success page.
The Configuration section, as shown in Figure 20-4, enables you to configure basic settings for the network, including the network display name, the default message prompt when you compose a new message, and network domains.
The Network Name field controls how the network appears throughout the application, and the Message Prompt field denotes the initial text displayed in the text box area before a user begins typing a post.
Farther down the screen, you can manage email notification settings, as well as additional features enabled in the network, such as third-party applications, Org chart, and message translation.
Email Settings determines whether to require confirmation for posts made to a group through email.
The Yammer Org chart is built from the reporting relationships listed in a user’s profile. Clearing the Org Chart check box disables the building and display of the Org chart in the Yammer user interface.
Customizing the Office 365 Yammer portal is a way to extend your corporate branding image into Office 365. The Design screen gives you that option. Here, you can set a color theme as well as the masthead and logo to be displayed on Yammer pages.
You can select a header background color, a header text color (for the desktop app), the network logo, the masthead image, and an email logo. The recommended sizes for the images are as follows.
By default, the header text color is chosen automatically when you choose a background color to provide an optimal viewing experience. Yammer supports GIF, JPEG, or PNG images. Avoid images that have transparent portions.
The Admins screen enables you to create and manage admins in the Yammer network. To add a user as an admin, you either grant them Global Admin rights in the Office 365 portal (and the user will automatically be configured as a verified admin in the home network) or appoint them as an additional admin within the Yammer Admin Center.
In the following task sequence, you grant a user Network Admin privileges, elevate them to the Verified Admin level, revoke their Verified Admin level privileges (returning them to Network Admin), and finally, remove their administrative rights altogether.
Admin rights are granted in two ways—through inheritance by granting the Global Admin right in the Office 365 portal or by explicitly granting Network Admin or Verified Admin rights from the Admins screen in the Yammer Admin Center.
Yammer can have a mix of inherited and explicitly delegated admins. To make the admin tasks easier, the Change Status Of Office 365 Admins button appears in the Network Admins section. This button opens the Active Users screen in a new tab.
To add and remove admins, follow these steps.
At this point, the user is now a Network Admin. To elevate privileges to Verified Admin, click the Grant Verified Admin button.
There is no confirmation dialog box for this task.
The Yammer Usage Policy settings offer a way to inform the site’s users of the organization’s acceptable use policy. You can force users to accept the usage policy upon signup and after changes are made, as well as display a reminder of the usage policy in the sidebar.
To configure a usage policy, follow these steps.
External networks are collaborative areas where users can invite others who are not members of the organization with a verified email address domain. A business might create this type of network for customers or vendors; a school might create an external network for alumni or parents.
To restrict creation of external networks, follow these steps.
To create an external network, follow these steps.
After creating the network, the new network appears. You can now create groups and administer this network like your home network. To navigate back to your home network, click the gear icon and then select your network name.
To delete an external network, follow these steps.
If your organization acquires another organization with either a Yammer stand-alone network or enterprise network, you might want to consolidate networks. You can migrate one or more Yammer networks with their own email domains (a subsidiary network) into a Yammer Enterprise network. The network you migrate into is known as the parent network.
The subsidiary networks can be either stand-alone or enterprise, but the parent network must be enterprise activated.
In this example, depicted in Figure 20-11, Contoso is the parent network, and Fabrikam is the subsidiary network. Contoso has an Enterprise-activated Yammer network in its Office 365 subscription. Fabrikam has a stand-alone Yammer network not associated with an Office 365 subscription.
Post-migration, the Fabrikam users are relocated to the Contoso network, and the Fabrikam external network is reassigned to the Contoso network. See Figure 20-12.
The key factor is that although content from the subsidiary’s external networks remains available, content from the subsidiary’s internal network will not be.
Before you begin a network migration, be sure you understand the requirements, limitations, and what happens in the event of errors.
To migrate a Yammer network, follow these steps.
The last step of the migration recommends that you export your data, which you might want to do. Remember—you cannot import the data back into the parent Yammer network, nor can you go back to the subsidiary network after it has been migrated.
Click View Status Of Network Migrations to view the status of the migration that you initiated. The status lists the network, domains, and which Office 365 administrator initiated the migration. Clicking the Show Details button gives more details about the network, including active users, messages, and external networks.
Error Message |
Description |
Failed to migrate source network <name> |
The migration of the subsidiary network <network> to the parent network failed. |
Failed to migrate user <email address> |
The user account could not be migrated. Re-create the user in the parent network. |
Failed to migrate external network <name> |
The external network could not be migrated. The subsidiary network has been migrated. Contact support. |
Managing users in your Yammer network consists of inviting, removing, blocking, and updating tasks. In addition, you can gather statistics and control the fields that users can edit within their own user profiles.
