5/14/2018
1
Accessible content is available upon request.
Driving Operational Governance for SharePoint, Office 365 and the cloudMiguel Caron, AvePoint Solution Engineer
@itechmig
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Agenda
Setting the Stage
• Understanding IT Governance
• Operational Governance of Office 365
Digging In
• Reviewing Teams and Groups for Office 365
• Common collaboration strategies for O365
Balancing collaboration and control
• What should I be thinking about “governing”
• What tooling does Microsoft Provide for
this?
• What else should I be thinking about
• Right-sizing your O365 Governance
Approach
Operational Governance
5/14/2018
2
What is Operational Governance?
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
What is IT Governance?
• A formal framework to ensure
IT investments support business
objectives
• Sparked by enactment of laws and
regulations in the late 1990’s early
2000’s (GLBA, Sarbanes Oxley etc.)
• Should be measurable and trackable
https://www.cio.com/article/2438931/governance/governanceit-governance-definition-and-solutions.html
5/14/2018
3
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Some “principles of operational governance”…
Measures and controls must be adjusted according to the level of risk.
https://www.ibm.com/developerworks/rational/library/may07/cantor_sanders/index.html
The Risk Principle
The Suitability Principle
The Behavior Principle
The Deployment Principle
The Automation Principle
The needs of the organization determine how the level and style of
governance will be tailored.
The governance solution drives the organizational behavior.
The governance solution must be implemented incrementally.
Technology makes the governance solution empowering and unobtrusive.
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
An “ITSM” industry has grown out of IT Governance objectives…
Many of our customers use industry standard
“frameworks” to guide their IT Governance initiatives
• To measure the maturity and effectiveness of
their operations
• To guide service design and management
• Many organizations use tools and applications to
support these objectives
5/14/2018
4
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Where does the pressure come from?
i.e. GDPR, SOX, Sec 508, Bill 198, etc.
Need for governance is driven from internal and external forces
Processes carries out by
the larger organization
External Standards
Government Regulations
i.e. eDiscovery and records management processes, audit
standards, chargeback models, etc.
i.e. ITIL, ISO, etc.
https://www.ibm.com/developerworks/rational/library/may07/cantor_sanders/index.html
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Common concepts in IT Governance frameworks
Service catalog
Change Mgmt “Topology” reportingMetrics
Automation
5/14/2018
5
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Where do SharePoint & Office 365 fit in an IT Governance model?
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Benefits of well governed SharePoint/Office 365 implementations…
Administrative efficiency
Accurate cataloging & monitoring of adoption, usage and governance attributes for collaboration workspaces
Provable compliance with internal and external policies and regulatory requirements
Repeatable and consistent service delivery
5/14/2018
6
Digging In
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
What exactly is a Group?
At its core, an
Office 365 Group is simply a
collection of people.(Think of it as an upgraded distribution list.)
5/14/2018
7
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
It comes with a workspace…
Communication method
File storage
Everyday project management
Central note-taking
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
BUT! There are 3 types
And it depends on how you want to communicate
Social FeedEmail Chat
5/14/2018
8
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
TeamsYammerOutlook
BUT! There are 3 types
And it depends on how you want to communicate
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
What does it mean in the back end?
Planner “Outlook
“Team”
“Team”
“Team”
“Yammer
Connected”
Group”
X
X
X X=
=
=
5/14/2018
9
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
icsh.pt/O365groups
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Outlook Group
• ”Archive” important emails in the
Group inbox
• Make use of the best “shared
calendar” experience in Office
• Shared files at your fingertips
• Add tabs to integrate third-party
apps (see left)
5/14/2018
10
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Yammer Feed
• Perfect for loose communication
• Files saved to SharePoint
• Polling/surveys
• Great with external users
• Way more coming in the future
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Files in Yammer can be confusing…
5/14/2018
11
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
But where does the “Upload” go?
It’s NOT in
SharePoint…
It’s in YAMMER!
