3. Managing SharePoint
On-Premises vs. Online
What I’ll cover today:
• The evolution of SharePoint management
• What’s different about SharePoint Online
• Considerations for your transition to the cloud
• Best practices for managing a hybrid solution
6. Infrastructure
maintained
solely for
customer
On premises or
off
Managed by the
customer, or by
a 3rd party
hoster
Private Cloud Hybrid Cloud
Multiple
infrastructure
options
Components
both on premises
and off premises
Management
spread between
customer and 3rd
party hosters
Infrastructure
shared by
multiple
customers
Off premises
Managed by 3rd
party on behalf
of customers
Public Cloud
More infrastructure options
7. Partner Hosted
Private Cloud
• Dedicated environment
• Externally hosted
• Externally or internally
managed
• Internally designed
Self Hosted
Private Cloud
• Dedicated environment
• Internally hosted
• Internally managed
• Internally designed
Shared or Dedicated
Public Cloud
• Shared or dedicated
environment
• Externally hosted
• Externally managed
• Externally designed
Public Dedicated
Cloud
• Partially or fully dedicated
• Externally hosted
• Externally or internally
managed
• Minimal customization
Traditional
on premises
Ye Olde Build vs. Buy argument
9. What are the 5 most
common SharePoint
management concerns?
10. 1. Defining (and communicating)
policies and procedures
Always start with non-technical elements
Develop a security policy
Implement a training plan for end users
Develop a strategy for ensuring
users know what content
is confidential
34% of IT administrators said
that they'd "sneaked a peek"
at documents they weren't
authorized to view, including
employee details and salary
information (DarkReading)
11. 2. Failure to implement any kind of
permissions best practices
Apply permissions using Least Privileged principles
Don’t give users Direct Access
Embrace SharePoint Groups and/or Active Directory Groups
Ensure Appropriate Use of the Authenticated Users Group
Clean up Orphan Users
Use Broken Inheritance Responsibly
Revoke permissions quickly
12. 3. Failure to regularly audit access
to content and sites
Are we adhering to Compliance or Governance
requirements?
Who has been accessing specific content?
How often are specific sites being accessed?
What features of SharePoint are being used?
Are we managing the volume of log data?
13. 4. Failure to monitor changes to
security settings
SharePoint security requirements change
over time
Ensure users are continuing to adhere to
security policies
Prevent users from causing havoc
We need to plan how we will stay on top
of changes
14. 5. Failure to empower users and admins
with the right permissions
Find your responsible business content owners
Enable and Equip them to manage access to
their content
Ensure management access is limited to
those with appropriate permissions
Segment your administration responsibilities –
Power Users, business owners
15.
16.
17. Impacts of Office 365
In some ways, it simplifies
Governance
SharePoint and Exchange are
primarily affected
Biggest impact of 365 has is on
sizing limits
Data sprawl must be watched
more carefully in Office 365 to
avoid hitting capacity limits!
Feature Specifications
Storage
(pooled)
10 GB per user
500 MB per entprse user
5 TB per Company
Site collection
storage quotas
100 GB
My Site storage
allocation
500 MB
Site collections
per tenant
300
Mailbox Size 25 gig
From Office365: Is Governance Affected and Where Do We Start? By Stacy L. Deere-Strole
18. Tactical Team Responsibilities
Operations Team
• Help Enforce Governance
Plan
• Manage Routine
Maintenance Tasks:
• Nightly Backups
• Usage Monitoring & Analysis
• Scheduled Task Validation
• Security Release & System
Upgrades
Support Team
• Create Support
System with SLA’s
• Respond to
questions, bugs and
other issue resolution
• Provide typical
SharePoint Admin
roles such as:
• Site Provisioning
• Security
Permissions for
users and groups
Development Team
• New features and
program
management while
adhering to
standards.
• Develop customized
& personalized
solutions for
departments &
division sites.
Whose job will be changing the most?