Users can be added in a number of ways.
The most basic way to invite users to join your Yammer network is by inviting them. Only employees with a company email address can be invited by the Invite Users dialog box, as shown in Figure 20-17. Verified admins can import users in bulk from this dialog box by using an address book export created from an application such as Microsoft Outlook.
You can invite users individually by entering the user’s alias and domain on the Invite Users page. As an alternative, you might invite users from an export of your email application. You can use Outlook to create a CSV export for this purpose. To do this, follow these steps to create a CSV export from an Outlook address book.
With a CSV export file, you can import users through the Invite Users page in the Yammer Network Admin Center. To import them, follow these steps.
If you want to invite users who are not members of one of your verified domains, you can use the Invite Guest dialog box. Guest users (including active and pending users who have not yet responded to their invitation) are listed on the Guests page.
To invite guests, follow these steps.
Invited guests show up farther down the page, with either a pending or active status. See Figure 20-22.
At some point, it might become necessary to remove users from your Yammer network. You can remove users temporarily or permanently. After entering a name to delete, three options appear.
To remove or deactivate a user, follow these steps.
The text box automatically filters matching user names.
If you find that you need to reactivate a disabled user, you can do that from the Remove Users dialog box as well. To reactivate a user, follow these steps.
If, however, you want to delete a deactivated user permanently, simply click the Delete button in the Deactivated Users list.
Sometimes, it is necessary to track a user’s activity in a particular system. Yammer activity can be tracked through the Account Activity admin screen. You can perform session administration activities such as logging off individual user sessions on devices.
To log off an active user session, follow these steps.
It may be necessary or desirable to block certain accounts from joining the Yammer network. Users with a blocked email address cannot join the network. You might do this for email addresses of shared mailboxes.
A blocked user can only register after an admin removes their address from the blocked user list. To block users from signing up for Yammer, perform these steps.
After blocking users, they appear in the list of blocked users, as shown in Figure 20-25.
When a user with a blocked email address signs up using that address, they will be unable to complete the process.
Instead of being able to complete the signup process, they are just redirected to the same page and the Sign Up Free button changes to Retry.
Yammer users receive periodic emails from the service, such as post notifications, digest emails, and service or system announcements. When a user’s email address is disabled, the messages destined for their mailbox bounce, and the service records that as a bounced email address. Bounced emails might indicate users who have left the organization. You can view a list of users whose email addresses have returned non-delivery reports and deactivate them if necessary.
If your organization is just starting to deploy Yammer or is acquiring another organization or business unit, you might want to configure many users at once. Conversely, if your organization is going through a divestiture, you might wish to remove many users at once. The Bulk Update feature enables you not only to add or remove several users; it also performs updates and deactivations.
To use this feature, you must place your users in a CSV-formatted table and include a header with the following fields from left to right: Action, Email Address, Full Name, Job Title, Password, New Email.
Place one of the following values in the action column.
To bulk update users, prepare and upload a CSV as follows.
Action,Email Address,Full Name,Job Title,Password,New Email
The screen refreshes, showing you the status of the updates in progress. Clicking the Show Failures button gives you details about any errors. If any errors occur, correct the errors in the CSV and re-import.
Use this page to manage users imported with the Directory Sync function. Yammer DSync has been deprecated and replaced with Azure Active Directory Connect.
The Directory Integration page has three tabs. See Figure 20-27.
Configuring Directory Synchronization and authentication is discussed later in the chapter.
The Export Users dialog box enables you to export a CSV of users in the Yammer network. The fields exported include the User ID, Email Address, Name, Job Title, Location, and Joined On (date the user joined the Yammer network). To export users, follow these steps.
The Profile Fields dialog box enables you to customize the profile page where users can update their information. Profile fields are searchable by other users in the Yammer network. Select or clear check boxes to make the fields appear when a user edits their profile.
The Content and Security section of the Yammer Admin Center enables you to monitor and track potentially sensitive content, restrict access to content within certain IP ranges, configure password policies, route Yammer email notifications through your Exchange Online Transport Rules, and configure data retention policies.
It might be necessary to monitor posts for particular words or phrases. Your organization’s usage policy or internal security and compliance policies might have guidelines about posting certain types of sensitive content such as social security numbers, credit card numbers, or other personally identifiable information (PII). You can use the Monitor Keywords setting to generate notifications to an administrator whenever content matching certain patterns is posted.
The Monitor Keywords setting uses regular expressions to search posts for content. Regular expressions are entered one per line and might span multiple lines.
Only verified admins can modify the patterns in the Monitor Keywords dialog box. To configure monitoring, follow these steps.
