Follow me on Twitter @AntonioMaio2

Friday, May 8, 2015

Notes from Microsoft Ignite
Driving User Adoption from a Technical Standpoint

Microsoft Ignite is proving to be an exciting conference with new technologies and announcements about how Microsoft is evolving their technology stack to help us collaborate in new and better ways. I'm at the conference attending sessions on security, data protection, migration and other topics and want to share my notes so that they may be a resource to others as well.

Presented: Friday May 8, 2015
- Laura Rogers, Rackspace
- Lori Gowin, Premiere Field Engineer, Microsoft

User Adoption Issues

- Working on files straight from sharepoint - Office Integration - lack of awareness - its hard to use files that are in SharePoint
  • Save straight to SharePoint
  • Open straight from SharePoint
  • User answer: manually add locations
  • Admin answer: promote locations that ae pertinent to users
  • Admin: audiences, AD, group policy (hundreds of settings)

- Authentication
  • I keep getting prompted to authenticate
  • Why doesn't it know my domain
  • User answer: know what IE settings to configure
  • Admin answer: push IE settings via group policy, integrated windows authentication, default domain

- The App Store
  • Why can't we have the App Store?
  • What App do I need?
  • Help users to understand what is there, not get overwhelmed

- Organizing the clutter
  • How can we easily archive or move files somewhere else, or
  • We need to just drop files in SharePoint and not have to think about where exactly, or
  • How can we manage the lifecycle of data, or
  • There is too much stuff to sort through

- Finding Files
  • I can't find that attachment?
  • Where is that document?

- Mobility
  • Why is it so hard to configure my phone to work with this?
  • I want to work with this when I am offline
  • I only want to carry 1 device, for both personal and work
  • I want to get stuff done when travelling
  • It changes all the time
  • New services added - Delve, Video Portals
  • Look and feel - new tool bards, app launcher, changing master pages by version

Admin Fundamentals - Tools for Admins

  • Active Directory
    • Synchronize with SharePoint
      • Single version of the truth
      • Keeping it updated helps tremendously
    • Create audiences
      • Global - can be used anywhere in your farm
      • Defined dynamic groups of people based on attributes
      • Target content and web parts to audiences
    • Use for Directory
      • Just use SharePoint search to search for people by name
      • Display in web parts
      • Have the manager property configured correctly so that you can use the organizational chart

    - Group policy
    • Use or computer policies
    • Push registry changes - 100s of settings available
      • IE Settings
      • MS Office settings
      • Hundreds of office program settings
      • Even common SharePoint locations
    • Ensure features and applications available for users
    • Link in the presentation to download the Office 2013 group policy templates - these are only for professional; different versions of Office have different registry settings/group policies
    • Important to ensure group policy is set consistently across all users - Every user needs the same version of the truth!

    - SharePoint Central Admin and Office 365 Admin Center
    • Create promoted sites/links
    • Customize the search experience
    • Manage your app store
    • Manage your service applications
    • Manage DLP

    Solutions - What can you the Admin DO?

    - Push links to commonly used libraries and sites - Group Policy - Search customization - Create send to locations - Extras install/configure - Push links to commonly used libraries and sites
    • Add published links to office application
      • Ease of saving/opening files
      • Target to an audience
    • Add personal site URL in Active Directory
      • Attributes is called WWWhomepage by default…
    • Create promoted sites
      • Different types of sites and links to choose from
      • Associate an image
      • Target to an audience
    • Create Custom Template Locations
      • Use them for Office programs
    • Templates targeted to me
      • Use document library with template synchronizations - a document library with content types in it
      • Each set of templates can have a target audience
      • Do you set the document library using Group Policy?

    - Group Policy
    • Office applications - Share
    • Create a library with its own workflows
      • In SP 2013 libraries do not have basic workflows enabled or selected by default
    • All office users can run these common workflows
      • There file gets moved to that library
      • They are notified and can start the workflow
    • Name your SharePoint
    • Save straight to your published links

    DEMO: Promoted Links

    - End user: login to Office 365, Sites, click on Mange the promoted sites below
    • The manage link shows up only for admins
    • When managing from here you don't get a link to set the target audience
    • The tiles which show up at top are the promoted sites

    - Administrator: In Office 365: login as administrator, go to Admin, then User Profiles, Promoted Sites
    • Fill out settings: URL, title, description, image URL, owner, target audience
    • Visibility controlled through audiences
    • On premise, you have control over when audiences get compiled
    • In SharePoint Online, you do not have control over when audiences are compiled - they are only compiled once a week

    - Templates are also configured through a link to a page in User Profiles configuration page
    • This controls the templates available within the office applications, as well as sites with open and save as
    • Can also target by audience
    • Doing this, can associate a template with a content type

    More Solutions

    • QUESTION: if you start a document from a template with a content type, and then save the document to a different library which does not have that content type, is the metadata lost?
    • ANSWER: metadata will not be lost- it will still be saved witihn the document but not available within the library

    - Send To Locations
    • Create archive locations or file drop locations
      • Use across site collections
      • Defile action - Copy, move, move and leave link
      • Allow or disallow manual submission by users
    • Create content organizer rules
      • Defined at each drop site
    • QUESTION: will Send To locations work for OneDrive for Business
      • Could not configure these differently for different end users

    - Data Archiving and Clean up
    • Create compliance policies
      • Retention policies
      • Deletion policies - can configure for an entire site collection; can you use it more specifically?
    • Clutter
      • Turn on or off using OWA
      • Train Clutter
      • Relies on the Office Graph
      • Available for Exchange on prem (only Exchange 2013)
      • End users can turn this on or off - can only turn on from OWA

    - Push Internet Explorer Settings
    • Add sites to IE local intranet policy or trusted sites
      • Single sign on
    • Custom Level
      • Automatic logon with current username and password
    • Group Policy
      • Set per IE version
      • Add trusted sites, home page default, security settings
      • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List
      • When you push out sites through GPO there is a max length, so use wild cards where possible
      • Will set in IE settings: Preferences\Internet Settings
    • Configure OWA Authentication
      • Integrated Windows Authentication for internal/domain users
      • Configure a default domain for FBA Users

    - Manage the App Store
    • Apps provide solutions beyond the out of the box
    • Deploy strategically
    • Too many, confuses users
    • Deploy by path, URL, Template
    • Monitor and control them - especially if end users go out to the store themselves

    DEMO: Manage the App Store

    - Office 365 Admin > SharePoint Admin page > Apps
    • Can configure access to the store
    • Recommended minimum: allow end users to only request a purchase; don't allow end users to purchase themselves - that way Admins have a control over which apps are deployed, why, can help avoid duplicate apps - there are a lot of duplicates out there
    • Can deploy to specific site collection or multiples - can deploy by managed paths

    More Solutions

  • Configure Search
    • Query rules
    • Search analytics
      • Number of queries
      • Top queries
      • Abandoned queries
      • No result queries
      • Query rule usage
      • People Directory
      • Popular request
      • Keep ad accurate
      • Setup sync from other HR systems

    - New and Changing Services
    • Delve
      • Office graph settings
      • User Option
    • Video Portal
      • Educate, prepare
    • Look and feel
      • Watch for announced changes
      • Limit customization that could break


    • Office 365 Roadmap
    • Office blogs
    • Yammer Office 365 Network

    You can watch the entire presentation here:

    Thursday, May 7, 2015

    Notes from Microsoft Ignite
    Microsoft OneDrive for Business: Most Secure for your Data in the Cloud

    Microsoft Ignite is proving to be an exciting conference with new technologies and announcements about how Microsoft is evolving their technology stack to help us collaborate in new and better ways. I'm at the conference attending sessions on security, data protection, migration and other topics and want to share my notes so that they may be a resource to others as well.

