This document provides an overview and summary of Microsoft Viva and how it addresses security, privacy and compliance. Key points include: 1. Viva has built-in security and compliance features like access controls, sensitivity labels and the ability to enable, disable or opt-out of specific tools. Data is stored in the EU and complies with GDPR. 2. Viva uses role-based access controls to determine what information users can see based on their role and permissions. 3. Privacy is maintained through data aggregation, differential privacy, and allowing individuals to choose what personal insights they see. 4. Governed data remains secure through controls like audiences, permissions, sensitivity labels, exclude lists and

1. BLETCHLEY PARK
2023
A Microsoft 365 Community
COLLABORATION CONFERENCE
Wednesday, 27th September 2023
Microsoft Viva Security and Privacy: How to
safeguard Your Employee Experience
Nikki Chapple |MVP M365 Apps & Services | MVP Security
Agenda
⬇️Live Poll

2. BLETCHLEY PARK
2023
Thank you to all our Sponsors
Silver
Platinum
Gold
Silver
Community
Sponsors

3. Nikki Chapple
Principal Cloud Architect
nikkichapple
@chapplenikki
www.nikkichapple.com
All Things M365 Compliance

4. Nikki Chapple
Viva Guardian ⬇️Live Poll

6. Agenda
VIVA SECURITY AND
COMPLIANCE
PRIVACY DEEP DIVES SUMMARY

7. What is Microsoft Viva?
⬇️Live Poll 2

9. Microsoft Viva: powered by Microsoft 365 and
backed by the Microsoft Graph
Viva Amplify
Viva Pulse

10. Data Residency
Viva
Engage
Viva
Insights
Viva Goals
Viva
Topics
Viva
Learning
Your tenant
In the EU
Viva
Connections
Viva
Sales
Viva
Amplify
Viva Pulse

11. Viva
Insights
Viva
Topics
Viva
Connections
Copilot in
Viva
Today’s deep dive

12. Viva
Connections
(included)

13. What is Viva Connections?
Personalised dashboard with
news and announcements
Access to company resources
and applications
Mobile app for staying
connected on the go
Access from Teams

14. What information is available in Viva Connections?
Dashboard
(Microsoft &
3rd party cards)
Resources
(SharePoint
global navigation,
sites)
Intranet site
Feed (Viva Engage
posts, SharePoint news,
and Stream videos)

15. How can I ensure the right content goes to the
right users?
Information
governance
Team, Viva Engage or
Site membership roles
File permissions
Audiences
Membership of groups
Use Azure AD dynamic
membership

16. How do I create an audience?
Team Viva
Engage
Microsoft
365
Group
Azure AD
Security
Group
Distribution
lists
Individual
users

17. What permissions are needed to manage Viva
Connections?
Site
member
Site owner Teams admin SharePoint
admin
Can author and edit
dashboards, news,
and other pages
Creates a SharePoint
home site to meet
technical
requirements for Viva
Connections
Creates and selects
settings for
customized app
Sets up the home site
Enables global
navigation and
creates a Dashboard

18. Viva Insights
(Personal included.
Team,
Organisational &
Advanced Insights
additional licence)

19. What is Viva Insights?
Organisation insights
Advanced insights
Team insights
Personal insights
Deep insights to
spot opportunities
Recommendations
in the flow of work
to change
behaviours

20. What are Viva Personal Insights?
Individuals can get
personalised
recommendations to
build better work habits
Uses your email,
calendar, Teams chat
and Teams call activities
Included with Microsoft
365 licences

21. How is my privacy protected in Personal
Insights?
Only you see
personal
insights?
Users choose to
opt out
Organisations
can have an
opt-in
approach

22. What are Viva Team Insights?
Managers can foster
healthy, successful
teams by establishing
norms
Additional Microsoft
Viva Insights licence
required

23. What are the privacy controls in Team insights?
To view Team Insights
• Need premium Insights licence
• Your team only includes people reporting directly to you as
presented in Azure Active Directory
Privacy controls
• You define the minimum team size
• Can't see individual team members personal collaboration habits
• Can enable or disable plus users can opt-out
• Users being measured also need a premium Insights licence

24. What are Viva Organisational Insights?
Senior leaders can
identify opportunities
to improve
engagement and
effectiveness across
the organisation
Additional Microsoft
Viva Insights licence
required

25. What are the privacy controls in Organisational
insights?
To view Organisational Insights
• Need premium Insights licence
• Assigned Insights Business Leader role or Group Manager
• Number of direct / indirect reports must exceed minimum group size
Privacy controls
• Data aggregation - minimum group size
• Group Manager only see direct & indirect reports
• Users can opt-out
• Users being measured need a premium Insights licence

26. Who can access Teamwork habits &
Organisational trends?
User Premium
Insights licence
Group
Manager role
Insights Business
Leader role
No access
Measured
employees
View their group
insights if group
meets or exceeds
minimum size
View organisation
insights
Power BI report
Viva Insights Premium licence required