If there is a problem with the formatting of your regular expression, you are notified and must correct it before the save commits your changes. You might want to copy the content to the Clipboard or Notepad before clicking Save so you have a copy of your edits.
Although the Yammer interface supports both plaintext matching and regular expressions, try to use regular expressions whenever possible to account for the highest level of potential matches.
Use the Security Settings page, shown in Figure 20-29, to configure IP address restrictions (such as allowing access to Yammer for your organization’s internal and VPN subnets), password policies (password change frequency as well as complexity settings), whether Yammer email delivery flows through your organization’s Office 365 tenant and is subject to its configured Exchange Transport Rules, and whether Office 365 Identity is enforced.
IP range restrictions can be put in place to limit access to the Yammer network. If your organization has restrictive network access requirements, you might need to administer this setting.
The following process will help you restrict access to corporate IP ranges.
If the network administrators supply you with a classless inter-domain routing (CIDR) network block such as 13.104.0.0/14, you must convert it to an IP range expressed as a starting IP and ending IP address (13.104.0.0–13.107.255.255). A number of online CIDR and subnet calculators can assist you in performing this task.
Password policies can be used to enforce certain standards for your users, such as minimum password length, complexity, change frequency, and emergency forcing of password changes.
Selecting the option to force all users to change passwords immediately requires all users to change their passwords upon their next logon, regardless of the password change frequency policy.
Password policy settings are not available for external networks.
To set password restriction policies, follow these steps.
No Requirements
Must Include Both Letters And Numbers
Must Include Letters, Numbers And Special Characters
Must Include Upper- And Lower-Case Letters, Numbers, And Special Characters
External Messaging controls whether Yammer network messages are routed through your organization’s Office 365 tenant. This option is not available for stand-alone or basic Yammer networks that are not part of an Office 365 subscription.
At any point in a conversation, an internal user can add an external user to a message thread by typing their email address in the Cc line.
When an external user participates in a Yammer conversation, they might receive notifications regarding replies to their post. Applying Exchange transport rules (ETRs) to Yammer messages helps protect the corporate IP by restricting the delivery of messages based on rules configured in Exchange Online Protection (EOP).
If Yammer is configured to use Exchange transport rules, it checks the message against the transport rules to see whether the message complies. If the message is found not to meet the transport rules, a notification is returned and the user cannot post the message with the external recipient added. See Figure 20-30.
Not all ETRs work with Yammer. Yammer uses only Exchange Online transport rules and cannot be configured to integrate with on-premises Exchange transport rules. To use on-premises transport rules, ensure that you have an activated Office 365 subscription and at least one Exchange Online license. You can then export the transport rules from your Exchange on-premises environment and import them into Exchange Online.
Yammer ignores rules with the following conditions and actions.
To configure external messaging options, follow these steps.
As your organization adopts Yammer as part of its enterprise social strategy, you might want to consider full integration with Office 365 Identity. Enforcing Office 365 Identity enables you to take advantage of a single identity source for your internal Yammer network.
With a Yammer stand-alone or Basic network or Yammer Enterprise with Yammer Identity, users are logged on with credentials in the Yammer network.
However, when Office 365 Identity Enforcement is selected for an enterprise network, only users with a valid Office 365 account can sign in. Users without a valid Office 365 Identity (either created manually or through directory synchronization) cannot log on to the Yammer network.
The authentication flow is shown in Figure 20-31.
If you are currently using Yammer Identity and want to begin using Office 365 Identity, communicate the impending change to your network. In addition, make sure all of your Yammer users are represented by an Office 365 identity. After you enable Office 365 Identity enforcement, any previously configured Yammer network user who does not have a corresponding Office 365 identity will be unable to log on.
One possible exercise would be to open the Export Users page in Yammer to generate a list of all configured users and compare it against a list of Office 365 identities. If you have more users in Yammer than identities in Office 365, create them in Office 365 (either manually or through directory synchronization) prior to making the switch.
Enabling Office 365 Identity Enforcement overrides any previously configured single sign-on configuration and, when enabled in Committed Enforcement mode, is not reversible because enabling Office 365 Identity also enables Connected Yammer Groups. Thus, an Office 365 group is created for every new Yammer group, giving users access to SharePoint, Planner, and Microsoft OneNote features connected to the Office 365 group. Reverting the identity enforcement change blocks Yammer Identity users from accessing the connected resources.
To enable Office 365 Identity Enforcement, you must be a global admin who has been synchronized to Yammer as a verified admin. Manually promoted verified admins and network admins cannot make this change.
When you are ready to make the change, the following steps enable Office 365 Identity in Yammer.
In addition, you can choose to force all your users to log out and then log back in using their Office 365 Identity.
The Enforce Office 365 Identity box is now selected, and an additional message appears below it. See Figure 20-34.
