Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How Atrium Health SharePoint Team Manages Office 365

86 views

Published on

Atrium Health (formerly Carolinas HealthCare System) is one of the largest non-profit healthcare systems in the US, with over 60,000 employees. Starting in 2013, Atrium migrated Exchange and SharePoint to Office 365, which has introduced changes for both end users and the IT department. This session will cover how the Atrium Health SharePoint team manages and governs the collaboration workloads in Office 365 (SharePoint, OneDrive, Yammer, Office 365 Groups, Teams, Etc.). Attendees will walk away from this session with both specific governance tactics they can implement, as well as, the reasoning behind them.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

How Atrium Health SharePoint Team Manages Office 365

  1. 1. Notes from the field How Atrium Health SharePoint Team Manages Office 365
  2. 2. Diamond Platinum Gold Silver Thank you sponsors!
  3. 3. Who am I? •Kelly D. Jones • Atrium Health • IAS Director (SharePoint / OneDrive / Yammer / Custom Dev) • 20+ years industry experience; 10+ SharePoint •My blog: http://www.KellyDJones.com •Twitter: @KellyDJones •LinkedIn: https://www.linkedin.com/in/kdjones74/
  4. 4. What is Atrium Health?
  5. 5. Why this presentation? •Office 365 impact – real world example •Practical advice – beyond the sales demo •Is the way we do things perfect? Um, no. Your mileage may vary.
  6. 6. Atrium Health’s Move to Office 365 • Dec. 2007 • One Server • It’s FREE! WSS 3.0 • July 2011 – June 2016 • ~500GB • ~300 Site Collections SP2010 • July 2013 – Present • 14TB SPO • 19TB OneDrive • 1000+ Site Collections SPO • Office 365 E3 license for ~45k end users • All end user mailboxes are Exchange Online
  7. 7. Atrium Health’s Office 365 Services
  8. 8. • How will you support Office 365? • Will you limit OneDrive sync? • Will you support Explorer View? • How will you direct people to Office? • Will you allow external sharing? • Will you back up SharePoint/OneDrive? • Who can create SharePoint Site Collections? • How will you track SharePoint site owners? • Who can create Office 365 Groups/Teams? • How will you populate Groups? • Will you limit PowerApps/Flow connectors? • Are you ready for disruptive changes? • Are you ready for InfoPath/SPDesigner retirement? • How will you keep up to date? • How does Atrium handle changes? • How does Atrium communicate changes? Questions…
  9. 9. • What we mean for “support” – • Incident resolution – IT will fix it if something breaks • IT Solution Creation – IT will build solution using O365 tools • Training • Learning materials/training available for end users • Learning materials/training available for power users • Adoption campaign • Atrium Health – too many tools and not enough IT…. How will you support Office 365? Core Workloads • 100% Supported by IT • Exchange / Outlook • Skype • SharePoint / OneDrive • Yammer • Power BI (IT created dashboards) Community Support Workloads • Best effort support by IT • Office Apps (anything beyond install) • PowerApps / Flow • Stream • Power BI (end user created dashboards)
  10. 10. • Sync is allowed regardless of the button appearing • Can also set per library (full control or edit permission on the library to configure) • Mac OS • Atrium Configuration: • Sync to domain joined Windows PCs • No Macs Will you limit OneDrive Sync?
  11. 11. • Explorer View is still available in SharePoint and OneDrive • Must use IE • IE must be configured in a particular way • User must be logged in via browser before using Explorer View • Users like the familiar Windows Explorer user interface • They’re less likely to use new features such as sharing and version history • Users can break their SharePoint and OneDrive sites! • Example 1: “I don’t need folder” • Example 2: Windows 10 “shortcut” rename • Atrium advises users against Explorer View, but we can’t block it Will you support Explorer View?
  12. 12. • Lots of URLs can be used • Office desktop apps can be starting point Atrium: • Direct all teammates to two links: one internal, one external • Link goes to https://office.com/1 • Internal link also checks for browser version and generic login • Generic logins are auto-login PCs in clinical environment • If generic login detected, then username and password prompt appears How will you direct people to Office 365?
  13. 13. • OneDrive setting applies to all OneDrive sites • SharePoint can be configured per site collection • You can whitelist/blacklist domains to share to • You can allow anonymous or require external users to log in • Atrium settings: • External sharing allowed for OneDrive and SharePoint • Anonymous is allowed in only TWO site collections • No whitelist/blacklist configured • Guests must sign in using the same account to which the sharing invitation was sent to Will you allow external sharing?
