SPCA2013 - Getting to grips with a SharePoint 2013 BYOD Strategy


Published on

Getting to grips with a SharePoint 2013 BYOD Strategy

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Microsoft have finally got this right in SharePoint 2013 (in my opinion). The number of users that want to view SharePoint ‘on the go’ on mobile devices such as iPods and Smart Phones is obvious. Views are now available in SharePoint 2013 which have been built using HTML5.This should ensure that this will work on practically any device and will be optimised for most Mobile Browsers (Mobile IE9, Windows Phone 7.5, Safari, and Android. Office Web Apps also mean that documents and files should open on all of these, with no requirement to have Office installed on the device.
  • Notification Hubs is now backed by an updated Service Bus service level agreement (SLA) and fully supports push notifications for Windows Store (WNS), Windows Phone (MPNS), iOS (APNS), and Android (GCM) applicationsThis I about ensuring end users on the move are informed real timeUsing the Microsoft Push Notification Service (MPNS), Windows Phone apps can receive notifications through the Internet of events triggered on Microsoft SharePoint Server. The phone app doesn't have to poll the server for changes to, for example, the items in a list on which the phone app is based. The app can be registered to receive notifications from the server, and an event receiver can initiate a notification and send it to the receiving app for handling. The push notification is relayed to Windows Phone devices by MPNS.Windows Phone 7 doesn't support running multiple apps simultaneously. Other than the components of the Windows Phone operating system (OS) itself, only one app can be running on the phone at a time. An event relevant to a given phone app might occur (such as, for example, a list item being added to a list) when the app isn't running in the foreground on the phone (that is, when the app is tombstoned or closed). You could develop a background service on the phone with a periodic task that might check for changes to the list on the server, but this approach would consume resources (such as network bandwidth and battery power) on the phone. With MPNS and the components that support notifications built into the Windows Phone 7 OS, the phone itself can receive a notification relevant to the context of a given app—even when that app isn't runningRemember – SMS is not a free service – everything adds to the cost
  • If security permits itIf you need to access your files on the go, SkyDrive offers a wide range of mobile apps, including iOS, Android, and Windows Phone. While the mobile apps will allow you to view and upload files, you will not be able to edit or create new documentsSkyDrive is free online storage that provides you with a personal library where you can upload and access files from any of your devices. Download one of the SkyDrive apps and you can easily save your documents, photos, and other files in this library, share them with friends, and even collaborate on content. For more information about using SkyDrive, see Work together on Office documents in SkyDrive. SkyDrive Pro is also online storage that provides a personal library where you can upload and access documents, photos, and other files on your computer. But your SkyDrive Pro library is managed by your organization and is available with either Office 365 or SharePoint. This means you can share content in the library only with colleagues in your organization and with invited guests outside of your organization if you're logged into Office 3Here’s some basic information you’ll want to have if you want to support SkyDrive Pro libraries and Sync services in your organization. If you just want to get your bearings around SkyDrive Pro, you can start here: http://office.microsoft.com/en-us/sharepoint-server-help/what-is-skydrive-pro-HA102822076.aspx   Regarding SkyDrive Pro prerequisite software and services: To support SkyDrive Pro libraries in your organization, the latest SharePoint or Office 365 personal sites (also known as My Sites) need to be deployed in your organization, and the user profile service needs to be running. This is because social features, such as sharing documents, depend on personal sites and user profiles. To support Sync in SkyDrive Pro (the ability to synchronize SkyDrive Pro documents with local desktops), make sure that either Office 2013 (Standard or Professional) or an Office 365 subscription that includes the Office 2013 applications is running on Windows 7 or Windows 8 client devices.  Regarding security concerns: SkyDrive Pro client exchanges with SharePoint sites rely on synchronization protocol and external mechanisms for security, such as those provided by VPNs or Secure Socket Layer (SSL) technology. SkyDrive Pro data is not encrypted over the network when the SkyDrive Pro client talks to SharePoint (which is required to support SkyDrive Pro), unless the transport protocol is being used for server communication is through https (which uses SSL or Transport Layer Security – TLS). Server administrators can configure SSL encryption for data sent over the network between the SkyDrive Pro and the SharePoint servers. On-disk data can be encrypted using the Windows BitLocker Drive Encryption. For more information see ‘BitLocker Drive Encryption’ at http://go.microsoft.com/fwlink/p/?LinkId=163122 . Note: SSL is recommended for SharePoint connections from outside a corporate domain. If you’re using Active Directory, you can configure the following Group Policy setting: Sync Only On Domain Network: Requires a Secure Socket Layer (SSL) connection for SkyDrive Pro clients trying connect to SharePoint Server 2013 (or SharePoint 2010) from outside the organization’s intranet. In addition, you can secure the SharePoint site from unauthorized access by setting access control lists appropriately. For guidance about how to set access control for users to synchronize with SharePoint libraries and lists, see ‘Overview of site permissions in SharePoint 2013′ at  http://technet.microsoft.com/en-us/library/jj219771.aspx
  • Understand your landscape
  • The table shows where mobile views can be applied.We need Team sites and publishing sites – to A USER POPULATION with lots of legacy smartphones - Classic View does not support publishing sites
  • Which sites do you plan to have mobile views on for SharePoint Server 2013? it is important to identify which sites will require a mobile rendering in your organization.