If you select the check box to block Office 365 users without a Yammer license, users will be able to authenticate but will not be able to use the service.
If for some reason you need to undo your Office 365 Identity configuration during the temporary enforcement period, you can revert the configuration by using the following process.
You might have a number of reasons to export your Yammer network’s content, such as manipulating it inside a business analytics tool, for archival purposes, a divestiture, or a network merger. In any event, you can achieve this by using the Export Data dialog box in the Yammer Admin Center. Only verified admins can export data from a Yammer network.
To export data from a Yammer network, follow these steps.
The Yammer Developer Center (https://developer.yammer.com) has sample scripts for both Linux and Microsoft Windows that can be used to export data on a scheduled basis.
The Yammer data retention policy focuses on how deleted content is handled. Two options are available.
Only verified admins can modify Data Retention settings. To configure the data retention policy, follow these steps.
If your organization has certain regulatory or eDiscovery compliance requirements, you might need to select Soft Delete so that the data is discoverable and exportable, even if it isn’t visible to users.
The Analytics view in the Yammer Admin Center does not have any exportable data. However, you can view a dashboard with graphs depicting engagement and client distribution. The Analytics page is shown in Figure 20-36.
As of December 1, 2016, Yammer DSync and Yammer SSO were deprecated for use with Office 365. Their features and functionality have been replaced with Azure AD Connect and Office 365 Identity.
Office 365 Identity for Yammer works in the same fashion as the identity scenarios for the rest of the Office 365 product suite.
More information about Azure Active Directory Connect (Azure AD Connect), Azure Active Directory synchronization, and federation is available starting in Chapter 2, “Preparing Your Environment for the Cloud.”
Yammer directory synchronization is configured when you set up Azure AD Connect.
<# .SYNOPSIS Compare Yammer User Export with Azure AD User list .PARAMETER Credential Standard PSCredential object for Office 365 Credential .PARAMETER IncludeAllYammerUserStates Include users in all Yammer activity states (active, soft_deleted, etc) .PARAMETER InputFile Yammer User Export file. Obtain from Network Admin | Export Users. .PARAMETER OutputFile Path to output file. .PARAMETER UseExistingConnection Use an existing Office 365 PowerShell session. .EXAMPLE .CompareYammertoAzureAD.ps1 -InputFile .YammerUsers.csv -OutputFile .YammerAzureADCompare.csv #> Param ( [System.Management.Automation.PSCredential]$Credential, [switch]$IncludeYammerInactiveUsers, [string]$InputFile, [string]$OutputFile = “.YammerAzureADCompare.csv“, [switch]$UseExistingConnection ) Import-Module MSOnline If (!($UseExistingConnection)) { Write-Host “Creating a new connection. Login with your Office 365 Global Admin Credentials...“ If (!($Credential)) { $Credential = Get-Credential } Connect-MsolService -Credential $Credential } If (!($InputFile)) { Write-Host -ForegroundColor Red “Input file not specified. Exiting.“ Break } # Import users from AAD Write-Host “Getting all Office 365 users from Azure AD. This can take a while...“ [array]$o365Users = Get-MsolUser -All | Select-Object UserPrincipalName, @{ Name = “PrimarySmtpAddress“; ' Expression = { ($_.ProxyAddresses -cmatch “SMTP:“).Substring(5) } } Write-Host “$($o365Users.Count) users in Azure AD.“ # Import users from Yammer User Export CSV Write-Host “Importing Yammer Users from $($InputFile)...“ If (!($IncludeYammerInactiveUsers)) { $State = “active” } Else { $State = “*” } [array]$YammerUsers = Import-Csv $InputFile | ? { $_.state -like $State } Write-Host “$($YammerUsers.Count) Active users in Yammer Export.“ # Add Yammer Users to Hash $YammerHash = @{} foreach ($obj in $YammerUsers) { $YammerHash[$obj.id] = $obj.Email } # Add AAD Users to Hash $o365UsersHash = @{} Foreach ($obj in $o365Users) { $o365UsersHash[$obj.UserPrincipalName] = $obj.PrimarySmtpAddress } # Figure out the difference $YammerUsersNotInAAD = $YammerHash.Values | Where-Object { $_ -notin $o365UsersHash.Values } # Save the file Write-Host -ForegroundColor Green “Writing the output csv file...“ $YammerUsersNotInAAD | Export-Csv $OutputFile -NoTypeInformation
In this chapter, you learned how to deploy and manage Yammer. Before deploying Yammer, develop a governance plan and determine whether the content retention policies and search tools available in the Yammer environment meet your organization’s requirements. With some of the advances in group collaboration, you can integrate Yammer successfully and make it part of your Office 365 social strategy.
13.59.154.190