    Presented: Thursday May 7, 2015
    Presenters: Liam Cleary, Protiviti; Denis Minium, Microsoft

    - Who poses the threat?
    • Initially typically worry about the hackers, external people - people trying to steal our content
    • Moving to the cloud our infrastructure is under control of someone else - you need to
    • There s is a gap between your content in the cloud and the edge - this is a good thing that helps protect your content against hackers
    • But what about the Microsoft operator

    - Do you trust the Microsoft operator that works in the data center and could be looking at your email, pictures, etc.

    Microsoft Cloud Security

    • Physical - perimeter security, background checks, biometric auth
    • Network - network ACLs, encryption in transit, auditing and monitoring (most important strategy)
    • Access - 2-factor auth, just in time access, manager approval
    • Application - SDL process, claims based auth, fine grained permissions
      • Finely control who gets in and what they can access, including the Microsoft operator
    • Data - bit locker, per file encryption, rights management
      • Microsoft employee access
    • Personnel - background checks, screening
    • Account Management - automatic account deletion, unique accounts, zero access privileges
    • Training, Policies and Awareness
      • Just in time access - zero access privilege & role based access
    • Reason - Requests require valid reasons
    • Eligible - Access eligibility checklist
      • Employment verified?
      • Background check?
      • Finger printed?
      • Security training?
      • Manager approval?
      • Role - Role Check - identified as someone that has access to these resources
      • Activity Logged
      • Customer Approved - see Customer Lockbox Announcement

    Assumed Breach Methodology
    • Know thy adversary - annual data breach + threat reports; thorough knowledge of assets and business model
    • Ask: is your content valuable to you?
    • Continuous Validation
    • Penetration testing by Office 365 red team
    • Red team activity validates intrusion detection investments

    "What is my adversary likely to do, and what evidence will that leave behind?"
    • External intruders will attempt to break our full time red team looks to exploit vulnerabilities before they can
    • Also use all insider knowledge to test inner defenses
    • Microsoft RED TEAM - Half team on inside and half on outside

    Each file is uniquely encrypted
    • Each file has separate key
    • Larger files are split into chunks - each chunk gets its own key
    • When files change, the deltas get their own key
    • Monitored highly secure key store
    • Encrypted chunks are randomly dispersed across different azure storage accounts
    • Keys are then encrypted themselves and stored in content DB
    • Content DB only contains a map of dispersed chunks and encrypted keys
    • Keys in the key store are rotated - not permanent keys
    • Most secure store is the key store - even if you get to the key store all you have is a key
    • Bit locker used on all disks in the system

    - We don't trust the end users
    - We don't trust the administrators

    - IRM in SharePoint Online
    • Admin - simple to provision and configure using Microsoft Azure Rights Management - no on premises RMS server required
    • Protection managed at individual library level protecting Office and Adobe PDF file formats
    • End users
      • Documents are protected at the time fo download from a library and rights given to appropriate user accounts per the library settings
      • User can edit the document in supported office clients and protection is removed at time of upload

    - Data Loss Protection Policies
    • Can selectively choose how DLP poliices are applied - select between SharePoint Online or OneDrive for Business or both
    • Customize and create rules - ex. rule called 'sensitive data' and in the rule can specify what is sensitive data
    • Actions when policy triggered - Send notifications, display policy tip, override options, report and send email incidents
    • Can customize message displayed to the user
    • Use reports and auditing

    - Retention policies
    • New document deletion policies
    • Can have multiple deletion policies based on type of content
    • Site owners choose policy
    • Enforce mandatory policies - helps to minimize the risk; avoids the question of should I do this or not
    • Extends to OneDrive for Business
      • Conditional Access - Can prevent sync'ing to non-domain devices
      • Powershell:
      • Get-SPOTenantSyncClientRestriction
      • Set-SPOTenantSyncClientRestriction -domainGUIDS "GUID" -enable
    • Match occurs by GUID - if machine GUID matches then sync allowed
    • If try, get error back when trying to sync a folder that simply says 'Could not sync library'
    • Can enforce policies on all site collections

    - Mobile Device Management - Built into O365
    • User centric approach
    • Conditional access - this feature can prevent non-domain joined machines from sync'ing data
    • Device management
    • Selective wipe and reporting
    • Application management
    • Powered by Microsoft Intune


    • Customer Lockbox - client is in control of whether Microsoft has access to data or not
      • On roadmap for Q1 2016
    • Customer Held Keys - customer provides the key which is used to encrypt Microsoft's keys
      • If customer leaves, then Microsoft has no access to any remaining data
      • On roadmap for later in 2016
    • More detialed audit logs - audit read activity, more in depth operator activity
      • Customer Preview in Q3 2015
    • Conditional access for Browser - prevent browser access unless accessing from a managed and compliant machine
      • No timeline yet

    You can watch the entire presentation here:


    Notes from Microsoft Ignite
    The Microsoft IT Portals Journey: On-Premises to Office 365

    Microsoft Ignite is proving to be an exciting conference with new technologies and announcements about how Microsoft is evolving their technology stack to help us collaborate in new and better ways. I'm at the conference attending sessions on security, data protection, migration and other topics and want to share my notes so that they may be a resource to others as well.

    Presented: Thursday May 7, 2015
    - David Johnson - Principal Program Manager, Microsoft IT
    - Alfredo Mogollan, Principal Solution Manager, Microsoft IT
    - Kimmo Forss, Sr. Program Manager, Microsoft Services

    - Microsoft has 330 TB on their SharePoint Online Tenant
    • 1300 Content DBs
    • 100 front end machines
    • This was the migration of SharePoint product team portals to SharePoint Online

    • Strategies to adopt and move to O365
    • Learn what changes made as part of the move
    • What worked for Microsoft internally and what didn't

    - Migrating to the cloud is first re-envisioning your business and how your users work
    • Needed to rethink Microsoft's experience in the Cloud

    • IT as a service - role of IT shifts to customer service and max value, rapid solution development
    • Anytime Anywhere Access - access all enterprise data from any device; empower users to get work done
    • Technical Agility - can add capacity and flexibility to scale up quickly; simplified solution isolation and deployment
    • Rapid Feature Deployment - patching completed automatically; provides the latest and best features all of the time
    • Dog food - provide feedback to our product group; partner for continuous improvement

    - Before migration Microsoft had MySites on Prem - approx. 8TB
    - Now has >150 TB for OneDrive for Business

    Our Journey...

