welcome to office 365 document...sharepoint sites, can be linked to ms teams. •a new sharepoint...
TRANSCRIPT
Welcome to Microsoft/Office 365
Key takeouts
Online, ‘anywhere, anytime, any device’ is here and now
Organisations are implementing Office 365 as part of new licencing agreements
SharePoint Online is no longer standalone but a core part of Office 365
You can manage records in SharePoint Online in line with most of ISO 16175 Part 2
You may need to learn more about SharePoint Online in the context of Office 365
What is Microsoft / Office 365?
Software as a Service (SaaS) – Office apps
Platform as a Service (PaaS) – Development environment
Infrastructure as a Service (IaaS) – Microsoft servers
Licensing will determine what software and options you can access.
The (sad) digital reality
Records everywhere
Outlook (multiple ‘personal’ folders)
Office (installed)
Network and home drives (duplication, out of control folders), USBs, and cloud-based DM systems
Personal messaging apps
Personal social media
Maybe an EDRMS
Printed copies
Paper files
Microsoft / Office 365 - Home page
Office 365
One interface for everything
• Outlook Online
• Office apps (Word, Excel, PowerPoint, OneNote)
• SharePoint - replaces network file shares, USBs, and cloud systems
• OneDrive - replaces home drives, USBs and cloud systems
• MS Teams - replaces Skype (and other messaging apps)
• Yammer - replaces other social media
Plus a lot more (Office 365 Groups, Flow, Forms, Stream, Sway) accessible on any device
Microsoft / Office 365 – What goes where
Why Office 365?
For IT:
• Reduced storage costs (data centres or licensing)
• Reduced overhead costs (server support and maintenance)
• Provides true anywhere access
For staff:
• Latest Office features
• Office, mobile or home access
• More features
• More efficient
Records management in Office 365
Some settings (e.g., external access, retention policies) are configured in Office 365 Admin
Records are stored mostly in both Outlook and SharePoint (not in OneDrive)
We need to think differently
You may want to consider a third-party product but keep in mind that:
• Records people often don’t have IT skills
• IT people rarely have RM skills
You don’t know what you don’t know (or may not have enough knowledge).
What you need to know
Microsoft own and manage the platform
IT will configure certain settings, ideally with your input
Records managers should learn about:
• The Office 365 ecosystem
• Office 365 Groups
• SharePoint Online
• Managing records in Office 365 / SharePoint Online / Exchange Online
• The role/s you need to have
• Site collection administration
• Collaboration in Office 365
Starting point
IT has acquired (or now has access to) Office 365
It’s being implemented with or without 3rd parties
You don’t or may not have the access you need
You may have (and/or manage) an EDRMS such as TRIM/CM
SharePoint is probably going to replace your EDRMS – but it’s not an EDRMS
Office 365 Governance and Administration
Office 365 Admin - Home page
Office 365 Admin – User licences
Any of these can be disabled so they don’t appear in the Office 365 menu
Office 365 Admin – Customised administrator
Office 365 Admin - Groups
Office 365 Admin - Office 365 Groups
Office 365 Admin - Services and add-ins
Office 365 Admin – Admin portals
Office 365 Admin – SharePoint Admin
Office 365 Admin – Security and Compliance
Permissions > roles (Records Management)
Classifications > labels (retention and disposal, information security)
Data loss prevention (DLP) (for sensitive information types, e.g., credit cards)
Records management > File plan, Events, Dispositions
Data governance > Dashboard, Import, Archive (mailboxes), Retention
Search > Content search, Audit log search
eDiscovery (Cases)
Office 365 Admin – Security and Compliance – Retention labels
Office 365 Admin – Security and Compliance – Labels/File Plan
Office 365 Admin – Security and Compliance – Labels/Settings
SharePoint - Retention model
Retention for corporate ‘dark’ data (Joanne Klein)
Office 365 Admin – Security and Compliance – Notification
How it works (including metadata retention) and the role of records managers
