Have you ever wanted to tell your users "I am the LAW!" when they ask why they have to tag a file in SharePoint? This session looks at what governance is, why its important, why our data is like laundry, and what tools Microsoft gives us to help you rein in your users and lay down the law!
3. Who am I?
Principal Consultant and O365 Evangelist
Been in IT since 1990, SharePoint since 2003, and Catapult since 2007
4. 4
The act of affecting and monitoring (through policy) the long-term strategy
and direction of an organization. In general, governance comprises:
• Traditions
• Institutions
• Processes
that determine how:
• Change is exercised
• Users are given a voice
• Decisions are made on issues of company-wide concern.
What is Governance?
5. 5
Two Styles of
Governance Organic Growth – Peace, Love, and SharePoint
Pros
Fast to Implement
No barriers to growth
User for anything and
everything
Cons
No control on growth
Poor security,
findability, navigation,
etc.
No service assurances
6. 6
Two Styles of
Governance
Central Regulation –The Iron Gauntlet of SharePoint
Pros
Central regulation of
Navigation,Taxonomy,
security
Everything is done the
“right” way
IT (Owner) is in control
Cons
Slow to Implement
Don’t use new
funcationality until its
fully understood
Shadow IT will flourish
7. 7
• Used to upgrade SharePoint every version or two (every 3-5 years)
• Upgrades involved:
• New Hardware
• New Features
• New Design
• Moving old content to the new farm – R.O.T. Analysis
• Office 365 and SharePoint now upgrade continuously
• No “Burning Platform” for new Hardware, Design, R.O.T. Analysis
Governance Challenges in the
“new” MicrosoftWorld
10. 10
• Sites, Lists, Folders, Documents Sets, etc.
• Taxonomy
• Site Columns
• ContentTypes
• Managed Metadata
• Data Loss Prevention
• Azure Information Protection
• Records Management
• Advanced Data Governance Labels
Lots ofTools that we can use
in SharePoint
11. 11
Data governance challenges
• In the modern world of digital communication, the amount of
electronic data grows exponentially, leading the company to do a
daunting job of deciding what to keep and what not to keep
• Data stored in different repositories (example: One Drive,
SharePoint, Exchange)
• Reducing compliance risk is directly proportional to reducing
amount of data and keeping only the high value data
12. 13
• Metadata tags help us define a document so we can find it later
• Requires 15-20 tags to really classify something
• Site Columns allow us to reuse the same tag across multiple lists
• ContentTypes allow us to reuse the same group of tags across multiple lists
• Managed Metadata allows us to create hierarchical relationships of data
• Can default metadata tags by folder
Taxonomy
14. 15
Data Loss Prevention (DLP)
• Sensitive Data Analysis (pre-defined sensitive types)
• Define Policies for Sensitive Data
• Policy tips for end users
• All activity is audited and reported
• Spans across following components of O365
• Exchange
• SharePoint Online
• One drive
• Admin defined PolicyTips
16. 18
AIP Labels
• Azure Information Protection (AIP) labels are used to apply a sensitivity setting to
documents across Office 365.
• They are defined in the Azure Information service of the Azure portal.
• When applied, it appears as a sensitivity setting in the UI ribbon (in the Office
client) and is stored in clear text as a property in the document backstage in
‘Advanced Properties’.
• The label can be manually set by an end-user, can be recommended to an end-
user based on document/email content or it can be automatically based on
document/email content.
• The sensitivity label, since it is in clear text, can be read by other services to take
appropriate action.
• Any service that can read the sensitivity can take action upon it. (DLP and AIP can
be integrated using Search capabilities)
17. 19
AIP Labels
• Microsoft’s default label recommendations in the Azure Information Protection service
within the Azure portal:
• These labels will appear in the Information Protection Bar at the top of the following
client apps:Word, Excel, PowerPoint, Outlook.
• Note: you must install theAzure Information Protection unified client in order to classify
documents from the client and to see the Information Protection bar.
19. 22
Labels
• Records Management can be enabled via Labels for both emails and documents.
• Labels can be used to classify content as a record. When this happens, the label can’t be changed or removed, and the content can’t be
edited or deleted.
• Making labels available to people in your organization so that they can classify content is a two-step process: first you create the labels,
and then you publish them to the locations you choose. When you publish labels, a label policy gets created.
• If you publish labels to SharePoint or OneDrive, it can take one day for those labels to appear for end users. In addition, if you publish
labels to Exchange, it can take 7 days for those labels to appear for end users, and the mailbox needs to contain at least 10 MB of data.