    Microsoft is ring 0 - they get new Office 365 bits first!

    After rethinking the experience in the Cloud… dipped their toe in the water a bit
    • Get ready
    • Create service foundation
    • Derive cloud adoption
    • Utility sites migration to cloud
    • Custom workflow migration

    Journey is continuing - next gen portals are coming in 2016; how do we take advantage of that; Requires thought and planning

    Considerations and Goals
    • What is tied to other on premise systems - empower users to get work done
    • Where do we have customizations - protecting corporate internal assets
    • What will internal security even let me move - ???
    • How do we apply enterprise policies - ???
    • How do we live with hybrid SharePoint - ???
    • How does the support model change - ???

    What Do We Put Where and Why
    • On premise
      • Content in region for regulated reasons (ex. Nokia acquisition meant some content needed to stay in Europe)
      • Legacy BI - takes some time to rethink the BI experience here
      • Partner sharing - where we master accounts - how do we enable extranet accounts for external partners
      • Complex customizations - pre-rethink
    • Office 365
      • Personal sharing; OneDrive for Business
      • Group and org collaboration; team sites and groups
      • Portal and new cloud apps
      • Partner guest sharing = where we share with external account

    Drive On Premise Cost Reduction

    How do you move?
    • Start fresh
      • Abandon current on premises
      • Ideal for archiving/closed sites
      • New self service utility sites - reduced from approx. 59k to 26k in 1 year
    • As Is Migration (lift and shift)
      • Move site content as is
      • Ideal approach for basic sites, but lose option to take advantage of new features
      • Active self service utility sites
    • Partial Move
      • Move selected content (hybrid or revised)
      • Option to rework site as needed
      • Leverage 3rd party tools (Microsoft IT uses Metavis)

    Portals in Cloud - Rethink your intranet
    • Think about how do users find information - what is the best way for them to find knowledge/information?
    • How are content publishers publishing content? How is the content syndicated into regional sites?
    • How do you make it easy for employees to work and collaborate? Social Component.
    • Move from organizational silos (disconnected teams) to putting the user at the center of their world
      • When they started thinking about the migration of their portals, they considered how do we make it easier for users to access their information?
    • MSW - corporate communication; hub for other internal portals; point of entry for enterprise search
    • Curated content by corporate communications

    Guiding Principals
    • Be out of the box as much as possible - minimize customizations
    • Render well across devices - remove fixed with desktop target
    • Reusable responsive design package - minimize impact of Microsoft IT custom design on SP compatibility; minimize fix it cost for MSFT
    • Standard content schemas - MSW news using enterprise content type: approved news item
    • Separate content from UI - rich application deliver targeted experiences; focus on content, not site design

    Responsive Design
    • 1 page multiple experiences
      • Reflow page to optimize UI
      • Simpler to manage than building for unique device channels
      • Not as optimal as per device experiences/native apps
    • Challenges come with various devices
    • Based on community frameworks
    • Work goes beyond framework/package

    Office 365 Performance Considerations
    • Caching differences between on premise and cloud
      • Don’t bet on server site caching for dynamic pages
      • On premises MSW had 4 CFE, > 100
    • Content by Query part was expensive, replacement options
      • Content by Search - best option but may not be viable if freshness is not acceptable
      • JSLink view customization of List view web part
      • Client side asynchronous list based lookups using the CSOM

    Considering Navigation
    • Retain O365 app launcher
    • Be careful with migrating navigation - MSW using the structural navigation added 3+ seconds to each page load
    • MSW NOW uses: managed metadata navigation - ideal for complex sites but not security trimmed
    • structural navigation
      • Better for simple sites where security trimming is required
      • Do not use this on SharePoint online unless you have a simple site structure
    • Search drive navigation
      • Good choice for complex sites where security trimming is required
      • Custom, not used by Microsoft IT

    Refactoring full trust solutions
    • Identified 15 custom solutions
      • Option 1: RETIRE- Performed analysis on custom solutions to determine options - simplified where viable
      • Retire, refactor, replace with OOB or from catalog
    • Option 2: REPLACE w/ OUT OF BOX: Identified equivalent out of box options in O365
    • Option 3: REBUILD
    • Moved from full trust to SharePoint provider hosted solutions
      • Glossary - term lookup solution from metadata store
      • Slide show - picture galleries
    • Azure provider hosted
      • Campus maps: mash up of Bing maps & LOB geo-reference data
      • Page mailer - deliver page to email (newsletters from portal)

    Microsoft Services - Migration Process

    • Assess
      • Inventory content, owners, size (had 37K site collections, including engagement sites)
      • Schedule
      • Plan
      • Goal: Reduce Uncertainty
    • Remediate
      • Change full trust solutions - Microsoft Services did not move any customizations into cloud
      • Refactored information architecture
        • 37K site collections were reduced to 120 site collections
        • Changed content types
        • In base document types there are no mandatory metadata columns - removed these
        • If you move information up to be shared, then they force metadata to be selected
      • Take opportunity to rethink custom solutions
      • Like when moving houses - you take the opportunity to clean up
    • Migrate
      • Moving data
      • Automated migration: 1 person worked for Jul-2013 to Feb-2014 (9 months) - did not include planning work
      • Ideally you would have 2 or 3 people
      • Worked to automate this process as much as possible

    Post Migration Fix Up
    • Inventory and Scheduling
      • Leveraging SQL - Stored migration schedule details in SQL - could query:
        • Ex. Which sites are scheduled to be migrated on July 4th?
        • Ex. Who are the site owners for sites migrating on Jan 20th?
    • Scheduling principles
      • Max 20 GB / day
      • Max 250 site collections per day
    • Portal
      • Scheduling changes
      • Error reporting - all stored in SQL: check logs every morning for which sites failed
        • Expect failure rate of 1 to 2%
        • If site fails - investigate, determine remediation options and schedule for next day
    • Exclusions
      • IT's migration process
    • Make sure you know what you have
      • Workflows
        • Consider how many workflows you have
        • How many are currently in flight
        • How long have the workflows been in flight - some may have simply been started a long time ago and can simply be stopped and the state doesn't matter; in others the state will matter
      • Term sets
        • Consider term GUIDs - if referencing them and re-create term set on SPO, GUIDs will be out of sync
        • May need custom tool for preserving term set GUIDs
      • Master Pages
        • Avoid customizing master pages - when service is updated the master page definitions are also updated so customizations can break