Office 365 Admin – Security and Compliance – Dispositions
Office 365 Admin – Security and Compliance – Decision
Office 365 Admin – Exchange Online - Labels
Exchange – Retention model
Teams – Retention Model
Office 365 Admin – OneDrive - Retention
Office 365 Admin – Audit Logs
Office 365 Admin – eDiscovery
Summing up
Office 365 Admin includes a range of configuration settings that require input from records managers
Records managers need to understand Office 365 Groups
Records managers should have specific roles which may include SharePoint Administration and the ‘Records Management’ role
Records managers should configure retention policies and have responsibility for disposal actions
Records managers may need to access the audit logs or be involved in eDiscovery cases
Welcome to SharePoint Online
The duality of SharePoint
Team sites (classic vs modern, with O365 Groups) (plus OneDrive)
• These are the functional replacement for network file shares (and home drives)
Communication sites
• These are the functional replacement for intranet and publishing sites
The governance
‘balance’
SharePoint governance -
roles
Who is responsible for what
• Who? Promotion and adoption
• Office 365 Global Administrators (and other roles)
• SharePoint Administrator (O365 Service Account role) – managing SP
• Site Collection Administrator (Records manager/s) –managing site collections > why records managers?
• Site Owners – managing sites
Essential to consider – who can create Office 365 Groups?
SharePoint architecture
All SharePoint Online sites exist under one of two paths under the tenant name (https://tenantname.sharepoint.com/):
• /teams/ >> logical organizational elements (incbusiness function)
• /sites/ >> cross organizational information
Metadata.
Documented naming conventions.
Retention model.
Configuration settings should be documented, any changes should be approved
See - https://docs.microsoft.com/en-au/sharepoint/sharepoint-online
SharePoint - Simple Architecture Model
Information Technology (HUB) Finance (HUB)
Finance AP Finance AR
Legal
Executive
Human Resources (HUB)
Recruitment (GRP) Training
Property
IT Ops (GRP)
Business Function Business Function
Office 365 Groups -
avoiding feral SharePoint
sites
Implement a control process (for example a SP list to request a new site/MS Team or O365 Group)
If the options are not controlled:
• Office 365 Groups created via the ‘Create Group’ in Outlook will create the group with an associated SharePoint sites, can be linked to MS Teams.
• A new SharePoint site created via the ‘Create Site’ option in the user’s SharePoint portal will create an Office 365 Group (that can be linked with MS Teams).
• A new Team created via the ‘Create Team’ in MS Teams creates an Office 365 Group with an associated SharePoint site.
• A new Yammer group creates an Office 365 Group with an associated SharePoint site (and can be linked to MS Teams).
SharePointGovernance
Document
All SharePoint settings, the ‘design decision’ for each based on the reason behind them, and who is responsible, should be documented and this documentation should form part of your governance arrangements.
For example, External Access
• Is it allowed in the O365 Admin setting?
• If it is allowed, who decides if a SPO site should be accessible externally (including access controls)?
• What setting will be changed in SPO?
SharePoint or OneDrive?
SharePoint• Ours• Files others need if you leave• Records management features• Long-term storage, retention and disposal• Group/team-based permissions by default• Protection• Unlimited storage
OneDrive• Yours• Files nobody would need access to when you
leave• Simply a convenience• Short-term storage• Default permissions restricted only to you• No iTunes, family photos• Up to 1TB
Implementing SharePoint as a
recordkeeping system in line with ISO 16175 Part
2
ISO 16175 part 2
Create
• Capture
• Metadata
• Aggregations
• Identifiers
• Classification
Maintain
• Authentic and reliable
• Access and security
• Hybrid records
• Retention and disposition
Disseminate
• Search, retrieve
• Render
Administer
What is a record?
