governing & configuring divisional sites in an enterprise environmentSean Squires Principal IT Program Manager Microsoft

SPC365

Carrie DoringSr. Program ManagerMicrosoft

Objective: Learn about Microsoft IT’s governance & site configuration platform –

the solutions we’ve built to provision, manage, and configure sites in our SharePoint environment

Learn how we apply platform to address key divisional site needs in O365

Key Takeaways Using Apps and CAM techniques to provision, manage, and configure

sites is a powerful and flexible governance approach for SPO There are APIs and CSOM methods to achieve considerable

programmatic configuration of a SharePoint site Site cloning in SPO is one approach to providing awareness and design

consistency for a divisional profile requiring many site collections

Session Objectives & Takeaways

Implementing enterprise governance can sometimes feel like trying to corral an exuberant crowd

…but the benefit of a successful implementation is a coordinated, manageable platform that aids in discovery and use

For divisions this means sites marching to the same tune – with consistent brand and content components

Site Lifecycle & Governance

Governance goals

Improve site managementsite lifecycle; site classification & two-owner policy; notification mechanism for compliance management; centralized view of owned sites

Protect corporate assetsuser awareness; sensitive data signaling & securing; external user signaling; enhanced monitoring & reporting

Empower users to get their work done

Our Governance Platform• Provide centralized governance

framework for site provisioning & enforcement of policy issues

Site Lifecycle & Governance

(aka “AutoSites”)

• Support additional configuration & branding of a site after creation

• Allow divisional site portfolio management

Divisional Site Configuration & Management

(aka “Site Configuration Manager”)

Site Provisioning & Management Components

Site Creation & Classification Central hosting options page to

discover resources and hosting options

Site provisioning form collects additional metadata

Assign data classification for security settings & policy enforcement

Site Management Site owner responsible for site

lifecycle and policy tasks

Additional metadata used for enhanced reporting and search-driven navigation

Protecting Sensitive Content Enforce policies to protect sensitive

data and prevent data leaks

Notifications enhance user awareness of data sensitivity and scope of sharing

Monitoring & Reporting Sites I Own Dashboard displays all

sites owned by the user with compliance status of each site

Enhanced site and user reports for monitoring and auditing

K

Demo

hosting options, custom site provisioning & site management

AS Site Provisioning Form

Creating a new configured site (UX)

Enterprise Hosting Options

Divisional Form

Site Configuration Service

Cost of Design & Configuration

Design once – copy – repeat: automatically apply design and settingsImplement a front-end form to collect add’l metadata for tracking & reporting

Lack of Divisional Oversight

Enable collection of custom metadataProvide service to expose data & utilize it

How do I empower users to create divisional sites that look the same, behave the same, and can all be found & monitored?

Provide a self-service site configuration app

Site Configuration Mgmt. Service Components

Site Template (“canonical”) Create the master site for

“cloning” instructions

Can serve as parent container for multiple definitions

May optionally provide visual brand for design package

Site Configuration Definition Defines which elements need to be

configured after site is created

Used to set default values on list columns and web part properties

Used to identify myriad divisional site configurations

Client Provisioning Form Custom divisional form for

collection of supplemental site metadata

Communicates w/ service management portal and site provisioning service to store additional data and provide configuration definition

Service Management Site Information List captures all

divisional metadata from provisioning event for subsequent monitoring, service reporting, and troubleshooting

List can optionally be used for divisional site navigation

K

Provider-Hosted Apps

Creating & configuring a new divisional site

SharePoint-Hosted Elements

1Site Info List

Site Config List

SCD List

2 3

4

AutoSites Service

SCM ServiceClient Provisioning

Form

5

Anatomy of a site configuration definition

SCD Creator Tool• HTML form on

management portal to host divisional definitions in SharePoint lists

• Referenced by SCM module to apply configurations after a new site has been created

General Definition Details• Definition info• Features• List templates

Site Page Details• Web part & list view

configuration • Setting default

welcome page

Supported on list/library creation and on the web part configuration of parts embedded on site pages Examples: setting a default column value on a content-type defined

list; setting a web part property value for a configured page (group ID for Yammer embed; URL for a page-viewer web part)