    Migration Process
    • 2 weeks before migration send emails to site owners (sites are scheduled to migrate on Day X, with link to portal)
    • Export the sites and put sites in read-only mode
    • Change information architecture
    • Import content - all errors written to SQL
    • Notify users that migration is complete

    Tool Set
    • Microsoft Services created PowerShell cmdlets
    • Custom scripts for remediation
    • Tool selection criteria
      • Feature set - does it do what you want it to do; not only content lifting but rearranging of architecture
      • Server footprint/load - not relevant for cloud but what type of load will it put on the environment; no longer throttling through new migration pipeline
      • Licensing costs - are you paying for the tool, the content per GB or per user
      • Automation capabilities - if you have 37K site collections you don't want to do 37K clicks
      • Support - how efficient is support organization
    • MSIT - Used Metavis
      • Prepared content inventory
      • Generated a pre-migration analysis report to assess the custom solutions
      • Prepared mappings to migrate security groups and permissions/users
      • Map old layouts into new responsive layouts
      • Content type mapping
      • Mapped fields and data to new content types as part of migration/post migration activities
      • Migrate content and pages from SP2010 to SPO
    • Custom scripts for post migration activities
      • Mapping old web parts with new ones, validating permissions and groups
      • Any custom part had to be replaced
      • Plan for manual migration - inevitably there will be some components to migrate manually

    Session Takeaways
    • Start with easy workflows first
    • Drive O365 adoption for new to reduce dependency on migration later
    • Understand technical trade offs and potential differences; portals can live on O365
    • Re-envision to take advantage of cloud first, mobile first experiences
      • Many business processes were designed several years ago - often need to rethink those processes for business today
      • Have opportunity to reimagine the employee experience - ex. accessing information from mobile devices, from touch devices, how can things be more task based
    • Assess before commitment to reduce uncertainty
      • Understand environment, custom solutions, site types, and what people are actually using
    • Don't assume that your businesses know SharePoint
    • Have to have the right team
      • People that understand the source environment
      • People that understand the destination environment
    • Have realistic timelines

    Other Details
    • SSRS reports are still on premise
    • User Profiles are still on premise

    Look For:
    • Microsoft Services may put PS cmdlets used on GitHub
    • Metadata preservation examples available on GitHub
    • User Profile preservation examples available on GitHub

    You can watch the entire presentation here:


    Wednesday, May 6, 2015

    Notes from Microsoft Ignite
    What's New for IT Professionals in SharePoint Server 2016

    Microsoft Ignite is proving to be an exciting conference with new technologies and announcements about how Microsoft is evolving their technology stack to help us collaborate in new and better ways. I'm at the conference attending sessions on security, data protection, migration and other topics and want to share my notes so that they may be a resource to others as well.

    Presented: Wednesday May 6, 2015
    Presenters: Bill Baer

    Management Perspective

    • Converged Code Base - took a point in time snapshot of SharePoint Online build and made that their SharePoint 2016 offering
    • Requires Windows Server 2012 R2 or Windows Server 10 at minimum
    • Requires Windows SQL Server 2014 minimum
    • SharePoint will continue to be supported App Fabric, regardless of end of support by other teams
    • Installation change - standalone installs no longer support built in database engine; must install database separately
    • Upgrade from SharePoint 2010 requires double hop: upgrade to SP 2013 and then upgrade to SP 2016 - no direct upgrade from SP2010 to SP2016
    • Going forward, SharePoint 2013 is the genesis block for all future versions
    • Effective parity from a schema perspective
    • Service app architecture is not changing from SharePoint 2013
      • Many of same services are available
    • Service that did not exist in SPO (ex. performance point services) were back-ported to SP 2016
    • Any site collections in SP 2013 that are running in SP 2010 mode, must first be upgraded to SP 2013 mode
    • Migration processes
      • Can do a database attach upgrade
      • Can do data migration as usual
    • SP 2016 normalizes authentication on OAuth and SAML with WSFed - SAML authentication is a first class citizen
      • Only 1 authentication provider exists now - authentication is now cloud ready
      • Has BI implications because in past rest of stack did not support CBA
    • What about Windows identity over SAML claims - still supported
      • Older identity models are supported
      • Moving forward they are moving away from domain authentication
    • SMTP connection encryption supported - not relegated to only port 25
      • There is no fall back if encryption fails or is not available
      • Configurable through central admin

    Performance and Reliability

    - Roles in SP 2013 were defined primarily by documentation (all binaries laid down and deployed; defined the role by enabling services and creating service applications)
    • Distributed Cache and Request Management
    • Web Servers
    • Batch Processing - crawl, machine translation, excel services, etc...
    • Specialized - Excel calculation, performance point, project, search, foundation web application

    - In SP 2016 have 3 distinct roles to isolate requests to a single machine as opposed to have 1 request traverse a topology
    • User Services (any request initiated by an end user is processed by that user services role - sync client, OneNote, user profile, page rendering, excel services, sandbox code, project, subscription settings
    • Robot Services (any request not initiated by an end user) - provisioning, timer jobs, search
    • Caching Services - distributed cache

    DEMO: Min Role Provisioning by Product Configuration Wizard

    - Remember Single Server Farm does not support SQL Server Express or MSDE - you must install your own full version of SQL server (standard, enterprise, developer or data center editions)

    - In SP 2016 Product Config Wizard select from:
    • Web Front End
    • Application
    • Specialized Load - use this to go old school, as specified in SharePoint 2013
    • Distributed Cache

    - If you want a server to serve more than 1 role you must specify Specialized Role

    - Can use PS Config through PowerShell or command line
    • Specify IsLocalServer Role parameter when using PowerShell or automating the install
    • Use same PSConfig or PowerShell commands as in SP 2013

    - SharePoint Health Analyzer will validate each role
    • built to scan each server in the farm daily
    • Scans all roles except special load - special load does not participate in any of the rules built for min role topology
    • Compares service instances on server to expected configuration

    - Goal: make SharePoint easier to operate and be able to scale SharePoint
    • With Min Role Topology can scale environment on a unit basis

    - Look and feel of central admin remains mostly the same

    - Servers in Farm
    • New columns - In Compliance
    • code that checks which services are running on a server role compared to what is expected
    • Provided a FIX button that will resolve any out of compliance issues if desired

