implementing enterprise governance can sometimes feel like trying to corral an exuberant crowd
TRANSCRIPT
governing & configuring divisional sites in an enterprise environmentSean Squires Principal IT Program Manager Microsoft
SPC365
Carrie DoringSr. Program ManagerMicrosoft
Objective: Learn about Microsoft IT’s governance & site configuration platform –
the solutions we’ve built to provision, manage, and configure sites in our SharePoint environment
Learn how we apply platform to address key divisional site needs in O365
Key Takeaways Using Apps and CAM techniques to provision, manage, and configure
sites is a powerful and flexible governance approach for SPO There are APIs and CSOM methods to achieve considerable
programmatic configuration of a SharePoint site Site cloning in SPO is one approach to providing awareness and design
consistency for a divisional profile requiring many site collections
Session Objectives & Takeaways
Implementing enterprise governance can sometimes feel like trying to corral an exuberant crowd
…but the benefit of a successful implementation is a coordinated, manageable platform that aids in discovery and use
For divisions this means sites marching to the same tune – with consistent brand and content components
Site Lifecycle & Governance
Governance goals
Improve site managementsite lifecycle; site classification & two-owner policy; notification mechanism for compliance management; centralized view of owned sites
Protect corporate assetsuser awareness; sensitive data signaling & securing; external user signaling; enhanced monitoring & reporting
Empower users to get their work done
Our Governance Platform• Provide centralized governance
framework for site provisioning & enforcement of policy issues
Site Lifecycle & Governance
(aka “AutoSites”)
• Support additional configuration & branding of a site after creation
• Allow divisional site portfolio management
Divisional Site Configuration & Management
(aka “Site Configuration Manager”)
Site Provisioning & Management Components
Site Creation & Classification Central hosting options page to
discover resources and hosting options
Site provisioning form collects additional metadata
Assign data classification for security settings & policy enforcement
Site Management Site owner responsible for site
lifecycle and policy tasks
Additional metadata used for enhanced reporting and search-driven navigation
Protecting Sensitive Content Enforce policies to protect sensitive
data and prevent data leaks
Notifications enhance user awareness of data sensitivity and scope of sharing
Monitoring & Reporting Sites I Own Dashboard displays all
sites owned by the user with compliance status of each site
Enhanced site and user reports for monitoring and auditing
K
Demo
hosting options, custom site provisioning & site management
AS Site Provisioning Form
Creating a new configured site (UX)
Enterprise Hosting Options
Divisional Form
Site Configuration Service
Cost of Design & Configuration
Design once – copy – repeat: automatically apply design and settingsImplement a front-end form to collect add’l metadata for tracking & reporting
Lack of Divisional Oversight
Enable collection of custom metadataProvide service to expose data & utilize it
How do I empower users to create divisional sites that look the same, behave the same, and can all be found & monitored?
Provide a self-service site configuration app
Site Configuration Mgmt. Service Components
Site Template (“canonical”) Create the master site for
“cloning” instructions
Can serve as parent container for multiple definitions
May optionally provide visual brand for design package
Site Configuration Definition Defines which elements need to be
configured after site is created
Used to set default values on list columns and web part properties
Used to identify myriad divisional site configurations
Client Provisioning Form Custom divisional form for
collection of supplemental site metadata
Communicates w/ service management portal and site provisioning service to store additional data and provide configuration definition
Service Management Site Information List captures all
divisional metadata from provisioning event for subsequent monitoring, service reporting, and troubleshooting
List can optionally be used for divisional site navigation
K
Provider-Hosted Apps
Creating & configuring a new divisional site
SharePoint-Hosted Elements
1Site Info List
Site Config List
SCD List
2 3
4
AutoSites Service
SCM ServiceClient Provisioning
Form
5
Anatomy of a site configuration definition
SCD Creator Tool• HTML form on
management portal to host divisional definitions in SharePoint lists
• Referenced by SCM module to apply configurations after a new site has been created
General Definition Details• Definition info• Features• List templates
Site Page Details• Web part & list view
configuration • Setting default
welcome page
Supported on list/library creation and on the web part configuration of parts embedded on site pages Examples: setting a default column value on a content-type defined
list; setting a web part property value for a configured page (group ID for Yammer embed; URL for a page-viewer web part)
Configuration Overrides
Use Case Supported in SCM UI
Supported in AutoSites
Configuration override support for new sites
Yes Yes
Configuration override support for Retry request
Yes Yes
Configuration override support for Retrofit request
No Yes
Demo
autosite management portal & site configuration definitions
Site Configuration Retry Service
Org SCA submit retrofit request
Autosite verify site & authenticate
user
SCM Apply site definition
Updating an Existing Site: Retrofit Service
Similar to Retry – except a new entry is created in the Site Information list
Currently limited to basic “upgrade” scenarios (like applying a design package) to reduce impact
Demo*
Retry & Retrofit
Objective: Learn about Microsoft IT’s governance & site configuration platform –
the solutions we’ve built to provision, manage, and configure sites in our SharePoint environment
Learn how we apply platform to address key divisional site needs in O365
Key Takeaways Using Apps and CAM techniques to provision, manage, and configure
sites is a powerful and flexible governance approach for SPO There are APIs and CSOM methods to achieve considerable
programmatic configuration of a SharePoint site Site cloning in SPO is one approach to providing awareness and design
consistency for a divisional profile requiring many site collections
Session Objectives & Takeaways
SPC403: Site Provisioning Techniques w/ SharePoint Apps
SPC325: Real-world examples of FTC to CAM transformations
https://officeams.codeplex.com/
Related Content & Resources
MySPCSponsored by
connect. reimagine. transform.