  14. 14. • Atrium does not backup SharePoint/OneDrive (!) Scenarios: • Document deleted – Recycle bin restore • Document overwritten – Version history • Version history is enabled by default on all libraries (NOT LISTS) • Version history minimum is enforced by Microsoft – 100 versions • Sub site deleted – Recycle bin • Site Collection deleted – Recycle bin Our experience: • People are more likely to misplace files than to delete them • People use OneDrive when they should be using SharePoint Will you back up SPO/OneDrive?
  15. 15. • Option 1: Self-Service Site Creation • Option 2: Only IT administrators Who can create SharePoint Site Collections?
  16. 16. • Atrium disabled “self-service site creation” from the start • Only the IT SharePoint team can create site collections • End Users submit a request for new site collections • Identify owners (up to three) • Title and description • SharePoint Designer and External Sharing • Data sensitivity • Average 15-20 new site collections per month • Less than 50 have been denied (duplicate, name too general, etc.) Who can create SharePoint Site Collections? 223 61 156 265 177 193 200 114 0 100 200 300 2012 2013 2014 2015 2016 2017 2018 2019 Site Collection Creation Date
  17. 17. • Rethinking our policy… • We rarely deny new site collection requests • We don’t have the resources to verify if a new site is a duplicate • Site owners aren’t renewing sites consistently • Site owners aren’t correctly identifying sensitive data sites • No technical difference between sensitive and non-sensitive sites • What’s the minimum we need to do: • As IT to manage the environment? • To meet compliance and security requirements? • Answer: • We must have an owner identified – Site Collection Administrators • We must treat all sites as if they have sensitive data – Cloud Access Security Who will create SharePoint Site Collections?
  18. 18. Option 1: Custom List in SharePoint • Lots of manual work to maintain (Atrium’s old policy) Option 2: SharePoint Site List in Admin Center • Primary Admin isn’t easily updated by end users (?) • Only one primary Option 3: Site Collection Administrators (Atrium’s new policy) • Easily updated by any current Site Collection Administrator One loophole: what to do when the last SCA leaves? • Custom utility will (still developing) • Log who the owners are and who their managers are • When the last owner leaves, grants their manager SCA permission and emails them • Just like OneDrive How will you track SharePoint Owners?
  19. 19. • All Global Admins (can’t block admins) Option 1: Only specific users can create • Business Users in a designated AD Security Group • Note: people in this group must have an Azure AD Premium or Azure AD Basic EDU licenses (Microsoft documentation) Option 2: Any user can create • There are 20 ways to create an Office 365 Group (See blog post) • Most of the 20 are accessible to end users Microsoft Documentation Who can create Office 365 Groups?
  20. 20. • You can only do the following if you can create groups: • Office 365 Groups in Outlook • Groupify a SharePoint site • Create a plan in Planner • Create a channel in Stream • Create a workspace in PowerBI (groups no longer required) • Microsoft Recommendation: • Strongly consider self-service to empower group owners. What happens if you limit group creation?
  21. 21. • They will create groups…. What happens if anyone can create Groups? 1 47 100 107 1 14 14 14 13 181 209 209 175 206 223 188 309 296 286 255 269 174 229 62 2 8 17 3 3 40 30 50 35 32 35 23 32 33 19 26 27 10 15 1 0 50 100 150 200 250 300 350 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug 2014 2015 2016 2017 2018 2019 Office 365 Groups - Created and Deleted Group Created Group Deleted
  22. 22. • Using Microsoft features: • Group Naming Policy • Group Classification (data tier) • Group Usage Guidelines • Expiration Policy • Terms of Use • Custom utility to document Group owners (current and past) • C# utility deployed as Azure WebJob • Uses Microsoft Graph API to gather group info • Writes log info to two SharePoint custom lists (Groups, Owners) • Use SharePoint Version History to see when Groups/Owners change • Future state will include process for last owner leaving scenario How to manage unrestricted group creation? Require Azure AD Premium License
  23. 23. • Group Owners can add/remove members • Group Owners can promote/demote owners • Public groups – people can add themselves • Private groups – owners must add • Dynamic Groups – • Add/Remove members based on profile information (Azure AD) • Requires users to have Azure AD Premium license • Atrium Configuration: • No AD Dynamic Groups • Legacy solution populates on prem AD Groups • Building custom solution to populate groups How will you populate Group members?
  24. 24. • Tip: Connectors are documented here • Data Governance Policy – configuration applies to both PowerApps and Flow • You cannot block a connector 100% • You can only limit which connectors are used together • Flow Admin Center  Data policies • PowerApps Admin Center  Data policies • SO, is SQL Server business? • Yes – PowerApps/Flow can connect to any SQL Server • No – PowerApps/Flow can connect to any SQL Server • Suggested solution: Create a Flow that uses the Flow admin connector that looks for SQL Server connections and deletes any that aren’t on an approved white list Will you limit connectors in Flow?