From Office365: Is Governance Affected and Where Do We Start? By Stacy L. Deere-Strole
19. Tactical Team Responsibilities
Operations Team
• Help Enforce Governance
Plan
• Manage Routine
Maintenance Tasks:
• Nightly Backups
• Usage Monitoring & Analysis
• Scheduled Task Validation
• Security Release & System
Upgrades
• Oracle & DBA Role will be
eliminated
• Active Directory Role could
change (Ping Identity, FBA, etc.)
• No Equipment to Support
Support Team
• Create Support
System with SLA’s
• Respond to
questions, bugs and
other issue resolution
• Provide typical
SharePoint Admin
roles such as:
• Site Provisioning
• Security
Permissions for
users and groups
Development Team
• New features and
program
management while
adhering to
standards.
• Develop customized
& personalized
solutions for
departments &
division sites.
From Office365: Is Governance Affected and Where Do We Start? By Stacy L. Deere-Strole
20. Management Shell
SharePoint Online Management Shell is a Windows PowerShell module that
you can use to efficiently manage SharePoint Online users, sites, site
collections, and organizations
You can find a list of
available cmdlets
here (TechNet)
21. Simple mode Admin experience
When you’re in Simple mode in the SharePoint Online admin center, the left-hand navigation
shows only site collections, user profiles, and settings.
23. Streamlined Admin tasks
Easier to add users, auto assign available licenses, reset passwords,
and manually set passwords (instead of auto generated)
25. Microsoft System Center 2012 R2
Microsoft System Center is an integrated management platform that helps you
manage data center, client devices, and hybrid cloud IT environments. Office 365
admins who use System Center now have the option to import the Office 365
Management Pack, which enables you to view all service communications within
Operations Manager in System Center.
Using this tool gives you access to the status of your subscribed services, active and
resolved service incidents, and your Message Center communications.
System Center supports alerts that are generated when a specific condition, such as a
service incident in a subscribed service, occurs. You can configure these alerts so they
trigger email notifications, keeping you in the loop on the status of your environment.
26.
27. Sidebar: Partner Perspective
Microsoft provides management tools and a dashboard, referred to
as the Partner Admin Center, specifically for partners that maintain
Office 365 environments for their customers.
This tool supersedes an Office 365 admin center that didn't
consolidate all of a partner's customers and was more focused on
selling new or additional services.
The new partner admin center has five main functions:
To provide a Microsoft service-outage notification service to keep
partners a step ahead of customers.
To provide a view into a customer's Office 365 service health status and
details.
To provide a federated view of all of the partner’s customers for which it
has delegated admin privileges.
To enable a partner to create, edit and view service requests on behalf
of customers.
To allow a partner to perform administrative tasks on behalf of customers.
28. Sidebar: Partner Perspective
A client management tab shows all of a partner's customers along with any alerts next to each customer's
name about their service health. Drilling into the service health tab for each customer shows a granular list
of the services a customer uses.
Each service has a green checkmark for the day if all is well, or one of a number of symbols if all isn't well.
Trouble signals include service interruption, service degradation, restoring service, extended recovery,
investigating, service restored or additional information.
29.
30. Office 365 Service
Communications API
The Office 365 Service Communications API enables you to access Office
365 service communications the way you want. This API gives you the ability
to create or connect your tools to Office 365 service communications,
potentially simplifying how you monitor your environment.
The Service Communications API enables you to monitor the following in
your environment:
Real-time service health. New and ongoing service incidents and ongoing
maintenance events that impact you can be queried for status updates.
Message Center communications. Find Message Center communications that are
applicable to your Office 365 environment.
Planned maintenance notification. Advanced notification of planned
maintenance enables you to develop appropriate communications and
operational strategies for your organization.
The Service Communications API also supports admins who manage Office
365 environments on behalf of others, for example, partners.
31. O365 Message Center
Remember to check the Message Center regularly to stay in the
loop and up to date with what is going on in your Office 365
environment.
Notifications on any potential issues with your environment, changes
to your service, and other communications from Microsoft will come
through the Message Center.