Evaluate sessionson MySPC using yourlaptop or mobile device:myspc.sharepointconference.com
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Automated policy check
Notification of required
remediation
Owner views remediation
form
User remediates by deadline
Violation discovered and flagged
Site LockedOwner does not attest by
given deadline
No escalation
Owner escalates / remediates
Recycle/Delete
Notification displayed to site members
Owner does not remediate
by given deadline
Notification displayed to site collection
owners
Governance Lifecycle
Owner reviews
membership
Integration with SharePoint OnlineFeature AutoSites Service SharePoint Online
Site Provisioning Form
• Custom site provisioning form• Collect metadata and store in
Azure SQL database• Welcome/ site creation
confirmation email
• TA configuration points to custom provisioning form
• Site provisioning API• Use App only security principal for tenant
admin permissions• Apply Site configuration settings via CSCOM
Policy checking & notification
• Run weekly job to detect policy compliance issues (Azure worker role)
• Synch Job – synchs info about site collection
• Email notifications via Exchange WS
• Use standard notification bar on site page• Rely on user custom actions to display
notifications.• Leverage user profile service to detect owner
FTE status.
Compliance • Provide form to allow site owner to fix issues
• Custom unlock page
• Call Locking or Delete API in cases of non-compliance
Monitoring & Report • SQL Azure reporting service • Fast Search to aggregate sites or for iterating through sites
Site Owner Best Practices Governance System Only share HBI content on a need-to-
know basis Apply Rights Management to your
library, list or document Don’t add large security groups
outside of your control to your HBI site
Never inherit permissions from a parent site
Review the membership of your HBI sites at least once a quarter and remove people that do not need access
HBI data classification allows sensitive data in the cloud to be identified and monitored
Microsoft Rights Management Service in SharePoint Online
Data loss prevention scanning Run jobs to detect policy compliance
issues Notify owner and require remediation Lock sites if issues not addressed
Protecting Sensitive Content
Site Configuration Service Modules
32
Module Description
Activate Features This module allows specific features to be activated on a site or site collection.
Create Site ColumnsThis module creates site columns on the target site. The site columns are created using the same field XML as they are defined on the canonical site, which means that the full set of site column capabilities and configuration should be re-created on the target site.
Create Content Types This module creates site content types on the target site.
Create Site ListsThis module supports creating lists and libraries on the target site. This module supports any kind of list or library based on an SPO system template - it is not limited to custom lists.
Add List TemplatesThis module uploads list templates to the target site, making them available for future use through "Add an app".
Create Site PagesThis module recreates the selected site pages on the target site, including the web parts on the site page. The site pages are expected to reside in the Pages library (requires a Publishing Site).
Set Site Welcome Page This module sets the Welcome Page (home page) for the site collection.
Set Design Package
This module uploads a design package to the target site and activates it. This is achieved by first retrieving the design package file from AutoSiteManagement Design Package gallery and then uploading it to the Documents library on the target site. Next, it is installed (which copies it into the target site's Solutions library) and then activated. Finally, the temporary design package file in the Documents library is removed. Note that as a part of the service we provide two design packages w/ fully responsive web page capabilities – one w/ additional master and page layout pages and custom color themes.
Set Search Configuration This module sets two search specific settings on the target site.
Optionally available in definitions