Configuration Overrides

Use Case Supported in SCM UI

Supported in AutoSites

Configuration override support for new sites

Yes Yes

Configuration override support for Retry request

Yes Yes

Configuration override support for Retrofit request

No Yes

Demo

autosite management portal & site configuration definitions

Site Configuration Retry Service

Org SCA submit retrofit request

Autosite verify site & authenticate

user

SCM Apply site definition

Updating an Existing Site: Retrofit Service

Similar to Retry – except a new entry is created in the Site Information list

Currently limited to basic “upgrade” scenarios (like applying a design package) to reduce impact

Demo*

Retry & Retrofit

Objective: Learn about Microsoft IT’s governance & site configuration platform –

the solutions we’ve built to provision, manage, and configure sites in our SharePoint environment

Learn how we apply platform to address key divisional site needs in O365

Key Takeaways Using Apps and CAM techniques to provision, manage, and configure

sites is a powerful and flexible governance approach for SPO There are APIs and CSOM methods to achieve considerable

programmatic configuration of a SharePoint site Site cloning in SPO is one approach to providing awareness and design

consistency for a divisional profile requiring many site collections

Session Objectives & Takeaways

SPC403: Site Provisioning Techniques w/ SharePoint Apps

SPC325: Real-world examples of FTC to CAM transformations

https://officeams.codeplex.com/

Related Content & Resources

MySPCSponsored by

connect. reimagine. transform.

Evaluate sessionson MySPC using yourlaptop or mobile device:myspc.sharepointconference.com

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Automated policy check

Notification of required

remediation

Owner views remediation

form

User remediates by deadline

Violation discovered and flagged

Site LockedOwner does not attest by

given deadline

No escalation

Owner escalates / remediates

Recycle/Delete

Notification displayed to site members

Owner does not remediate

by given deadline

Notification displayed to site collection

owners

Governance Lifecycle

Owner reviews

membership

Integration with SharePoint OnlineFeature AutoSites Service SharePoint Online

Site Provisioning Form

• Custom site provisioning form• Collect metadata and store in

Azure SQL database• Welcome/ site creation

confirmation email

• TA configuration points to custom provisioning form

• Site provisioning API• Use App only security principal for tenant

admin permissions• Apply Site configuration settings via CSCOM

Policy checking & notification

• Run weekly job to detect policy compliance issues (Azure worker role)

• Synch Job – synchs info about site collection

• Email notifications via Exchange WS

• Use standard notification bar on site page• Rely on user custom actions to display

notifications.• Leverage user profile service to detect owner

FTE status.

Compliance • Provide form to allow site owner to fix issues

• Custom unlock page

• Call Locking or Delete API in cases of non-compliance

Monitoring & Report • SQL Azure reporting service • Fast Search to aggregate sites or for iterating through sites

Site Owner Best Practices Governance System Only share HBI content on a need-to-

know basis Apply Rights Management to your

library, list or document Don’t add large security groups

outside of your control to your HBI site

Never inherit permissions from a parent site

Review the membership of your HBI sites at least once a quarter and remove people that do not need access

HBI data classification allows sensitive data in the cloud to be identified and monitored

Microsoft Rights Management Service in SharePoint Online

Data loss prevention scanning Run jobs to detect policy compliance

issues Notify owner and require remediation Lock sites if issues not addressed

Protecting Sensitive Content

Site Configuration Service Modules

32

Module Description

Activate Features This module allows specific features to be activated on a site or site collection.  

Create Site ColumnsThis module creates site columns on the target site. The site columns are created using the same field XML as they are defined on the canonical site, which means that the full set of site column capabilities and configuration should be re-created on the target site.

Create Content Types This module creates site content types on the target site.

Create Site ListsThis module supports creating lists and libraries on the target site. This module supports any kind of list or library based on an SPO system template - it is not limited to custom lists.

Add List TemplatesThis module uploads list templates to the target site, making them available for future use through "Add an app".

Create Site PagesThis module recreates the selected site pages on the target site, including the web parts on the site page. The site pages are expected to reside in the Pages library (requires a Publishing Site).

Set Site Welcome Page This module sets the Welcome Page (home page) for the site collection.

Set Design Package

This module uploads a design package to the target site and activates it. This is achieved by first retrieving the design package file from AutoSiteManagement Design Package gallery and then uploading it to the Documents library on the target site. Next, it is installed (which copies it into the target site's Solutions library) and then activated. Finally, the temporary design package file in the Documents library is removed. Note that as a part of the service we provide two design packages w/ fully responsive web page capabilities – one w/ additional master and page layout pages and custom color themes.

Set Search Configuration This module sets two search specific settings on the target site.

Optionally available in definitions