Slidedeck used for aOS Singapore 2019 event.
Explaning all what every IT / decision maker should know about docs in O365 : use cases, benefit on using SP as DMS, data location, archiving, compliance and data sovereignty
23. 23
• Include externals in collaborative
processes
• Secured share (anonymous link or
authenticated account)
• Enabled by space (SharePoint or
Teams)
• No additional licence cost
Share with externals
@SP_twit #aOSSg
29. Limitations
• Up to 5 000 documents in the same view
• Up to 5(0) 000 security scopes per document library
• Up to 30 000 000 documents per library
• Max 2000 subsites / site collection
• Storage location (for legal purpose)
• Files max size (15Gb)
• For site collections online … pooled storage (25Tb+)
@SP_twit #aOSSg
36. Storage encryption
• 1 or several blobs (max 64Ko) in several Azure Storage containers
• An encryption key per file (AES 256bits)
• Key stored in encrypted SharePoint database which also contains the
« map » to retreive blobs
• Key to decrypt Azure storage and decrypt
SharePoint database are in Azure
Key Store (or Azure Key Vault if BYOK)
• Compliant with FIPS 140-2
• SharePoint DB in Azure SQL Database, encrypted with Transparent Data
Encryption
• All hard drives encrypted with BitLocker
@SP_twit #aOSSg
38. Norms
• Various norms including
Multi-Tier Cloud Security
(MTCS) Standard for
Singapore
• External audits
• Can get audit
documents
@SP_twit #aOSSg
39. Patriot Act / SCA
• Only for data stored or transiting on US
territory
• Patriot Act -> FBI, CIA, NSA, Army
• SCA -> Justice
• Microsoft challenged DoJ on extra SCA
territoriality SCA (Stored Communication
Act) until USA Supreme Court (cf. Cloud
Act later)
@SP_twit #aOSSg
40. GDPR
• Compliant contract
• Various features to help ensuring
compliance (eDiscovery, RMS, Labels,
DLP, etc.)
@SP_twit #aOSSg
41. Cloud Act
• On US attorney request (ex: corruption, business
with country under US embargo)
• Apply out of US territory
• In case of executive agreement, opposition can
done under 14 days if :
• Non USA citizen
• AND goes against local law
See O365 general conditions
“If compelled to disclose Customer Data or Personal Data to law enforcement, Microsoft will promptly notify
Customer and provide a copy of the demand unless legally prohibited from doing so.”
@SP_twit #aOSSg