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Teams Team…s
• Bring chat, files, tasks, & third-party
apps into one interface
• File sharing with no learning curve
• Native apps on all platforms
• Connect with bots
• Guest access is improving
5/14/2018
12
Balancing Collaboration and Control
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
How they are
requested, approved
and created
For collaborative workspaces, customers want to govern:
Common “service delivery” concerns for Office 365 & SharePoint
Provisioning
How availability,
compliance and
changes over time are
managed
Management
Retention, expiration
and disposal
Lifecycle
5/14/2018
13
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
How they are
requested, approved
and created
For collaborative workspaces, customers want to govern:
Common “service delivery” concerns for Office 365 & SharePoint
Provisioning
How availability,
compliance and
changes over time are
managed
Management
Retention, expiration
and disposal
Lifecycle
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Considerations…
• Sprawl
• Duplication
• Appropriateness
• Convention
• Cataloging
How Sites/
Teams/Groups
get created
1.
5/14/2018
14
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
You CAN limit who can create Groups
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Private or Public- BE CAREFUL!
5/14/2018
15
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
“Hiding” members or Groups
C
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
You have a littlecontrol of the self-service Group request form
5/14/2018
16
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Group “Classification”- pt1
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
“AzureADDirectorySetting” TemplateNo settings objects by default
Use Group.Unified templatehttps://docs.microsoft.com/en-us/azure/active-directory/active-directory-accessmanagement-groups-settings-cmdlets
5/14/2018
17
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Need more? AvePoint Provides…
PROVISIONING
Repeatable &
Consistent
Admin
Efficiency
Catalog
Governance Attributes
Provable
Compliance
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Cloud Governance• Provisioning services for Sites, Groups,
MS Teams, Lists, Libraries
• Collect owner, metadata, classification
and business importance
• Approval and logging of requests
• Orchestrated application of other
AvePoint solutions (i.e. Cloud
Management)
Deployment Manager• Deployment of “business templates” or
“patterns” (content and customizations)
• Deploy, update and track where patterns
are deployed
Policy Enforcer• Apply proactive monitoring/enforcement
of permissions and configuration policies
What does AvePoint offer for managed provisioning?
5/14/2018
18
How they are
requested, approved
and created
For collaborative workspaces, customers want to govern:
Common “service delivery” concerns for Office 365 & SharePoint
Provisioning
How availability,
compliance and
changes over time are
managed
Management
Retention, expiration
and disposal
Lifecycle
Considerations…
• Monitor for Group Usage and Adoption
• Ensure users aren’t doing what they shouldn’t
• Quota enforcement
Ongoing
Operations
2.
5/14/2018
19
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Monitoring for adoption and usage
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Using the Groups Reports
5/14/2018
20
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Detailed audit reporting available
Great detail
▪ User activity
▪ Admin activity
▪ Across most O365
services
Non-admins allowed
▪ Set permissions in Sec &
Compliance ctr
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Need more? AvePoint Provides…
ONGOING MANAGEMENT & COMPLIANCE
Repeatable &
Consistent
Admin
Efficiency
Catalog
Governance Attributes
Provable
Compliance
5/14/2018
21
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Cloud Backup for O365
• Granular backup/recovery O365
sites, groups, EXO, Project Online,
Dynamics 365, Salesforce
• Own your own backup data
• Unlimited retention and scope
DocAve Backup
• Full farm protection with granular
recovery for SharePoint 2010, 2013,
2016, SharePoint Online for hybrid
Policy Enforcer
• Proactive monitoring/enforcement of
permissions and configuration policies
Report Center
• Publishable reports for permission
changes and user activity for
consumption by data owners
Cloud Governance
• Site/Group/Team settings and
membership change requests
• Auditable and automated
recertification of classification/
metadata and ownership
• Cataloging of all workspaces mapped
to department/division/purpose/
importance
Compliance Guardian
• Ensure content lives where it
belongs and prevent exposure of
sensitive information
• Apply appropriate controls to
sensitive information (redact/encrypt,
quarantine, etc.)
• Rich reporting for PII/PHI and sensitive
content across many data repositories
• Incident management workflow for
detected violations
How does AvePoint enable ongoing management and compliance?
How they are
requested, approved
and created
For collaborative workspaces, customers want to govern:
Common “service delivery” concerns forOffice 365 & SharePoint
Provisioning
How availability,
compliance and
changes over time are
managed
Management
Retention, expiration
and disposal
Lifecycle
5/14/2018
22
Considerations…
• How do I know when a Site/Team/Group should be expired?
• How do I get rid of it “safely”
• How do I make sure information management policies are enforced?
2.
Lifecycle of
Collaboration
Workspaces
3.
“Classifying” Sites and Groups- pt2
Can be applied to Sites and GroupsSet at “container’ level where Labels are at item level for docs and emails
Currently requires application via PowerShellPowerShell used by an admin to create and apply classifications
Can be selected by user if self-service site collection provisioning is enabled in SharePoint
Microsoft signaling same for O365 Groups in future
Does not drive any action currentlyCurrently no impact on retention or expiration
5/14/2018
23
Understanding “Labels” in O365
They are created centrally and “published”Sets of labels can be published to O365 Groups, Outlook and SharePoint
They can be applied to Docs and Emails onlyYou don’t “label” an entire mailbox, Site or GroupOnly one label can be applied per item
Can be auto-applied or manually appliedOptions for “auto-apply” are based on DLP rules or keyword matchingAuto-applied labels require E5 license
Can be just tags or can also enforce retentionRetention can be based off date created, modified or label declarationCan be used for declaration of records
“Soft Delete” allows whole-hog recovery of deleted O365 Groups
5/14/2018
24
Group expiration is coming… HERE!
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Need more? AvePoint Provides…
RETENTION, EXPIRATION, & DISPOSAL
Repeatable &
Consistent
Admin
Efficiency
Provable
Compliance
5/14/2018
25
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Cloud Governance• Lifecycle triggers for detecting when Groups,
Teams and Sites are no longer relevant
• Formal “renewal” processes for data owners to
request continued access
• Flexible end-of-life workflows and actions for sites,
groups and Teams
AvePoint Records/Cloud Records(formerly RevIM)
• Centralized definition of classification and
taxonomy (“terms”) for documents and items
• Records Manager reports for term usage, expired
content and destruction/disposal
• Retention/expiration criteria for documents and items
based on complex business rules
• Flexible archiving, export and disposal options for
compliance with various records-management
approaches (VERS, NARA*, Autonomy, SharePoint
Records Center, etc.)
Compliance Guardian• Automated classification of documents and items
based on content
How does AvePoint enable information lifecycle management?
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Example: “Right-sizing” governance for O365
Membership recertification ⚫
Group team site access recertification⚫
Recertification tracking and reporting ⚫
Business stakeholder tracking without elevated privilege ⚫
Restrict business users as owners ⚫
Post-provisioning custom actions ⚫
Naming convention (Multiple) ⚫
Metadata for tracking and reporting ⚫
Mandated memberships ⚫
Mandate public/private ⚫
Blocked word list for naming ⚫$*⚫*
Business, legal or other configurable approval rings for expiration, deletion and extension ⚫
Inactivity trigger for expiration ⚫
Granular archiving of group/team site, mailbox and documents ⚫*
Approval for creation requests ⚫
Mandate public/private ⚫
Restrict creation to specificusers ⚫$
⚫
Naming convention (per tenant) ⚫$
Apply O365 classification during creation⚫$
⚫$
Managed process with approval for owner/member change ⚫
Managed process with approval for settings change⚫
Granular backup/restore and of group and content with unlimited RPO ⚫
Dynamic membership ⚫$*⚫
Configurable expiration workflow ⚫
Inactivity and lease end datereporting ⚫
Classification drives group/team retention ⚫$
⚫
Classification drives doc retention ⚫$⚫
Lease expiration ⚫$*⚫
Native self-service creation ⚫
Disable creation ⚫
Owners manually configure membership and ownership changes ⚫
Owners delete group and all resources whenever they want ⚫
Fully
Govern
ed
Lightly
Govern
ed
Un-
Govern
ed
What to govern
Leve
l of
go
vern
ance
* = planned⚫ AvePoint feature$= Requires AAD Premium⚫ O365 feature
Provisioning Ongoing management Expiration and EOL
5/14/2018
26
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Extensibility and integration are the key…
Connecting AvePoint’s functionality to broader IT governance approaches
Low-code
scriptable actions
Custom Actions
Programmatic solutions
for integration
APIs
No-code integration
with other systems
Product Integration
Gracias
Merci
5/14/2018
27
www.AvePoint.com
[email protected] | +1 800.661.6588 Miguel Caron, AvePoint Solution Engineer@itechmig