Evidence of business activities, often (but not exclusively) in the form of a document or object, in any form. A record will usually have some form of metadata. (ISO 15489, Archives Act 1983 (Cwlth))
The essential attributes of any record, according to ISO 15489, are its:
• Authenticity
• Reliability
• Integrity
• Usability
An effective recordkeeping system should ensure that these attributes are maintained, in the relevant business context, in order preserve the evidence of business activities for as long as the record must be kept.
Classification:Functions
(5.3)
Functions
• SharePoint sites can broadly map to business functions (which may sometimes be the same as the actual business unit name).
• This provides a way to aggregate ‘like’ content under the function. Multiple sites in the same function may cross-linked, including by using the hub/spoke capability.
• Functions can also be applied via retention policies (as seen in the Security and Compliance Portal)
Create: Aggregations
(5.1.4)
Folder: function or series level
File: activity level
The ‘folder’ level in SharePoint is the Site collection.
The ‘file’ level in SharePoint is a document library.
It is important to have document library naming conventions.
Classification:Activities
(5.3)
Activities
• Document libraries
• These should be named after the activity to which they relate, and ideally include a year –for example ‘XYZ Committee Meetings 2018’, rather than have a single library called ‘Meetings’ then use folders to break up the content.
Function and activity combined:
• https://tenant.sharepoint.com/teams/financeAP/invoices2019
Create: Capture
(5.1.2, 5.1.8)Links
(5.1.4-24/25)
Office-based records (Word, Excel, PowerPoint) can be created directly in SharePoint, or from the relevant application and then saved directly to SharePoint (no need to use NFS).
Create link to other documents.
Both the Save and Save as dialogues show OneDrive and SharePoint first, then the other options.
Drag and drop to sync’d library.
Emails: drag and drop email, attachment, or both to sync’d library, use Flow, or leave in place.
Emails remain unchanged.
Create: Versions(5.1.2-7)
SharePoint document libraries have versioning enabled by default.
Versions are specific to a library or list item.
Any previous version can be viewed or restored, subject to permissions.
To view a previous version, click the date/time.
To restore a version, click the down arrow to the right of the date/time.
Create:Metadata
(5.1.3)
Almost unlimited metadata is possible.
Site columns or local columns.
Managed metadata service.
All document libraries include:
• System generated and unalterable metadata (File Type, Created by, Created (date), Modified by, Modified (date) etc.
• Dublin Core metadata(Title, Subject, etc)
• New metadata (via site columns or local library columns)
Metadata can be mandatory or optional and can also be exported at any time using the ‘Export to Excel’ option on every library menu.
Create:Metadata:
Content types
Kind of similar to TRIM/CM ‘record types’
Site and library content types
When to use them
Linked with document templates
Why to avoid them
Deprecated functionality - retention and disposal connectivity
Records Center – copy to capability loses document integrity
Create:Metadata:List views(5.1.3-14)
All metadata columns can be displayed in the list view.
When a record has been selected, the properties pane displays the metadata properties for each record.
Every Office document (Word, Excel, PowerPoint) retains the library metadata in the document properties, including when it is ‘saved as’ somewhere else.
Metadata properties (such as document ID) can also be displayed in the document body.
Create:Identifiers &
Identification(5.1.3-20, 5.2)
Document ID feature:
• Site acronym (e.g. FinanceAP)
• Library Unique ID (e.g., 1233212)
• Document ID (next in sequence)
Document IDs and any other metadata remain embedded in Office documents (‘metadata payloads’)
Libraries and folders have unique GUID numbers.
• 3ce2112e-d1fc-45c7-ad53-96fff8c10bb1
Create:Bulk Importing
(5.1.5)
Bulk importing can be achieved in multiple ways.
Simplest is via File Explorer, set up columns as required and import or set the metadata.
Can use products like ShareGate.
Maintain: Import, export
of records(5.4.7-125
Records in SharePoint, along with their metadata, can be migrated in multiple ways.
Commonly this would be by using File Explorer but other export tools can be used as well.
Maintain: Controls and
security(5.4.1-5.4.7)
Access to records in any site is restricted by default to the members of three permission groups: Site Owners, Site Members (add/edit), and Site Visitors (read only).
These groups can be modified as required by Site Owners only, and new permission groups can be created. Records can be restricted to an individual person if required.
The ability to delete a record is enabled by default. It can be disabled per site or library.
Data Loss Prevention (DLP) policies can be used to monitor or prevent the unauthorised exfiltration of records.
Information security classifications (e.g., Confidential, Secret) can be applied as labels.
Maintain:Audit trails(5.4.8-131-
133)
Audit logs record all activity undertaken on a SharePoint site.
Site audit logs are retained for 7 days but can be exported.
Audit logs for the entire system are retained for 90 days. These are accessed from the Office 365 Security and Compliance Admin Centre under the ‘Search and Investigation’ section, accessible only to Global Admins and Security Admins.
Maintain: Hybrid:
Managing paper records
(5.5)
Paper records can be managed in SharePoint lists, with as much metadata as required.
Maintain:Retention and
disposal(5.6)
Records retention classes are set in the Office 365 Security and Compliance Admin Centre under the ‘Classifications’ section.
When published, these become available in document libraries and lists in SharePoint as well as in Outlook. Classification policies are more likely to be applied in team site libraries as each library may have different type of content. Question – who applies them?
If applied, content cannot be deleted.
A retention policy may also be applied to the entire site as a Site Policy. This is more likely to be used where the entire site can be subject to a single retention policy, for example, project sites.
Maintain:Legal holds
and eDiscovery(5.6.1-162)
Office 365 includes an eDiscovery option in the Security and Compliance Centre. This option allows records to be placed on hold (not destroyed), pending the outcome of the legal hold.
Once the legal hold is lifted, the records resume whatever retention policy was applied.
Understanding ‘signals’
- The Office Graph
What is it?
Powers Delve and Discovery in OneDrive
Affects search results using AI
Disseminate: Search
(5.7.199-225, 5.7.232))
Users can find anything they have access to (new – Microsoft Search)
Search may be customized to the individual
Search can also find text in images
Disseminate:Render and
Redact(5.7.1, 5.7.3)
SharePoint supports the display of over 300 document types.
SharePoint includes check out/in capability, where required. It also supports co-authoring.
Redaction would require additional add ons)
Administration(5.8)
SharePoint includes a range of administration functions, including for reporting purposes.
Back-up and recovery is provided through the Recycle Bin and versioning options.
As a hosted system, organisations have no ability to restore the system to a previous point after updating.
Final points
End user experiences
Mobile and home PC access
Save as (SharePoint or OneDrive)
Sync to File Explorer
Share (instead of attach), with restrictions
Collaboration, including co-authoring and MS Teams
External access
Change is constant
Office 365 is updated constantly
Re-thinking documents (Fluid)
What is a record?
https://techcrunch.com/2019/05/06/microsoft-wants-to-reinvent-documents-with-its-new-fluid-framework/
https://www.microsoft.com/en-us/microsoft-365/blog/2019/05/06/build-2019-people-centered-experiences-microsoft-365-productivity-cloud/
https://www.microsoft.com/en-us/microsoft-365/roadmap
https://techcommunity.microsoft.com/
Final thoughtsRecords managers and IT need to work together
You need to learn about SharePoint Online as part of Office 365 – it really is not hard
You need to be part of this
Learning and training
resources
https://support.office.com/en-us/article/sharepoint-online-video-training-cb8ef501-84db-4427-ac77-ec2009fb8e23?ui=en-US&rs=en-US&ad=US
https://docs.microsoft.com/en-us/sharepoint/sharepoint-online
https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Office-365-Retention-Disposal-amp-Archiving-Frequently-Asked/ba-p/504158
https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies
https://docs.microsoft.com/en-us/office365/
https://www.microsoft.com/en-us/microsoft-365/blog/2019/05/06/build-2019-people-centered-experiences-microsoft-365-productivity-cloud/
https://office365itpros.com/