    - Patching
    • Minimizing the size/footprint of a patch
    • Reducing MSIs and MSPs down to 2, plus 1 per language patch (was previously 37 MSIs and MSPs plus 18 per language patch)
    • Patches will execute faster and be smaller, and will deploy with zero downtime
      • In place, online, installation - can do now without stopping/starting services
    • Designed to help Microsoft maintain a 3-9s SLA
    • Entropy - the number of different ways a customer has configured the system (some services turned on and others off)
      • Microsoft tests a patch against all the different services, but they cannot test against every possible combination of services (on and off)
      • By reducing the number of patches they reduce entropy
    • Atrophy - the wasting away of systems
      • Now we don't have patches that are wasting away as part of the installation itself

    - Distributed Cache - can move up to supporting 4x9s
    • Introduced feature to resolve NTLM authentication issue with authentication to the distributed cache cluster
    • This previously caused much of the downtime in a system
    • Under high load the system would be unresponsive due to the number of authentications against AD

    - Boundaries and Limits
    • Content DBs - sizing into TBs
    • Site collections - 100K site collections per content DB
    • List threshold - increased well above > 5000
    • Max file size increases to 10 GB and removed character restrictions
    • Indexed items - 2x increase in search scale to 500 million items

    - Files Performance
    • Moving away from file sync over soap over http
    • Using new BITS protocol - accommodating large file size

    - Fast Site Creation
    • New logic
    • Improves site collection creation performance - copies site collections using SPSite.Copy and Content DB level
    • Traditionally site creation is a heavy operation
    • Implements master copies of site collections - will be a template within the database
      • So going forward, a site collection creation operation will simply be an SPSite copy command into the database and don’t need to do any site feature activation
    • Mitigates feature activation overhead

    - Traffic Management (in progress now)
    • Platform resiliency - improves reliability to allow 4x9s availability
    • New end point running on web servers
    • New end point on front ends - establishes affinity between web servers and load balancers
    • Isolates requests and provides intelligent routing based on variables (health, services, etc.)
    • Provable health remotely verifies health, can initialize remediation and provide services for conditional access scenarios

    - User Profile Service - no longer building in FIM
    • Improved bidirectional sync
    • Removed built in FIM service
    • Supports external FIM service
    • Unidirectional sync provided through native AD sync

    - Project Server
    • Consolidating database into content DB

    - Durable links
    • Resource ID based on URLs - URL remains intact with rename and move - enables discrete URL on visibility
    • Moving and renaming files does not break links

    - Operations/Real Time Telemetry
    • Advanced data analysis and reporting
    • Real user monitoring
      • Services
      • Actions
      • Usage
      • Engagement
      • Diagnostics
    • Examples of how Microsoft does it - give us an indication of what to expect
      • Storage utilization - provides growth trends and help plan for future storage
      • Storage by site template - which site templates are resonating with users
      • Ex. personal sites might be used more than team sites - can help me from an adoption perspective - look at these as adoption metrics
      • Perhaps you want to retire some features if they are not being utilized

    - Open document format - ODF
    • Allows creating new files in DOC library and saving as ODFs

    - Compliance
    • Classification IDs - a discrete representation of a piece of IP
      • Ex. have a Credit Card classification ID - in addition to matching a regular expression they are also looking for corroborating information like expiration ID
      • Will have 51 expiration IDs
    • Compliance across cloud and on premise
    • Identify, monitor and protect sensitive data through deep content analysis
    • Discover and preserve with eDiscovery
    • Investigate and prove with auditing
    • Unified compliance center in Office 365
    • Hybrid investments allows you to leverage the compliance center and online features for on-premise content in hybrid scenarios
      • Services like item level encryption/RMS, compliance center...

    DEMO: Delve supports both online and on premise content with the unified index in hybrid scenarios

    - Extranet
    • Site publishing
    • Publish internal sites to internet
    • Leverages O365 identity federation services

    - Team Sites - hybrid team sites

    - Hybrid deployment automation - Scenario Picker
    • Enables scenario selection - search, one drive for business
    • Automated configuration and prerequisites and core infrastructure
    • UI based configuration


    SharePoint 2016 is a comprehensive solution for connected information work that preserves structure processes, compliance, IT investment optimized for the way people work through an easily managed and integrated platform.

    You can watch the entire presentation here:


    Tuesday, May 5, 2015

    Notes from Microsoft Ignite
    Meet Office 365 Compliance Center: Your One Stop Shop for Everything Compliance

    Microsoft Ignite is proving to be an exciting conference with new technologies and announcements about how Microsoft is evolving their technology stack to help us collaborate in new and better ways. I'm at the conference attending sessions on security, data protection, migration and other topics and want to share my notes so that they may be a resource to others as well.

    Presented: Tuesday May 5, 2015
    Presenters: Kamal Janardhan, Group Program Manager Microsoft

    Compliance and Governance

    • Organizations are under attack - there is money and value globally to your information
    • Changes is the only constant
    • You are required to prove compliance - the leaders of business are responsible and accountable
    • You want insights and alerting

    You own your data; we/Microsoft are the guardians of it!
    • Pervasive to protect
    • Transparent to enable and extend
    • People centric for productivity
    • Years ago the best way to be compliant was to have no users - this has its obvious downsides

    "He who sacrifices productivity for compliance deserves neither."

    What you may be doing today…
    • SharePoint/OneDrive
    • Exchange
    • Lync/Skype for Business
    • Compliance and Governance Solutions
    • Social, IM (FB, Facebook, etc.)
    • Third Party Archives

    Office 365 Compliance Center - Piece Of Mind

    NOW AVAILABLE:Fastest way to ingest data into the Office 365 Service - Ship a drive with content (ex. PST files) to Microsoft to connect up to your service.

    Compliance Center provides a single definition of policy that applies to all Office 365 workloads and applications.

    Microsoft wants to build a partner ecosystem around compliance where partners can incorporate more data and solutions for Office 365 compliance.
    • Ex. pharmaceutical records management, medical records management, health care compliance requirements

    Compliance Center - where does it fit into this story?
    • One experience across all workflows (EXO, SPO, Skype for Business, etc.)
    • When I define a policy that says I don't want content that's sensitive to be shared outside the organization I want that policy applied consistently across all workloads and applications.
    • Consistent Governance (preservation, delete, device, protection, DLP)
    • Insights and Alerts for security and compliance

    On Premise
    • Cloud Connect
      • On premises can still have compliance features in the cloud
      • Cloud based compliance center, auditing, analyze with Equivio, DLP and more
    • Pure On Premises - have a set of features that enable that

    • Easy to ingest
      • Partner preview coming up: ability to ingest data from 3rd parties (Facebook, twitter, IM, Yahoo, Bloomberg) and rehydration from archives
      • Coming soon: Drives from documents
    • All storage you need
      • Store and access - preserve what you need, delete what you don't
    • Announcements:
      • Office 365 archives will grow indefinitely
      • Public folders preservation
      • Document deletion in SharePoint - set a policy on a SharePoint site based on some criteria that will let you delete or preserve information within the site automatically (outside of Information Management Policies in content types)
      • Coming soon: Compliance for modern groups and Yammer