32. Proactively check DNS records
To help ensure that
you have the correct
configuration,
Microsoft provides a
solution that enables
Office 365 to
proactively check
your DNS records.
If your DNS records do
not match your
environment, you will
receive a notification
through the Office
365 admin center,
including proposed
actions to resolve
potential DNS records
issues.
33. Boundaries and Limitations
Find the boundaries and limitations based on your Office 365 plan:
Storage per user (contributes to total storage base of tenant)
Additional storage (per GB per month); no minimum purchase
Storage base per tenant
Site collection storage limit
Site collections (#) per tenant
Sub-sites
Personal site storage
Public Website storage default
File upload limit
File attachment size limit
Sync limits
Maximum number of users per tenant
Number of external user invitees
34. Security, compliance, and privacy
With Office 365, Microsoft thinks about security, compliance,
and privacy as having two equally important dimensions:
Service-level capabilities that include technical features,
operational procedures, and policies that are enabled by default
for customers using the service.
Customer controls that include features that enable businesses to
customize the Office 365 environment based on the specific
needs of their organization.
See the Office 365 Trust Center information portal for more
information
35. Searching for Sensitive Data
Data Loss Prevention (DLP) for SharePoint Online and OneDrive for Business is now built
into your existing Enterprise Search. It allows you to search for sensitive content in your
existing eDiscovery Center.
Search on 51 built-in sensitive information types across both SharePoint Online and
OneDrive for Business.
Export the results or download a copy of the query results, or save the query so that
you can conduct in-depth research on the query results. Once saved, you can
inspect the documents, check for false positives, and further hone or expand the
query if needed. Document location is included, as well as the original file structure
from SharePoint, so that all paths are preserved in the downloaded copy.
Use DLP in
SharePoint Online
to identify
sensitive data
stored on sites
(TechNet)
36. Creating information
management policies
Create a policy to use on multiple content types within a site collection.
Create a policy for a site content type.
Create a policy for a list or library. (location-based retention policy)
37. Audit log events
Opened and downloaded documents, viewed items in lists, or viewed item
properties (This event is not available for SharePoint Online sites)
Edited items
Checked out and checked in items
Items that have been moved and copied to other location in the site
collection
Deleted and restored items
Changes to content types and columns
Search queries
Changes to user accounts and permissions
Changed audit settings and deleted audit log events
Workflow events
Custom events
38. Available audit reports
Content modifications. Reports changes to content, such as modifying,
deleting, and checking documents in and out.
Content type and list modifications. Reports additions, edits, and deletions
to content types.
Content viewing. Reports users who have viewed content on a site. In
SharePoint Online, this report will be blank as these events are not captured
during auditing.
Deletion. Reports what content has been deleted.
Run a custom report. You can specify the filters for a custom report, such as
limiting the report to a specific set of events, to items in a particular list, to a
particular date range, or to events performed by particular users.
Expiration and Disposition. Reports all events related to how content is
removed when it expires.
Policy modifications. Reports on events that change the information
management policies on the site collection.
Auditing settings. Reports changes to the auditing settings.
Security settings. Reports changes to security settings, such as user/group
events, and role and rights events.
39. Managing your App catalog
The app catalog is how you
make apps available to your
organization.
It’s a SharePoint library that
contains all of the apps you
have for your org.
The Office clients point to this
library, so if you want to give
your users access to a new
app for Office, just add the
manifest file to the library, and
the app will automatically
show up.
Also true for SharePoint apps.
Just add the app package to
library and it will appear for
everyone.
Since the app catalog is a
SharePoint library you can
easily manage who gets
access to what app, and
quickly make updates when
needed.
40. External collaboration settings
Office 365 provides a single console from which you can manage external collaboration.
By enabling these
settings, you can give
your users the ability to
share access to their
SharePoint sites and
documents and
Exchange calendars,
so they can
collaborate more
easily with people in
external organizations.