  25. 25. • Microsoft will notify customers about upcoming “disruptive changes” • Microsoft defines whether a change is disruptive Are you ready for disruptive changes?
  26. 26. From Microsoft employee post on TechCommunity: “There is DIFFERENT governance for service removals in Office 365. The strict guidance is that Microsoft will give at least 30 days notice when we've indicated a replacement product; 365 days notice if there is no replacement; and that undocumented, unsupported features or risks which are found to compromise the security or platform integrity could be turned off immediately. For example, if we found a huge security loophole in the "Widget" web part, for example, we might remove that web part immediately to protect our customers while we work on the issue.” …“By precedent, even though we identified a replacement tech for Access Web Apps (PowerApps) we communicated that service removal 15 months in advance.” https://techcommunity.microsoft.com/t5/SharePoint/InfoPath-support-in- SharePoint-Online/m-p/97876#M9157 Disruptive changes: InfoPath & Designer?
  27. 27. •Office 365 Admin Center – Service Health Dashboard • Service health • Issues that Microsoft determines at least one of your users might be seeing • Message center • Change announcements that are applicable to your tenant • Planned maintenance outages – typically seven-day notice • Example: SharePoint and OneDrive were read only from 9pm-1am (Wed-Thurs) with one-week notice • Office 365 Admin app – same data as Admin Center web site • Mobile and desktop versions • Push notifications for health issues How to keep up?
  28. 28. • Office blogs: https://blogs.office.com/ Microsoft Tech Community  Blogs • Curate a list of blogs by industry MVPs • Microsoft Tech Community: • https://techcommunity.Microsoft.com • Roadmap: • Thin on details and few if any dates published Usage reports update: new reports for SharePoint, OneDrive and Yammer New reports in the Office 365 usage dashboard. We continue to add new usage reports, including Yammer groups, SharePoint clients and OneDrive clients, to provide you with a complete picture of how your organization is using Office 365. Feature ID: 70929 How to keep up? New Infographic: http://icsh.pt/TheJoneses
  29. 29. • Individual teams (SharePoint, Exchange, Desktop) • Monitor news from Microsoft daily (blogs, Message Center, etc.) • Office 365 Tech Team / Leads • Meet weekly to coordinate efforts • Determine what needs to be escalated • Teammate Workgroup – IS and business users/leaders How do we handle changes?
  30. 30. • Yammer announcements • Information on People Connect (top level intranet) • Focused emails (ex: site owners only) • Enterprise wide emails • Announcements on home page of People Connect How do we communicate change?
  31. 31. #SPSCLT19 Speaker Survey Session 3 Thank you. What questions did I forget?
  32. 32. Speaker Survey and Raffle • This year we are replacing the paper version of Speaker Survey with Microsoft Forms. • Scan the QR code for each session to access and submit your survey. • QR codes can be found in the program guide or on the room sign located by the door. • You will receive ONE raffle ticket for each session survey you complete. • The raffle ticket volunteer will validate your First and Last name before providing your ticket(s) • Drawing will be held this afternoon 4:30- 5:00 pm. • Must be present to win. You can download and use the QR Reader app available for both iOS and Android
  33. 33. SharePint Happy Hour event held after SPSCLT19 at Duckworth’s Grill and Taphouse Uptown. Walking distance from UNC Charlotte Center City campus and the 7th street light rail stop.
  34. 34. Migrating to SharePoint Online Monday Tuesday Wednesday Thursday Friday Week 1 SP Team Migrate site (full copy) SP Team Testing SP Team Testing Week 1 Business Owner Business owner testing Business owner testing Week 2 SP Team Migrate site to production (incremental) Identify next batch of sites Week 2 Business Owner Business Owner Testing Business Owner Testing Business Owner Sign Off • Tool used: MetaVis Architect Suite (now Metalogix Essentials)
  35. 35. SharePoint Team – Aligning Skill Set Support SP Instructor SP Admin SP Analyst SP Designer SP Dev Architect / Manager PM / Tech Lead 2011 1 1 1* .5 2012 1 1 1* 1* 1* .5 2013 1 1 1* 1* 1* 1 1 .5 2014 1 1 1* 1* 1 1 .5 2015 1 1 1* (Migration) 1* (Migration) 1 1 1 (Migration) 2016 1 .25* 1 1 1 (Migration) 2017 1 .25* 1 1 1 2018 1 .25* 1 .5 Hiring 2019 1 .25* 1 .5 1 *Contractor
  36. 36. Where did they announce this change? 1. The Office 365 Message Center for announcements 2. The Office 365 Health Dashboard 3. Tech net 4. Blogs published by the product groups (Office Blogs, PowerApps, Planner, O365 Roadmap, SharePoint) 5. Blogs by industry MVPs (150+) 6. Product team announcements in the Microsoft Tech Community forums 7. Plus Spaces in the Microsoft Tech Community (aka forums, 20+) #6 – “The Office Retirement Blog” – which didn’t exist until this post. I spotted it because of #5… Disruptive change – Access Web Apps

×