    DEMO: Drive Shipping Feature

    • Click on Import tab and start the Archiving Import Wizard

    eDiscovery is Microsoft's term for Compliance Search
    • Search and refine with compliance search; one search for all data types; search based on metadata and index
    • Need to have search in the context of where data is created

    Microsoft acquired Equivio in Jan 2015 (Equivio Zoom)
    • Will show Equivio running on Azure
    • Can sign up for customer preview to use it

    Granular Search Permissions
    • Restrict who can search
    • Restrict by data range when they can search

    DEMO: Compliance Search

    • Enter name of search
    • Can select to search mailboxes or sites
    • Enter keywords to search
    • Can search Facebook posts or Twitter feeds
    • Narrowed down search results and then previewed each item

    Equivio Zoom
    • Can generate a set of themes
    • Can analyze overlap in themes

    Office 365 Data Loss Prevention
    • Announced today: policy tips in SharePoint and OneDrive for business in preview
    • This is the concept of defining policies once and having them apply to all workloads, all apps, all devices

    DEMO: DLP, Policy Management and Device Protection

    • When creating a DLP policy you can today select SharePoint Online and OneDrive for business - in future will be able to select Exchange and other services
    • Created a low count and a high count rule for UK PII policy - triggers rule based on number of national insurance numbers
    • Many actions to select if policy is triggered:
      • Send notification
      • Email notification content
      • Policy tip
      • Override options
      • Have policy reports go to the infosec team
    • Can have policies on, off or on in TEST mode


    • Creating a new device security policy
      • can specify the base requirements that a device must meet to connect to Office 365
      • Can then control various aspects of the device
      • Can select an Azure AD group that you wish to apply the policy to

    DEMO: Auditing

    • New audit pipeline to capture all O365 activity
    • Correlation and search across content that is person and content centric
    • Search, stream and export using new O365 Management Activity API
    • Office 365 activity report will replace the AD report and Exchange reports already there
    • Filter by date, filter by action, filter by user(s), filter by file or folder
    • This report is about investigating an issue
    • Can export output of activity report
    • Supervisory review
    • Drive shipping for documents and other data types (+partners)
    • Ingestion for social, IM, financials, etc. (+Partners)
    • Analyze with O365 search + Equivio
    • Compliance center experiences
    • Audit reporting experiences
    • Alerting and anomaly detection (+Partners)
    • Device protection for Windows 10, Lync, OneNote, Outlook, etc.
    You can watch the entire presentation here: Enjoy.

    Notes from Microsoft Ignite
    A File's Future with OneDrive for Business

    Microsoft Ignite is proving to be an exciting conference with new technologies and announcements about how Microsoft is evolving their technology stack to help us collaborate in new and better ways. I'm at the conference attending sessions on security, data protection, migration and other topics and want to share my notes so that they may be a resource to others as well.

    Presented: Tuesday May 5, 2015
    Presenters: Reuben Krippner, Director Product Management , Microsoft


    • Editing with Office and Office Online
    • Version Control
    • Yammer
    • Modern Attachments in OWA
    • Delve

    Mobile Options
    • iOW, Android and Windows apps for phones and tablets
    • Upload
    • Edit
    • Search
    • Recover
    • Share

    Security, Control and Compliance
    • Auditing and reporting
    • Data loss Prevention and eDiscovery
    • Mobile Device Management
    • Information Rights management
    • Sync Controls
    • Data Retention Policies
    • Encryption at Rest
    • Compliance

    DEMO: Activity Report

    • Can define a data range to search all activities
    • Can filter on action (ex. how many files have been shared during the timeframe)
    • Context about the action is displayed to the right of the list of content: IDs, who it was shared with, date/time, etc.
      • Service is capturing this data and this is the first effort to exposing that
      • Great tool for investigation and understanding
      • Not a tool yet for measuring the adoption of OneDrive for business
    • Can export activity report
    • Will be providing an API to connect with it

    DEMO: DLP Policies

    • Have 50 pre-defined data types
    • All DLP policies previously discussed/reviewed in the Compliance Center applied to OneDrive for Business as well
    • DLP Policy Tips are also functioning with OneDrive

    Our Vision for OneDrive

    Creating "Next-Gen" OneDrive Experiences
      Seamless across work and personal Simple experiences across devices Enterprise grade IT


      • Rolling out in November
      • Auditing and reporting preview
      • Disable sync of unmanaged PCs - New IT administrator capability to block sync with OneDrive for Business from non-Domain Joined PCs
      • DLP phase 2 preview
      • Unified OneDrive API

      - Q2 2015
      • Migration API for files
      • O365 Management Activity API for Auditing
      • Storage quota control
      • Will enhance PDF support in OneDrive for Business
      • With one click or touch, will be to save a file to OneDrive for Business
      • Will provide mechanism to easily include attachments
      • Can expire content
      • Will provide easy way to revoke sharing of a file

      - Q3-2015
      • Allow/deny list for external sharing domains
      • Archive external sharing emails - additional record of when external share activities happened
      • Intune support for personal/business accounts
      • preview of next gen sync client (Windows and Mac)

      - Q4-2015
      • DLP Phase 3
      • Disable external sharing for specific users
      • Remove 20K file limit - ships with next gen sync client
      • Large file support (10 GB) - ships with next gen sync client
      • next gen sync client (Windows and Mac) GA - will only sync folders to OneDrive for Business
      • Windows 10 universal app (include read-only offline files

      - Planned (no timeline)
      • Unlimited storage
      • DLP support for mobile apps
      • Cross tenant sharing control
      • OneDrive for Business usage reporting (active users, total drive consumption, etc.)
      • Offline mobile editing
      • Offline mobile folders
      • Annotation support for PDFs
      • Modern attachments for outlook
      • Expiration of external shares

      DEMO: Next Gen Sync Client

      - Have selective sync for folders to sync to OneDrive for Business

      Closing Thoughts
      • We're All In!
      • OneDrive for Business is a massive strategic investment!
      • Constant innovation coming to users and IT
      • WILL FIX SYNC!
      • Visit OneDrive blogs:

      QUESTION: How do you distinguish when to use SharePoint and when to use OneDrive for Business?

      - Document Libraries are for more formal collaboration scenarios where additional requirements are needed
      - OneDrive is more about individual ownership - DLP capabilities may be able to warn people/give guidance when certain types of content should be stored on OneDrive and when it should be stored in SharePoint
      - SUGGESTION: some sort of integration between OneDrive for Business and SharePoint (a publish or share perhaps)

      You can watch the entire presentation here:


      Notes from Microsoft Ignite
      Migration to SharePoint Online Best Practices and New API Investments

      Microsoft Ignite is proving to be an exciting conference with new technologies and announcements about how Microsoft is evolving their technology stack to help us collaborate in new and better ways. I'm at the conference attending sessions on security, data protection, migration and other topics and want to share my notes so that they may be a resource to others as well.