  • SPCA2013 - Getting to grips with a SharePoint 2013 BYOD Strategy

    1. 1. • Microsoft SharePoint MVP & 2010 & 2013 TAP member • 25 years+ in IT • Primarily worked in large organisations, on large projects • IT Services Agency, Syntegra, BT PLC • Capgemini PLC • Specialise in large scale SharePoint Strategy, Architecture, Assurance and Governance • Co- authored a few books on various SharePoint, JAVA and .NET subjects • North East Administrator for the SharePoint UK User Group Busy on Assurance for a 170,000 seat SharePoint 2013 and 0365 Hybrid Build. I’m from Up-North UK– I speak QUICKLY!
    2. 2. • The confusion of BYOD Terminology • The Changing BYOD Landscape • An overview of SharePoint 2013 Mobile Capability • Planning for Mobile views • Supported Devices • SkyDrive • • • • • • Understanding your own Landscape Tooling – Can it help? Compliance Licencing – EEK! Scary Thoughts - OOH! Q&A More Questions than Answers!
    3. 3. • We are in acronym hell –TLA & FLA rules
    4. 4. • SMM = Social Media Monitoring • ORM = Online Reputation Management • MDM = is that master data management or mobile device management) • MAM (EAM)= Mobile/Enterprise Application Management • BYOD = Bring your Own Device – you own it the enterprise permits you to use it • BYOT = Bring your Own technology – you own it the enterprise permits you to use it • COPE = corporate-owned, personally enabled-- the enterprise purchases a device and service plan that the employee wants • BYOL – Bring your own License • BAAD = Bring an Agreeable Device
    5. 5. • Something we use to connect to something we need • As a user, I don’t care who owns it - I want the choice however • As a corporate I have may concerns like security • I may have concerns about ownership • I may have concerns about supporting sporadic devices • I may have concerns about licencing • I may be looking to drive down IT spend • I want my users to be more social, anytime, anywhere! (McKinsey)
    6. 6. • The Middle East has one of the highest adoption rates of the practice worldwide in 2012. • According to research by Logicalis, high-growth markets (including Brazil, Russia, India, UAE, and Malaysia) demonstrate a much higher propensity to use their own device at work. Almost 75% of users in these countries did so, compared to 44% in the more mature developed markets • International research reveals that only 20% of employees have signed a BYOD policy
    7. 7. ( Cisco’s “Visual Networking Index (VNI) Global Mobile Data Traffic Forecast) Cisco Measuring Data consumption per device type currently
    8. 8. • By 2016, mobile-connected tablets alone will generate almost as much traffic as the entire global mobile network does in 2012, 1.1 exabytes per month • 4G phones, only 0.2% of mobile connections, are already accounting for 6% of mobile data traffic • By 2016, 4G will account for 36% of total mobile traffic • By 2016, video will be over 70% of traffic
    9. 9. • So, we have a surging demand • 15 billion network connected devices by 2015 – 2 per person • We understand the landscape – it’s growing out of control
    10. 10. • Contemporary view This view offers an optimized mobile browser experience to users and renders in HTML5. This view is available to Mobile Internet Explorer version 9.0 or later versions for Windows Phone 7.5, Safari version 4.0 or later versions for iPhone iOS 5.0, and the Android browser for Android 4.0 or later versions • Full-screen UI There is also the ability to have a full desktop view of a SharePoint site on a mobile device. • Classic view This view renders in HTML format, or similar markup languages (CHTML, WML, and so on), and provides backward compatibility for mobile browsers that cannot render in the new contemporary view. The classic experience in SharePoint Server 2013 is identical to the mobile browser experience of SharePoint Server 2010.
    11. 11. Research here: http://technet.microsoft.com/enus/library/jj673030.aspx
    12. 12. • Mobile browser redirection • To access a site by using the optimized mobile browser experience, a new feature named Mobile Browser View must be activated on the site. When activated and a mobile browser is accessing the site, this feature checks the mobile browser to determine whether it can handle HTML5. If the mobile browser supports HTML5, the contemporary view is rendered. Otherwise, the classic view is rendered. • By default, this feature is activated when any of the following site templates are used: • Team Site • Blank Site • Document Workspace • Document Center • Project Site • You must explicitly activate the feature on sites created with other templates. You can activate or deactivate the Mobile Browser View feature at the site level.
    13. 13. • In SharePoint Server 2013, you can render a single publishing site in multiple ways by using different designs that target different devices based on their user agent string using Device Channels. • You create a single site and author the content in it a single time. Then, that site and content can be mapped to use different master pages and style sheets for a specific device or group of devices. Also, you can easily show different content to different device channels using same page and page layout. • 10 MAX boundary per site collection – Info Arch! • Don’t underestimate the workload in customising for each device
    14. 14. • You can configure and manage a mobile account in SharePoint Server 2013 to enable users to subscribe to alerts that are sent by using Short Message Service (SMS). • SMS alerts are sent to the mobile device when changes are made to a SharePoint list or item • Without SMS – you can use Push Notifications for apps on windows phones so then device is informed even if the app is not the active app – no IOS integration (yet) – COST Savings • A standard alert over email usually requires the email client to be active – you can still do this • For mixed environments consider the complexity of any notification services -
    15. 15. • There is now a Geolocation field you can use in SharePoint lists • There is an investment in time to get this working – work out your benefits upfront • Not indexable via Search Jury is out on this one for me
    16. 16. • SharePoint Server 2013 enables a user to view certain kinds of dashboard content. • This includes PerformancePoint reports and scorecards, and Excel Services reports in iOS 5.0+ Safari browsers on iPad devices. OOTB
    17. 17. • Office Web Apps Server is a new stand-alone server product that still provides mobile browser-based viewers for these applications. These viewers called Word Mobile Viewer, Excel Mobile Viewer, and PowerPoint Mobile Viewer are optimized to render documents for phones. When integrated with SharePoint Server 2013, a user can enjoy enhanced viewing experiences when interacting with documents on the phone. • Together, SharePoint Server 2013 and Office Web Apps Server offer a better user experience when interacting with documents on a mobile device. For example, when both products are used together, a user opens a server-based version of the document in the mobile browser. Without Office Web Apps Server, the user would first have to download the file and then open it in Office Mobile or in an Office document viewer. IOS file locking issues – 60 minute locks
    18. 18. • SkyDrive is free online storage that provides you with a personal library where you can upload and access files from any of your devices • SkyDrive Pro library is managed by your organization and is available with either Office 365 or SharePoint • Needs an app per device – including windows client • You can of course just use your browser for basic features • There are other services (Google Drive, Box, LiveDrive and SugarSync for example) • SkyDrive Offline is a now a real world planning consideration for supporting BYOD
    19. 19. Consistent access from any device!
    20. 20. • SkyDrive is not, and has never claimed to be, HIPAAcompliant. Or IL3 If you have a level of security requirement that involves the phrase "security auditors" SkyDrive will never pass. There aren't any audit logs, for one thing. • Office 365 (SP online) can provide IL2 – soon perhaps IL3 • Skydrive Pro can be enforced to use SSL for transport – it isn’t stored encrypted, only transmitted • Subject to Patriot Act – EEEK!
