Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flows, and PowerApps

312 views

Published on

The number of services end-users have under their fingertips in Office 365 has been dramatically growing, and there are just a minimum number of hurdles stopping end-users to go completely wild with all these options.

This means the amount of digital data that is being stored in Office 365 and company processes that touch Office 365, has been ever-increasing and organizations and IT professionals are struggling to keep up to govern the data.

In this session, we are going to dig deep in order to discuss best practices for governing such a system, what are some of the typical use cases and scenarios and typical pitfalls with governance. We are going to review what kind of reports and tools are available at our disposal as part of the built-in Office 365 offering, and when to use the programmable approach to automate governance.

Published in: Software
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE Format, ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE Format, ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flows, and PowerApps

  1. 1. Toni Frankola Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flows, and PowerApps
  2. 2. • More than 20 years experience in IT • SharePoint / Office 365 MVP 2010-2019 • With SharePoint since 2003. Toni Frankola Co-founder and CEO SysKit Ltd., Croatia
  3. 3. SharePoint On-prem, Hybrid and Office 365 Solutions SysKit Ltd. SysKit is a software development company based in Zagreb, Croatia, Europe founded in 2009. ​ We create innovative software solutions for SharePoint and Office 365 admins and consultants.
  4. 4. Governance is the set of policies, roles, responsibilities, and processes that control how an organization's business divisions and IT teams work together to achieve its goals. What is Office 365 Governance?
  5. 5. How do we manage Office 365 • Via the Admin Center(s) • PowerShell • Exchange Online • SharePoint Online • Microsoft Teams • Azure AD (Groups) • Power platform (PowerApps / Flow)
  6. 6. Office 365 Groups
  7. 7. Office 365 Groups Outlook Yammer SharePoint Microsoft Teams StaffHub Planner PowerBI Power Platform Power Apps Flow
  8. 8. 8 ways to create Office 365 groups Source: sharepointeurope.com
  9. 9. Office 365 Groups • The foundation that allows you to manage security • Reduces the need for „Shadow IT”
  10. 10. Dangers of Office 365 group sprawl • In the effort to stop the „Shadow IT” we can easily encounter sprawl • Key steps: • Control who can create Office 365 Groups • Group soft delete and restore (30 days) • Group naming policy • Group expiration policy • Group guest access • Group policies & information protection • Upgrade traditional collaboration tools • Groups reporting
  11. 11. Restrict Groups creation • Creation of groups can be restricted to a members of a particular security group • Configured via PowerShell • Pros: Prevents group sprawl • Cons: Increases the burden on the limited number of people and prevents O365 usage • Caveats: • Certain administrator roles exempt from this rule • Exchange, Partner Support, Directory Writers, SharePoint, Teams, User Mngt.  Azure AD Premium Licenses required for „group creators” • No special license is required for users that will NOT be creating groups
  12. 12. Control who can create Office 365 Groups – Best Practices • Start with self-service if anyhow possible • Make sure your internal policies documented and in-place • Revisit this as you go • Three modes of operation: Open, IT-Led, Controlled • Tightly controlled group creation can decrease productivity as many services require Office 365 groups
  13. 13. Restrict Groups Creation Demo
  14. 14. Office 365 Groups naming policy • Sometimes inconsistent naming can cause a lot of governance issues • OOTB naming policy can leviate some of those issues • Easier categorization or identifiy purpouse • Block certain words (important because each group gets and email address e.g billg@microsoft.com) • To use the Groups naming policy feature, the following people need an Azure Active Directory Premium P1 license or Azure AD Basic EDU license: • Everyone who is a member of the group. • The person who creates the group. • The admin who creates the Groups naming policy
  15. 15. Group naming policies Demo
  16. 16. Office 365 Group Expiration Policy • Can be setup as an internal process so owners have to „renew” the group • Helps clear the groups that are no longer being used like: • Projects that finished • Departments that merged • Staled groups • Group expiration is an Azure Active Directory (Azure AD) Premium feature
  17. 17. Group expiration policies Demo
  18. 18. Orphaned Groups • When group owner leave the company, group becomes orphan i.e. without owner • Group can still be used, content is not lost • Administrator should assign someone else as owner • Best practice always have more than one owner at anytime
  19. 19. How do I find „orphaned” groups Sample: $Groups = Get-UnifiedGroup | Where-Object {([array](Get-UnifiedGroupLinks - Identity $_.Id -LinkType Owners)).Count -eq 0} $Groups | Select Id, DisplayName, ManagedBy, WhenCreated ForEach ($G in $Groups) { Write-Host "Warning! The following group has no owner:" $G.DisplayName }
  20. 20. External / Guest users • By default, guest (external) access is turned on • An external user is someone from outside your Office 365 subscription to whom you have given access to one or more sites, files, or folders. An Authenticated external user is a user who have a Microsoft account or a work or school account from another Office 365 subscription. • Can be turned off for entire org, or individual sites • Plan external sharing ahead • It's important that all group members have permission to access the team site
  21. 21. External users authorization • Three basic authorization levels for shared items: (may wary depending on the object type being shared) • Sign-in with an account • Sign-in with code • Anonymous
  22. 22. Manage guest access to Office 365 Groups • Controlled by underlaying SharePoint Online settings • OneDrive can be more restrictive • You can control it for individual sites (more restrictive) • SharePoint site • OneDrive site