      Presented: Tuesday May 5, 2015
      Presenters: Michael Jordan, Joe Newell, Simon Bourdages

      Service Management Targets

      - concepts to consider when migrating to SharePoint Online
      • ECM sources: SharePoint, File Shares, Public Folders, Google, CMIS, Lotus Notes
      • Delivery services: productivity applications, business apps, app lifecycle management, data lifecycle management, hosting platform
      • Remediation: model and patterns, drivers, consolidation, rationalization
      • Disposition: retire, retain, replace, re-host, rewrite
      • Target platform & hosting services: SharePoint, Hybrid, Office 365, Windows Azure

      - In planning a migration we must analyze the usage of your collaboration corpus
      • Discovery (crawl, discard date, reporting)
      • Assessment (inventory, complexity, scale, rationalization)
      • Look at the inventory as a funnel

      - Consider not migrating
      • Content not used, empty
      • Nearly empty content, or low usage
      • Decommissioned or discovered

      - Consider migrating
      • Velocity sites
      • High impact sites (white glove treatment for these sites)
      • Exceptions - Ultra large sites

      - Migrating the Collaboration Triangle - Migration Process
      • Plan
      • Prepare
      • Implementation
      • Migrate
      • Adopt

      - Migration API - Who is it for:
      • IT admin and developers who are moving
      • On prem and file shares to SharePoint Online and OneDrive for Business

      - Resources dedicated to ISBV and IT admins
      - Limited calls to end user entry points, meaning API won't be impacted the CSOM throttling
      - Better equipped to scale to the demand

      - What about speed?
      • Type of content impacts rate of ingestion
      • Using backend resources
      • Lots of small scenario specific tweaking that can help get the best out of the API
      • Prelim data suggests 5X the speed of CSOM before throttling (conservative early estimate)

      - Process Flow
      • Package is created
      • Package is uploaded to azure blob storage
      • 1 CSOM call is made to start the migration process (references a GUID that is specific to your migration process
      • Azure Queue gets real time updates
      • Once complete the logs in the package gets updated

      - Creating the package
      • Generating appropriate XML to go with your files
      • Document IDs are preserved, permissions are preserved
      • XML Resembles the PRIME package
      • 8 XML in a package + content

      - Upload package to Azure Blog Store
      • 1 blog container for content and 1 for manifest
      • Microsoft will never except a client request to modify content - will only read the content for migration but will never modify
      • Microsoft needs writes to modify the manifest with updates

      - One CSOM call to start the migration
      • All parameters except queue are required
      • Azure queue parameter is optional

      - Queue and Logs
      • Can use the same Azure queue for multiple packages
      • Will get an update for :job started, per elements update, job completed
      • Log is stored in each manifest container

      Announcement: New Migration API to SharePoint is Now Available Worldwide
      • New-SPOMigrationPackage
      • ConvertTo-SPOMigrationTargetedPackage
      • Set-SPOMigraitonPackageAzureSource
      • Submit-SPOMigrationJob

      Best Practices Supporting New API

      - API addresses the need to ingest migration content at speed/scale
      - Migration planning is always required - Sample migration process presented

      - Planning Process:
      • Assessment - inventory, classification, rationalization, migration pathways
      • Pre-migration remediation - IA implications, customization/FTC refactoring or cleanup, large list cleanup, managed metadata
      • Migration - security/identity, URL transforms (if needed), Information Architecture: Field/Metadata/template transforms
      • Post-migration remediation - reapply branding, reapply customizations, correct data connections, deploy replacement CAM applications

      - Migration Process:
      • Extraction - content export from source
      • Transport - file/content movement to target
      • Ingestion - content import into target

      - Other Considerations
      • Migration fidelity
      • Tools: ISV + PowerShell
      • Success Criteria
      • Can map users within the CSV file that is part of the package created as part of the process
      • Checked out status for files is not supported
      • info path is not supported
      • can run PowerShell against file shares and SharePoint
      • API will always overwrite existing content even if dates of target are later than source
      • Speed example: 300 GB of content (docs and picture) took approx. 30 sec to convert and prepare package
      • web parts not supported, even out of box web parts
      • version history is supported, but can create bottlenecks
      • in open preview now - can download preview now:
      • managed metadata is not supported
      • recommended choosing same data center for Azure and SharePoint on line and will likely get better thru put
      • Azure storage costs will be very low due to speed (time of API) unless doing very large migrations

      You can watch the entire presentation here:


      Notes from Microsoft Ignite
      Enterprise Grade Data Protection in Office 365 Today and Beyond

      Microsoft Ignite is proving to be an exciting conference with new technologies and announcements about how Microsoft is evolving their technology stack to help us collaborate in new and better ways. I'm at the conference attending sessions on security, data protection, migration and other topics and want to share my notes so that they may be a resource to others as well.

      Presented: Tuesday May 5, 2015
      • Rudra Mitra, Office 365 Information Protection Team, Microsoft
      • Levon Esibov, Office 365 Group Program Manager of Information Protection
      • Kamal Janardhan, Office 365 Group Program Manager of Information Protection
      • Asfa Kashi, Office 365 Group Program Manager of Information Protection

      The New Era of Information Protection is Here!

      - The team started with the question: "How can I protect my data?"
      - Showing/Demoing a lot of early progress, early code here
      - Microsoft is considering both inadvertent/accidental data leakage and adversarial/malicious hacking

      • Built in security
      • Privacy by design
      • Continuous compliance

      - These are table stakes for any cloud service!
      - Need to consider: how do I build more trust for where my data is going

      Information Protection solutions result typically in providing Operational Controls to IT Professionals!

      Information Protection Considerations

      1. People's work expectations
      • Data which used to be within our organizational boundaries - now we need ot think about where is my data going
      • Information explosion- next decade man kinds data will increase 44 times; number of IT pros will only grow by 1.4 times
      • 87% of senior managers admin to regularly uploading work files to personal email or cloud accounts
      • 58% have accidentally sent info to the wrong person
      • Devices are outnumbering people: 20B by 2020
      • Think of your data flowing through a network

      2. Threat Landscape
      • How is this data valuable to others?
      • 3525 known security breaches between Apr 2005 and Dec 2012 (only those disclosed) - probably 10x more
      • 600 M breached records in US
      • (average) cost of 1 breached record $194

      3. Industry regulations and standards
      • How do I need to comply with the regulations that are important for my business
      • 90% us corp currently engaged in litigation
      • 147 average number of active lawsuits for companies larger than $1B
      • $1M average per case cost of eDiscovery
      • Change is constant - how do I stay ahead of all these concepts?