27. What is Viva Advanced Insights?
Analysts help leaders
uncover deep insights
into workplace
patterns and trends
using advanced tools.
Six Power BI templates
& custom analysis
Additional Microsoft Viva
Insights licence required

28. What are the privacy controls for Advanced
insights?
No personal information shown
Aggregated group size
Uses differential privacy to ensure
individuals cannot be identified
Exclude topics, mailboxes, regions
Select which organisational assets
to use
Users can opt out

29. Who can access Advanced Insights?
Insights Admin
Organisation data quality
Privacy settings
Manager settings
Insights Analyst
Analysis
Query
Organisation data quality

30. Viva Topics
(additional
licence)

31. What is Viva Topics?
Discover and organise knowledge
AI-powered topic identification and
surfacing
Create and share knowledge with
others
Viva Topics licence required

32. What information is displayed in Viva Topics?
33
Topic card

33. What information is displayed in Viva Topics?
Topic Name
Topic viewer
People
Pinned - Topic viewer
.
Suggested people - based on
permissions
Description
Curated - Topic viewer
AI - based on permissions

34. What information is displayed in Viva Topics?
35
Suggested files &
and pages
Based on permissions
Related sites
Based on permissions

35. What information is displayed in Viva Topics?
36
Related topics
Based on permissions

36. Where are Viva Topics discoverable?
Teams, SharePoint and Outlook Profile cards

37. Where are Viva Topics discoverable?
Search Microsoft Apps search

38. How are Viva Topics discovered & curated?
SharePoint knowledge graph
• New content & updates
• Image, video or audio file types are excluded
AI
• Identifies recommended topics automatically
• Identifies people and content connected to the topic,
Authorised Users
• Can add topics manually
• Approve, amend or decline AI generated Topice

39. How can I keep my sensitive information
hidden?
Exclude sensitive SharePoint sites by URL
Exclude sites by sensitivity label
Exclude content by sensitivity label
Exclude topics by name
OneDrive is automatically excluded
Exclude people from being suggested for
topics

40. How can I control what content is shown to my
users?
Existing content
security features
in Microsoft 365
Administrative
controls

41. How can I manage Topic visibility?
No access
Read access to
Topics and Topic
pages
Allowed to view
Topics
Edit existing topics
or create new
ones.
Manage topics
through the topic
lifecycle. Confirm
AI-suggested
topics, delete
Topics
Set up ad manage
Topics admin
controls
Viva Viewers
User Topic
Contributor
Knowledge
Managers
Viva Topics licence required
Knowledge
Admin

42. Copilot in
Viva
(coming soon
with Viva Suite
licence)

43. Viva Copilot is built on the Microsoft 365 Copilot
system

44. Demystify Viva Copilot
Copilot is an AI assistant that provides productivity
recommendations as you work
Copilot reviews and learns from ALL your organisation's data
It provides responses based on the data you have access to
Governance is key - Garbage in → Garbage out

45. How will Copilot in Microsoft Viva work?
Copilot in Viva Glint
Highlight top issues and potential
solutions hidden throughout employee
suggestions from survey results; plus,
help leaders explore comments using
natural-language questions
Copilot in Viva Goals
Generate OKR recommendations
from business documents, improve
existing OKRs using conversational AI,
and summarize OKR progress with
contextual data
Copilot in Viva Engage
Offer insightful conversation starters
based on sentiments and trending topics
across workplace communities; plus,
receive suggested comment responses
for leaders

46. Copilot in Viva is built on Microsoft’s
comprehensive approach to Responsible AI

47. Summary

48. 1. Security and compliance in built in
Security
Enable/disable access at
individual or org level
Sensitivity labels to protect
sensitive data and containers
Block sensitive keywords,
Teams, sites, users
Compliance
Insights is GDPR compliant
Data stored in EU
Inheritance of compliance features
Opt in or opt out strategies

49. 2. Multiple role-based access controls

50. 3. Your privacy is maintained
Viva Personal insights
Only you can view insights
Based on work patterns in your
emails, meetings, calls, and chats
Individuals choose what they see
Viva Manager & Leader
insights
Data aggregation - minimum group
size
Differential privacy ensures users
cannot be identified from metrics
Deidentification of users

51. 4. Governed data remains secure
Viva Connections
Audiences to target content
Access to content based on
permissions
Sensitivity labels on groups, teams,
sites and content
Viva Topics
Manual verification on AI-discovered
topics
Access to content based on permissions
Sensitivity labels on sites and content
Exclude lists for keywords, users & sites

52. 5. Get ready for Viva
Deployment strategy → Opt out vs Opt in, Phased vs Big bang
Who, what, why, WIIFM → how
Pilot
Involve IT, Business, HR, Privacy, Legal & workers council from day one
Information governance and data security

54. BLETCHLEY PARK
2023
Thank You!