  23. 23. External Sharing Demo
  24. 24. How do I find all these external sharings • Audit Log • Warning: Data retention and content overflow • eDiscovery • Warning: Licenses • PowerShell • Get-SPOExternalUser • 3rd party tools
  25. 25. Groups Governance additional steps • Organizational-wide teams • Dynamic Memberships of AD Groups (e.g. based on department) • Azure AD Premium feature • Group classification • Groups hidden from GAL • Define usage guidelines • Azure Information Protection • Access Reviews • Groups with secret membership
  26. 26. SharePoint
  27. 27. SharePoint • The most of governance for SharePoint online depends on the underlaying group • There are some specifics…
  28. 28. Permissions explained
  29. 29. External users (Applies to OneDrive too)
  30. 30. SharePoint / OneDrive per site external sharing settings • Individiaul security settings can be configured per individual OneDrive or SharePoint
  31. 31. OneD riv e / Sha rePo int p er sit e ext erna l user set t ing s Demo
  32. 32. Modernize SharePoint Online sites 1. Run the SharePoint modernization scanner to detect those sites 2. Connect to a SharePoint group  Not available for some templates 3. Remove non-supported customizations on web-part and wiki pages • Check SharePoint Modernization Framework PnP
  33. 33. OneDrive
  34. 34. External Users (see SharePoint slides)
  35. 35. OneDrive default size and PowerShell repor ts Demo
  36. 36. OneDrive Limited Access For OneDrive Using these settings you can: • Block downloading files in the apps • Block taking screenshots in the Android apps • Block copying files and content within files • Block printing files in the apps • Block backing up app data • Require an app passcode • Block opening OneDrive and SharePoint files in other apps • Encrypt app data when the device is locked • Require Office 365 sign-in each time the app is opened • Choose values for how often to verify user access and when to wipe app data when a device is offline.
  37. 37. Microsoft Teams
  38. 38. Office 365 Groups and Teams Activity Report • Activity in Group mailbox • Activity in SharePoint site • Activity in the Teams chat • Script by Tony Redmond Office 365 Groups and Teams Activity Report
  39. 39. Office 365 Groups and Teams Activity Repor t Demo
  40. 40. PowerApps / Flow
  41. 41. The landscape
  42. 42. Environments • Microsoft PowerApps Environment Admin, Office 365 Global Admin, or Azure Active Directory Tenant Admin, who needs to have a Plan2 license for PowerApps and/or Flow. • Use the Admin Cetner to control them • Use PowerShell Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber Install-Module -Name Microsoft.PowerApps.Administration.PowerShell Add-PowerAppsAccount Get-AdminPowerAppEnvironment | Format-Table -Property EnvironmentName, DisplayName, CreatedBy, Location
  43. 43. Po wer Pla t fo rm Ad min UI Demo
  44. 44. Connectors
  45. 45. Retrieve connectors $allApps=Get-AdminPowerApp | Where-Object{$_.EnvironmentName- eq$envname} | SELECT AppName,CreatedTime,EnvironmentName foreach($app in $allApps) { $app.AppName Write-Output"==========" Get-AdminPowerAppConnectionReferences-EnvironmentName $envname- AppName $app.AppName | SELECT ConnectorName,ConnectorId,DisplayName,Publisher }
  46. 46. List of connectors
  47. 47. Audit Log
  48. 48. Audit Log • Easily forgotten but the key tool to govern your Office 365 • Audit log search feature comes handy as it allows you to search for following event types: • Admin activity in SharePoint Online • Admin activity in Azure Active Directory (the directory service for Office 365) • Admin activity in Exchange Online (Exchange admin audit logging) • User and admin activity in Sway • eDiscovery activities in the Office 365 Security & Compliance Center • User and admin activity in Power BI • User and admin activity in Microsoft Teams • User and admin activity in Dynamics 365 • User and admin activity in Yammer • User and admin activity in Microsoft Flow • User and admin activity in Microsoft Stream
  49. 49. Audit Log (2) • Audit logging is not turned on by default so configure it in advance • Retention: • Office 365 E3: Audit records are retained for 90 days. That means you can search the audit log for activities that were performed within the last 90 days. • Office 365 E5: Audit records are also retained for 90 days. Retaining audit records for one year may eventually be available for E5 users and users with an E3 license and an Office 365 Advanced Compliance add-on license. • The private preview program for the one-year retention period for audit records for E5 organizations (or for users in E3 + ACL)
  50. 50. Audit Log Tools • Search and Compliance Center • PowerShell (Exchange module)
  51. 51. Aud it Lo g To o ls Demo
  52. 52. BINGO CARDS • WEBCON – has the bingo cards, visit them to play • Bingo Cards = how you win prizes at the end of the event. • The cards must be stamped by ALL the Sponsors in order to be eligible to win. • For the grand prizes you must have opted-in when registering. • Must be here to win at the end of the day. Another Surface Go Xbox One S Tons of prizes .. Socks, buttons, bags, echo dots, gift cards, plural sight, gaming monitor, Bluetooth
  53. 53. EVALUATIONS • Speaker Evaluations • located at the front of the room • Will be read by the org and then sent to speakers • Be honest and constructive • Turn in 6th floor info desk • Event Evaluations • Visit the 6th floor info desk • Give us your honest feedback – we can take it • Turn in 6th floor info desk
  54. 54. THANK YOU EVENT SPONSORS We appreciated you supporting the New York SharePoint Community! • Diamond, Platinum, Gold, & Silver have tables scattered throughout • Please visit them and inquire about their products & services • To be eligible for prizes make sure to get your bingo card stamped by ALL sponsors • Raffle at the end of the day and you must be present to win!
  55. 55. Beer Authority 300 W 40h St [across the street] Join us for a round of drinks http://www.beerauthoritynyc.com
  56. 56. Q&A

×