    21. 21. Device Type/Pool Serial Number/Asset Tag Operating System Version Is the browser supported in SharePoint 2013 Windows Phone XXXXX-XXXXXX 7.5 Yes iPhone XXXXX-XXXXXX 5.0 Yes Android (3000 devices) n/a 4.0 Yes
    22. 22. • For smartphone devices only. Activated by default on select site templates (Team Site, Blank Site, Document Workspace, Document Center, and Project Site). • Some of the views are unavailable to certain phones and tablets – support call hell! • http://technet.microsoft.com/enus/library/jj673030.aspx • For apps - Don’t expect device affinty across devices – the reason the BBC in the UK has not released iPlayer for all devices is they all appear to work differently – now on ICS 4.3, but limited success. Contemporary View
    23. 23. The browser-based mobile views in SharePoint Server 2013 can be used on a number of different SharePoint site templates. Blank Site Document Workspac e Document Center Project Site Publishing Site Yes Yes Yes Yes Yes n/a Full screen UI Yes Yes Yes Yes Yes Yes Device channels Not applic able Not applicable Not applicable Not applicable Not applicable Yes Classic view Yes Yes Yes Yes Yes Not applicable Mobile view Team Site Contemporary view
    24. 24. Team Site Blank Site Document Workspace Document Center Project Site Publishing Site Notes Yes Team Site #1 (HR) -Mobile view required Yes Team Site #2 (Finance) – Mobile view required Yes Public Facing Site -Mobile view required
    25. 25. SharePoint infrastructur e Authenticati on mode Authenticati on provider Windows Phone 7.5 or later versions (Internet Explorer Mobile) SharePoint on-premises NTLM Active Directory Supported Supported SharePoint on-premises Basic Active authentication Directory Supported Supported Supported Supported SharePoint on-premises SAML WSFederation 1.1 compatible Identity Provider iOS 5.0 or later versions (iPad, iPhone using Safari) http://technet.microsoft.com/en-us/library/fp161350.aspx SharePoint Forms-based Online authentication Org-ID Supported Supported
    26. 26. • Any BYOD strategy will increase your Data Transmission • Access points/network segments might need scaling • Skydrive synch can quickly get out of control if you synch quickly changing directories • Think about monitoring – how do you do it, is it suitable moving forward During 2011 to 2016 Cisco anticipates that global mobile data traffic will outgrow global fixed data traffic by three times
    27. 27. • Software Management • Network Service Management • Hardware Management • Security Management
    28. 28. • • • • • Configuration Updates Patches/fixes Backup/restore Software Provisioning • Authorized software monitoring • Transcode • Hosting • Managed mobile enterprise application platforms (MEAPs) • Development • Background synchronization Manage and suppot mobile applications, content and operating systems – Support Control
    29. 29. • • • • Invoice/dispute resolution Procure and provision service Reporting and Statistics on usage Help desk/support – details to help problem resolution • Usage – patterns and service evolution indicators • Service and contract – SLA/OLA consideration type stuff
    30. 30. • Procurement • Provisioning • Asset/inventory • Activation • Memory • Deactivation • Shipping • Imaging • Performance • Battery life
    31. 31. • • • • Sandboxing Enforce Remote wipe Enforce Remote lock Apply Secure configurations • Apply Policy enforcement • Ensure Passwordenabled • Enforce Encryption • Control Authentication • Enforce Firewall • Enforce Antivirus • Enable Mobile VPN • Compliance Engine
    32. 32. For Device control look to Windows In-Tune For Content control look to Azure AD Rights Management (for SharePoint/Exchange Online)
    33. 33. • Remote wipe If a mobile phone is lost, stolen, or otherwise compromised, you can issue a remote wipe command from the Exchange Server computer or from any Web browser by using Outlook Web App. This command erases all data from the mobile phone. · • Device policies Exchange ActiveSync lets you configure several options for device policies. These options include the following: • Minimum password length (characters) This option specifies the length of the password for the mobile phone. The default length is 4 characters, but as many as 18 can be included. · Inactivity time (seconds) This option determines how long the mobile phone must be inactive before the user is prompted for a password to unlock the mobile phone. · Enforce password history Select this check box to force the mobile phone to prevent the user from reusing their previous passwords. The number that you set determines the number of past passwords that the user won't be allowed to reuse. • Wipe device after failed (attempts) This option lets you specify whether you want the phone's memory to be wiped after multiple failed password attempts. • Allow simple password. This setting enables or disables the ability to use a simple password such as 1234. • Allow storage card. This setting specifies whether the mobile phone can access information that’s stored on a storage card. • Password enabled. This setting enables the mobile phone password. • Password expiration. This setting enables the administrator to configure a length of time after which a mobile phone password must be changed.
    34. 34. • MEAP integration Layer - SharePoint Composites and Data Connectors • Security - Unified Access Gateway with deep packet inspection, Exchange policy Enforcement • Provisioning - System Center Configuration Manager (SCCM), Windows Intune, Exchange Server, Windows Store • Software - Visual Studio allow development of crossplatform thick and thin apps - HTML5 • Multi-channel transports like HTTP/SOAP/REST/EAS/XML/JSON, OData, and the Sync Framework support communication with any mobile We need to look beyond the SharePoint client Platform
    35. 35. • http://sixrevisions.com/tools/10-excellent-tools-for-testingyour-site-on-mobile-devices/
    36. 36. • You cannot segregate SharePoint 2013 from BYOD – by design • 1 - Mobile Device Policy is KEY • Base it on user satisfaction if possible • • • • a risk assessment; appropriate policies and procedures; appropriate guidance to staff; good governance and/or audit arrangements in place to establish clear lines of responsibility for preventing contraventions; • robust monitoring mechanisms; and • adherence to relevant guidance or codes of practice. • 2 - Understand Expenses – who pays for what • 15 billion/2 per person = 24,000 BILLS
    37. 37. • If you are in the Healthcare industry, you’ll need to comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH Act). • The HIPAA Security Rule complements the Privacy Rule. While the Privacy Rule pertains to all Protected Health Information (PHI) including paper and electronic, the Security Rule deals specifically with Electronic Protected Health Information (EPHI) • Information management is critical
    38. 38. US - Walgreens Fined $1.44 Million for exposing confidential data One US hospital lost a single netbook and are facing a $1.5 million fine. £50,000 Prudential - the first monetary penalty notice not related to a security breach. FSA imposed a fine of £3m on HSBC for various failures in respect of the personal data it held Zurich Insurance - £2.3m fine for mislaying an unencrypted tape backup with 46,000 sensitive customer records on it Spain - 1.08 million Euro fine imposed on Zeppelin TV, made information about Big brother applicants available online Gemany - Deutsche Bahn was fined 1.1 million Euros for breaches of data protection laws HaSpa (the savings bank of Hamburg) was fined 200,000 Euros for transferring customer data to external service providers.
    39. 39. • • Information security is the most important aspect of data protection • “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data” • Loss or unauthorised access can result in harm and could result in regulatory action
    40. 40. • Sections 55A and 55B of the Data Protection Act 1998 • NL – Article 26/4 • contravention of Section 4(4) of the Act (the duty to comply with the data protection principles • – serious breach of data protection principles likely to cause substantial damage or distress – deliberate or reckless • Other enforcement powers:• – enforcement notice • – powers of access and inspection • Criminal offences • Civil offences
    41. 41. • Passwords should not be an option – IOS automatically encrypts when it is enabled • Encryption should be mandatory – earlier Android devices do not support encryption • Restrict Device Features as Necessary – disable bluetooth/cameras – can you disable by geolocation? • Restrict, allow and require apps you need to encourage productivity • Block non-corporate email like GMail • Push your wireless network, VPN and passcode settings to your users OTA (over the air) – remove them same way • Do you allow temporary non-compliances? All Pointless without Testing and
    42. 42. All affect BYOD licensing costs = strategy consideration
    43. 43. • Virtual Desktop Access (VDA) license is $100 per year, per device. If you have Software Assurance, VDA rights are included • If you buy a device with WinRT installed, it has built-in VDA privileges • Without VDA you need a CDL per device • Access SharePoint via a browser only – you only need a SP CAL • The default Office Web Apps mode is view-only, and it is provided free. The other mode enables both viewing and editing, and this mode must be additionally licensed.
    44. 44. • If a personal device gets stolen from inside an employees car, with confidential data on it – who gets Sued? What are the insurance or personal implications? • If your personal insured device gets lost with the only source of information on it, and a project delivery fails – who pays the penalties? • Why would you ever choose and pay for a device – to save the business money, and then permit your employer to dictate how you can use it? • Who pays if a device is found to have pirated software on it – my iPad is jailbroken – should you permit rooted or jailbroken devices – what are the consequences? • If you end up using non-corporate software for company business – who covers the licence costs?
    45. 45. • Swipe and Wipe is fine – what if the device cannot be wiped and the hard drive ends up in India being recycled – consequences? • Many of us share devices with spouses and children – consequences of leaving a VPN open to SharePoint Central Admin • What about device emulation and virtualisation – device spoofing via virtualisation – policy on that VM but not on the host • I can afford a better device that makes me more productive, how is that measured and fairly balanced by HR for pay evaluations? • Research has shown that we are affecting sleep patterns with tablets/smartphones & Bluelight, how will your company control this potential for productivity drop we never had with laptops? BYOD strategies – better start that journey no
    46. 46. John.Timney@capgemini.com www.johntimney.com