By enabling the Lync
collaboration setting,
you can give your users
the ability to
communicate with
people outside of your
organization.
41. Platform Telemetry
What documents are used by the most people?
What documents host apps?
What are the most popular apps?
Are they running properly and not, for example, consuming too
much CPU time?
Are solutions loading from the local disk? SharePoint? As mail
attachments?
How long do add-ins slow
down the loading of Office apps?
How can I manage solutions
centrally?
Deploy Telemetry Dashboard (TechNet)
42. What about OneDrive?
Sync & share documents
Collaborate on document security with individuals inside and
outside the company
Access content and information anywhere and from almost
any device
Control content life cycle and versioning
Manage access permissions
Access with native mobile client apps for windows 8 and IOS.
3rd party company (concept searching)to manage – could
solve compliance and governance issues with OneDrive
From Office365: Is Governance Affected and Where Do We Start? By Stacy L. Deere-Strole
45. Adjusting to Office 365 Updates
No access to Correlation errors or backend.
No ability to troubleshoot. If you receive an error, the logs
don’t provide much help because it can take Microsoft days
or weeks to come back with a correlation ID, if they do at all.
The continual updates to the site can also cause strange
errors. For example, for a couple of weeks you couldn’t save a
template of a site. This was caused by some code changes
the developers had made on the server which obviously
needed to be rolled back or fixed, but requires the entire O365
environment to be hot-fixed.
46. Adjusting to Office 365 Updates
You may have to use different management tools.
Moving to Office 365 means giving up some level of control.
For example, you won't have any control over the patch
management process, software upgrades, and other similar
administrative tasks.
47.
48. Factors in your cloud planning
Location / facilities
Software licenses and support
Hardware and maintenance
Onsite support, personnel skills
Level of customization
Governance, auditing, security, compliance
Disaster Recovery and Business Continuity
Upgrades and migration
#T16CloudESPC
49. Need space and
maintenance
planning
Most likely provided
Licensing costs, but
also upgrades and
ongoing support
Included in vendor-
hosted solutions
Need to purchase,
support and
maintain, and
upgrade as
platform matures
Included in vendor-
hosted solutions
Administrative,
developer, and end
user skills and
training
Still requires
administrative and
possibly dev skills,
end user training
On Premises Cloud Hybrid
Need space and
maintenance
planning
Licensing costs, but
also upgrades and
ongoing support
Need to purchase,
support and
maintain, and
upgrade as
platform matures
Administrative,
developer, and end
user skills and
training
50. Full control
Limited to none in
SaaS, some control
over PaaS, full
control over IaaS
Limited ability to
integrate depending
on SaaS, PaaS, or
IaaS
Many limitations OTB,
but very robust tools
from partners Limited
Very complex
across on prem
and cloud
components, very
manual
Needs to be
planned, limited
features OTB
Defined in SLAs
Some OTB
capabilities, 3rd party
for tighter control and
predictability
Microsoft
recommends 3rd
party tools
On Premises Cloud Hybrid
Very complex
across on prem
and cloud
components, very
manual
Some OTB
capabilities, 3rd party
for tighter control and
predictability
52. Best Practices
Focus on the user experience
Make governance a priority
Look at your systems holistically (a business view),
regardless of where the servers sit
Clarify and document your permissions, information
architecture, templates, content types, taxonomy -- and
ownership of each
First define what policies, procedures, and metrics are
needed to manage your environment, and then look at
what is possible across your various tools and platforms
Demo –
Permissions Report
Highlight how someone gets permissions
Show users with Direct Permissions
Show Cleanup User Permissions
Show Authenticated Users
Orphan User
Revoke Permissions
From pervious slide – show tagging sites to show confidential, etc
Demo
Audit log report
Site or Site Collection features
Talk about archiving the audit log
Demo
CP alerts for permissions changes - Receive alerts when changes are made
CP policies - Prevent users from causing havoc
These factors will help you decided how much your own organization can support, as well as help you determine the suitability of vendors