      - Microsoft Promise: everywhere your data exists, moves, and is shared, we will protect it
      - Protecting data from a compliance point of view and security point of view, no matter where it lives and where it flows

      Office 365 Unique Approach

      - Pervasive - Built in compliance and security foundation with unified experiences across services and applications
      • Built into O365 and with unified policy management
      • Available across services and applications in different platforms
      • Policy tied to data, travels with data - Author policies once!
      • Have policies flow with the data, across applications
      • Don't have to think of policy separately for SharePoint, Exchange, Office documents, etc.

      - Transparent 0 Proactive Visibility into data and activities with your data
      • IT can quickly and accurately discover data required for compliance
      • Organizations have visibility into user and operation events impacting data
      • Organizations can import and correlate operational events across multiple services themselves or with the help of partners

      - People-centric - people are part of the solution and involved in maintaining security and compliance
      • Ensure that worker productivity is not compromised at the cost of compliance and security - enable productivity while providing security
      • Corporate data will be accessed and available on personal devices
      • Train users is important and providing them with build in protection - train them in context

      - Who are our users?
      • Business decision/IT decision maker
      • Compliance Officer
      • IT Administrators - How do I meet the security need for the data? How do I better serve my users?
      • Information Workers/Small Businesses

      DEMO: (IT Administrator) Office 365 Compliance Center

      - Archiving Mailboxes - very simple to archive mailbox of a user with single click
      • Don't need to import data or ensure data is sync'ed
      • Already existing feature - what's new?!
      • Moving forward: Exchange will automatically scale mailboxes when start to approach limit/threshold

      - Preservation Policy - need to ensure a specific user's information/communications are preserved even if he tries to delete them
      • Can configure preservation of SharePoint and OneDrive for business site as well
      • Can specify keywords and start/end dates as part of policies
      • Once configured, policy will be applied across multiple workloads (exchange, SharePoint, Skype for Business, OneDrive for Business)
      • Can manage retention tags, policies

      - Advanced Threat Protection
      • If enabled, suspected attachments or malware from email will be detonated in a safe sandbox
      • Can enable monitor, block or replace mode
      • Sharing suspected malware with clients - Can configure an admin's mailbox that will receive a sample of the email or attachment that was considered malicious; which was detonated in the sandbox

      - Safe links - evaluates reputation of URLs as emails pass thru their system
      • If suspected unsafe link, will replace URL in an email once it arrives in O365 so that when clicked by end users will take them to O365 site describing unsafe URL
      • Admin can specify exceptions (ex. don't replace URLs with
      • Admin can configure if user should be warned or blocked
      • Can track and trace all URLs, all sites clicked on by end users

      - URL Trace Site
      • Can discover, who in a given period of time, clicked on a particular link - and can search by link
      • Can see a comprehensive list of all URLs clicked by end users
      • If users fall victim to a phishing attack, can discover which other internal users may have also fallen victim by the same attack!

      • Compliance Center
      • Automatic Archive Scaling
      • Advanced Thread Protection - General Availability in June 2015

      DEMO: (Compliance Officer) Office 365 Compliance Center

      - How do I get my existing data into Office 365 and into the Compliance Boundary (PST files, mail archives, Facebook or twitter feeds, etc.)

      - Announcement: Enabling drive shipping for email content into O365
      • Ship data on a physical drive to Microsoft, in order to get existing data into the Compliance Boundary
      • Data is encrypted with a key that client defines/owns as part of drive preparation
      • Create a mapping file; Get FedEx routing number - all within Compliance Center

      - Compliance Search capability
      • Across Exchange, SharePoint, OneDrive and Skype for Business, and extending search into the shipped physical data drive
      • Ex. Was anything with a specific keyword shared out of the organization?
      • In search results, can scroll through messages, documents, get previews and see search keywords highlighted
      • Allows large amounts of data to be analyzed

      - Partner: Equiveo Zoom E-Discovery Solution
      • Can search not only for individual results, but also for themes (ex. contract negotiations, agreements
      • Can see overlap between themes
      • Can then narrow down by year once have an already narrowed down scope
      • Can narrow down content quickly without having to review every piece of content

      - Announcement; Office 365 Activity Report
      • New pipeline - any action taken within any workload is now stored within a new Compliance Store
      • Data is exposed through the activity report experience (searches every single action taken by SharePoint, Exchange, OneDrive)

      - How do you answer the questions:
      • What did this user do within 365?
      • What did this document have done to it within O365?
      • Allow data to be accessbile to partners and clients

      - Announcement: Office 365 Activity API
      • With single API end point will be able to export, search, stream all activity data within O365
      • Can use Microsoft's experience or partner experiences or your own
      • Partner: BetterCloud - console showing actions done within O365 to content; provides an admin dashboard; who are admins that have global permissions
      • See all actions taken within last hour or less
      • Can see activity or lifecycle of a piece of content

      Partner: Loric
      • Console which shows you anomalies in your system (ex. 100 failed logons, users/document violating policy, document/user sharing content and correlation of anomalies
      • Shows threats or slight deviations from normal behaviors
      • Can graph anomalies across time (failed logons over time) and correlate with other activities like logon from geographic locations, and content being shared outside or mail going outside the organization

      - Client always owns their data - Microsoft is just the custodian of that data.

      • Drive Shipping for O365
      • O365 eDiscovery
      • Auditing for AAD
      • Auditing API

      Demo: (IT Admins) Office 365 Compliance Center

      - Office 365 DLP policies (in limited preview today)
      • Many built in policies
      • Sensitive types built in - don't have to be an expert in compliance standards
      • Can tune policies to the organization if needed
      • PCI-DSS policies - looking at 1 rule - notification and policy tips
      • Can configure a notification to be sent when a policy is violated (can notify site owner, IT admins, compliance officer) and display a policy tip
      • Can enable policy override to make impromptu policy decisions in specific cases
      • As you attach documents to emails, attachments are automatically scanned before sending email and policy tip will be automatically displayed (same as Exchange 2013)
      • System will block sensitive attachments to be sent - policy tips now appearing in SharePoint and OneDrive
      • Blocked email notification has link to take you to SharePoint to the document - policy tip displayed in SharePoint when following the link
      • Policy Action will lock down the document in OneDrive for Business or SharePoint
      • OWA also displays Policy warnings and enforces policy actions (lock down)
      • Client Office Apps (Word, Excel, PowerPoint) also display policy workings and enforce policy actions (lockdown)
      • DLP policies enforced across all O365 workloads
      • Personal devices (iPad, IOS devices, Windows devices)
      • Can keep personal and corporate data separate
      • Can remotely wipe corporate data when leaving organization and leave personal data intact
      • Safe Links - When clicking links, DLP policies are enforced - users taken to Microsoft site protecting them from the malicious link

      You can watch the entire presentation here: