blog.frederique.harmsze.nl my world of work and user experiences

September 30, 2019

Some tips for respecting the privacy regulations in project sites

Filed under: Governance,SharePoint — Tags: , — frederique @ 22:36

Recently, I have been talking about GDPR in the context of SharePoint project sites for a construction company building houses. What practical design choices should we make for the new SharePoint template we are developing, combined with instructions to our users? Let us take a look at five of them.

In a previous post we talked about the Office 365 security and compliance GDPR dashboard, that can help us detect and manage sensitive information after it has been stored in our Office 365 tenant. But it is better to think beforehand and aim for privacy by design. We should only store and process personal data if we have a clear purpose for it. And only for the people who do need these data, for as long as they need it.

1.Don’t use personal data if you can keep it abstract

In their building projects, the houses are bought by real people, who have real personal data. In the project site, information has to be shared about the construction of the individual houses: which kitchen options should be included, what work remains to be done for that house, et cetera. However, there is no need to refer to these houses by the names of the buyers.

So we don’t list a house as the one bought by Mr and Mrs Smith, but at the house with building number 32. And we explain to all users that we avoid using personal data unless it is absolutely necessary to get the job done and we can justify sharing these personal data.

2.Put documents with personal data in a clearly marked, separate, secured library

We do have some cases where some project team members do need to see personal data in order to do their jobs, like commercial team members who need to talk to the house owners and renovation architects who need to see photos of the original rooms the may display personal belongings.

So we have a separate document library for the house owner documents, which is clearly marked as such. That library is listed in the site menu under the heading ‘Sensitive’. And only the project team members who need to use these data have permission to enter the library. We explain to our users where they have to store and find these documents, and that if they don’t see the library, they do not have permission to open it.

3.Only share the personal details that are needed, nothing else

We have a secured list of the contact details of the owners of the houses that are being built, so that project members who need to get in touch with these people know how to reach them. In the past, that list also included fields to share information about the spouses, children, hobbies, et cetera. Somebody got inspired by customer relationship management and got carried away… That information is quite irrelevant for the construction job.

So we trimmed down the list in our site template, to contain only the fields relevant for the job. This way, our users understand that they should not include other personal data.

4.Only allow individuals to access personal data. Not AD-groups

In parts of their project sites, all employees in the business unit or even all employees in the company can see the information. For example, the basic project information is visible to all, for transparency in the organization. For these “high visibility” lists and libraries, access is managed by way of AD-groups that include everyone in that unit. However, you cannot easily see who is part of that “everyone group”.

So in lists and libraries that contain personal data, we do not allow security by way of AD groups. We tell the site owners that they have to add individual users to the SharePoint permission groups, to explicitly and purposefully give those people access.

5.Delete personal data no longer needed after the project

After the building project is finished, some personal data may be needed by the aftercare people. But we should not keep personal data just in case somebody may be interested in them someday…

So we remove the permissions on the personal data for the users who are no longer involved in the finished. And we delete the personal data that do not have to be kept for a clear purpose. For example, we need to keep the data of the companies involved as subcontractors, but we do not need the phone numbers of the individual people. So we keep a companies list for the project relations, but not the people contacts lists.

 

All in all, we are baking some privacy measures into our SharePoint template for construction projects. We are giving the site owners and end users specific instructions. And we are creating awareness, that we need to be careful with personal data.

August 31, 2019

Careful with Modern SharePoint on old browsers and Windows

Filed under: Digital Workplace,SharePoint — Tags: — frederique @ 23:14

At the client where I am working at the moment, most users have Windows 7 and the standard browser still is Internet Explorer 11. We are starting with the Modern experience of SharePoint Online, And that is not a good combination.

The Modern experience of SharePoint is quite powerful. For example, our users are clamouring for the functionality to download multiple files in one go. In the Modern interface, the Download button does work like that; in the Classic experience it does not. But Modern SharePoint does not work smoothly in Windows 7 in any browser and works badly with Internet Explorer 11 (IE11).

So what can we do from IT?

Keep up to date

Of course the key thing is to provide users with a modern version of Windows, in this case replacing the antiquated Windows 7 with Windows 10. We all need to upgrade anyway, because Micosoft announced Windows 7 support will end on January 14, 2020.

This obviously is not easy in a large company with many legacy applications. But we can no longer get away with leaving a fossil Windows version on everyone’s computers…

Allow a browser that does work

Internet Explorer 11 is terrible with Modern SharePoint, as well as many modern websites You cannot get Edge on Windows 7. So you have to allow users to use another browser, like Chrome or Firefox.

Even if you insist that the official standard browser is the old school Internet Explorer 11, make sure you have a consistent story for the alternative: which browser should they use, in which situations. Especially if the company has doubts about the security of a browser like Chrome. Ok, then tell us what we should use.

Plan the roll-out of Modern SharePoint carefully

Don’t push the Modern experience of SharePoint while the users are still on Windows 7 and Internet Explorer if you don’t have to. If they are already using SharePoint in the classic mode, keep it until Windows 10 and a modern browser has been rolled out.

For example, we are currently updating a project site template for one of our units. Our key users were very clear on it: we keep it classic. They have many innocent users, who won’t be able to handle the bad experience with the Modern version on the old computers. We will transition to Modern some time next year, when everyone has Windows 10 and a reasonable browser…

What can the end-users do?

Switch to a different browser when IE11 does not work

As long as you don’t need support from somebody who adheres to the official story of Internet Explorer as the standard browser, switch another browser (like Chrome of Firefox) for some tasks. In particular, editing site pages in a Communication site.

Switch to the classic view when the modern does not work

In document libraries and lists, you can switch back to the classic view if the modern gets stuck. The views tend to be “sticky” when you expand a group for example. This trick is useful for people who have worked with the classic SharePoint and who don’t mind experimenting with views. I know I use it from time to time..

Link to return to classic SharePoint from a modern library

Link to return to classic SharePoint from a modern library

Enter metadata via ’i’ > ‘Edit all’

In classic SharePoint, conscientious user uploading a document filled in their metadata in a dialog box presented automatically as step 2 of the upload. In modern SharePoint, the user no longer gets prompted to fill in the metadata in such a dialog screen. Even if some fields are required, the uploaded document just lands in the library, The fields that are required are marked with an orange ‘Required info’ label though.

You then need to select the document and click on the I-icon to set the metadata. In the pane that opens on the right hand side of the screen, you can enter the metadata directly. However, the fields in these panes are “sticky”. Sometimes, the value you enter does not get saved… If you want to enter several fields, it works more robustly if you click ‘Edit all’.

To enter metadata, select a document and click the i in the top right corner. To make sure the metadata are properly saved, click Edit all.

To enter metadata, select a document and click the i in the top right corner. To make sure the metadata are properly saved, click Edit all.

 

July 31, 2019

Microsoft Teams first steps and lessons learned in real life

Filed under: Office365 — Tags: — frederique @ 23:56

We have not rolled out Microsoft Teams yet, but we have started some pilots. In these first steps, we have learned a few lessons about how the tool lands in the organization in real life. Let us take a look at five of them.

1.Word of mouth from the early adopters works

Some of our users are quite savvy. They had found out about Teams, wanted to try it out and were very enthusiastic about it. And they talked about it to others. The result was that those others also started clamouring for Teams.

So: start with a small group of eager early adopters. Make sure they know it is a pilot, if you haven’t set up the configuration and the support system properly yet.

2.Innocent users don’t want yet another communication channel to check

When I introduce Teams to users who were not already interested in the new tool, the first reaction is usually something along the lines of: “I already have my phone messages and Outlook and Skype and SharePoint and Yammer. Are you telling me I have to keep an eye on yet another tool to stay up-to-date?”

So: explain that they can get a notification when something relevant happens in Teams. And teach everyone to @-mention the person who should answer the question or give them feedback. Keep reminding the users of this; ask the Team Owners to do so as well . And explain that Teams will replace Skype for Business.

3.The terminology confuses people

We have Microsoft Teams with a capital T for teams with a small t. And people when ask for a ‘team site’ for their team, we need to check if they are talking about a SharePoint team site or a Teams environment. Messy…

So: make sure you are talking about the same thing. And don’t call regular SharePoint sites ‘team sites’…

4.Links to files are often broken in conversations

You can start a conversation about a file stored in your Team. This will display the conversation directly in the context of that document. But I have seen quite a few cases where the link to the file was broken from the conversation. At this moment, there is no way to preserve the link if the file is renamed or moved the to another folder

So: explain how this works and that you need to post an updated link.

Conversation in the context of a document

Conversation in the context of a document

5.The wiki in Teams is not practical for taking meeting notes

In one of our Teams, we tried to handle our meeting notes in the wiki that is a standard part of the Team. And we also started to write business scenarios in that wiki. It drove me crazy immediately, because I wanted to move around content in the first draft and it did not work the way I wanted… The wiki is quite rigid: the structure is fixed and you can’t just drag & drop sentences.

So: Use the wiki to “publish” info (About his team, finished use cases…). Do not use the wiki for taking notes or brainstorming.

The wiki in Teams

The wiki in Teams

June 30, 2019

Hovering along the cliff top – Sea birds taking advantage of the wind

Filed under: Adoption,Nature — Tags: , — frederique @ 22:22

I can watch them for hours, the seabirds going about their business at their nesting sites. Though most of them are awkward on land and clumsy at landing, some are acrobats in the air and expert divers in the sea. It is great to see how they take advantage of the local features that nature offers them.

I have just been on holiday in Orkney, an archipelago in the north of Scotland. Not many people live there, but of hundreds of thousands of sea birds do. They nest on the cliffs, on the beaches and in the grassland on the coast. Orkney has some great habitats for them.

The cliff ledges are particularly attractive to some species. The guillemots lay their eggs directly on the rocky ledge and right next to their neighbours, so you see rows and rows of guillemot backs. The gannets nest on the same ledges, but they build a real nest first, making sure that they are not so close that they can peck each other while sitting on the nest. Puffins prefer old rabbit holes and crevasses near the cliff tops. Fulmars find nooks and crannies.

Guillemots standing on the ledges, interspersed with nesting gannets.

Guillemots standing on the ledges, interspersed with nesting gannets.

Usually, they seem busy foraging and yelling at trespassers – usually other birds. But the ground nesters, like the artic terns, also warned us not to get too close.

At Noup Head on the island of Westray, the wind was blowing hard. The intensity and direction must have been heavily influenced by the shape of the cliffs below our feet, because for us landlubbers at the cliff top it was quite unpredictable where the wind would be fiercest. But the sea birds seemed to love it. And they knew exactly how to take advantage of it.

Many were hovering along the cliff top, just hanging there and watching the scenery, as we were watching them. They did not look elegant, with their tails sticking up and their legs dangling. But apparently, that is the best way to hover in one place, because we saw many birds of different species do it.

Usually the gannets would glide by gracefully. On the cliff top at Noup Head, you can look them in the eye. This way, they go somewhere without hurrying.

Adult gannet gliding

Adult gannet gliding past at Noup Head, Westray

But they also hover on the spot, without going anywhere. At first, we only saw juvenile gannets doing it: immature gannets that still have a lot of black feathers on their wings and that need to grow up before they get the proper white & black wing tips look. Like a flight school? But then we noticed that in some popular spots, adults were hovering the same way.

Immature gannet hovering, sacrificing style for a nice steady hover.

Immature gannet hovering, sacrificing style for a nice steady hover.

Both adult and juvenile gannets hang out at this promontory.

Both adult and juvenile gannets hang out at this promontory.

And it’s not just the gannets. These razorbills hover as well. When they fly, razorbills tend to flap their wings like crazy – as do all auks. They seemed to enjoy this steady hover without moving their wings.

Razorbills hovering off Noup Head.

Razorbills hovering off Noup Head.

Hovering razorbill

Razorbill

We haven’t seen the puffins do a full blown hover, but the wind did enable them to stay in the air without flapping their wings frantically. And their landings seemed to be more controlled too.

Puffins were flying and landing relatively safely at Noup Head

Puffins were flying and landing relatively safely at Noup Head

The artic terns on the Holm of Papay on the other hand, had only low cliffs and a relatively even grassland to work with when they were flying around. So they had to do the work of flapping their wings. Not that it bothered them. They were very agile, fluttering about in all directions, using their wings and magnificent tail.

Arctic tern on the Holm of Papay.

Arctic tern on the Holm of Papay.

Yes, I have been watching the birds for hours during my holidays. In my everyday life, I am indoors, in an office, organizing Office 365 into a habitat suitable for my clients’ employees, and helping these people get comfortable in that habitat. So it was great to see the Orcadian users get the most out of their habitat. And I enjoyed getting some fresh air and sunshine for myself too :-)

May 31, 2019

3 prerequisites for Office 365 adoption

Filed under: Adoption — frederique @ 23:52

We want our users to adopt Office 365. To make it their own, so that they can reap its benefits. But they can only adopt it successfully, if some prerequisites are fulfilled. Let us discuss three of them, which I have recently been addressing in a project.

These are not new; they fit into the barriers to a successful adoption I already talked about in 2012. But they still need to be taken care of.

1. Office 365 needs to be easily accessible

Many components of Office 365 live online, in the browser. So:

  • All users should have a working Office 365 account
  • There should be a clear entry point.
    If you have a SharePoint intranet in the same Office 365 environment, you are all set. Just explain where they can access the different Office 365 apps, in particular the App Launcher (the “waffle”).
    At my client, we still have an old intranet, in an old version of SharePoint. So we need to add an obvious link leading the users to Office 365. Because now they don’t know how to get there…
The Office 365 App Launcher also known as "The Waffle": once you are in Office 365 in the browser, you can find every online Office 365 app via this App Launcher.

The Office 365 App Launcher also known as “The Waffle”: once you are in Office 365 in the browser, you can find every online Office 365 app via this App Launcher.

2. It has to work

Ok, this is really obvious and sounds trite. But unfortunately it is not as easily accomplished. We hit some snags in practice… Computer savvy users can handle it, but the innocent end-users need a seamless experience.

  • Every Office 365 component has to work properly before you introduce it to the audience at large.
    For example, we’ve had issues with the installation of Office 2016, that came as a part of Office 365, next to Office 2010. That causes weird issues, so we must get rid of Office 2010 on every laptop before we can wholeheartedly promote Office 365.
    And many Office 365 profiles are incorrect, because the information in Active Directory is outdated. So we need to clean up Active Directory and only then will the profiles and the people search make sense.
  • Every third party add-on that you promote has to work properly
    Part of our user group has harmon.ie to connect Outlook to SharePoint. However, there have been issues with it since we switched from Office 2010 to 2016. We need to fix them, before we can roll it out to the rest

3. We need to get our story straight, given the dependencies and developments

So what is the story at this time? What should the employees use and how, to get their jobs done?

  • Currently, we are still working on project site templates in SharePoint Online. So we have to align our adoption efforts for SharePoint with the development of the new site templates: either wait until we have the project template for the business unit or introduce the department sites and explain what will follow.
  • We have just migrated the project sites from SharePoint 2007 and 2013. After this summer the intranet will be migrated. And we are formulating a plan to migrate the “home drive” fileshares to OneDrive for Business. So we need to align our story with the migration projects.
  • Most users still have Windows 7 and the official browser still is Internet Explorer 11. So we still have the “old” OneDrive syncing mechanism that takes up space on your laptop. And Modern SharePoint does not run smoothly at all for the innocent users.
  • We are transitioning from Windows 7 to Windows 10. For Windows 10, Microsoft recommends the new OneNote for Windows 10 app instead of the client we are using in Windows 7.
  • We are still on Skype for Business. which will be replaced by Microsoft Teams. The tool is too useful for online consultation to wait until we have switched to Teams. So we will start with rolling out Skype for Business, explaining that the basics will the same in Teams later.
  • We will roll out Microsoft Teams as a hub for informal collaboration soon. But we need to get our story straight first: what will be used it for, what are the best practices, how do we set up proper governance.

April 30, 2019

No Office 365 adoption: Feedback from the workplace

Filed under: Adoption,Office365 — frederique @ 23:53

When you roll out Office 365, you need to make sure that the users will adopt the toolkit. Otherwise, why bother rolling it out in the first place? However, in real life, we see that the users and their adoption of Office 365 do not always get the required attention. When you do get in touch with the users, you get some interesting feedback, leading to the obvious conclusion that you should have helped them in the first place…

Yes, recently I have been talking to quite a few innocent users and even more people who volunteered to be Office 365 champions. Plus, we have just done a survey (using Microsoft Forms) asking hundreds of users what they use, what they think and what they want pertaining to Office 365.

Here’s some of the feedback I received.

“You guys have switched it on, but nobody has explained anything ”

Most of the Office 365 tools have been rolled out, in the sense that they are available. An almost purely technical roll-out. But hardly anything has been done to help the users become aware of the new tools, let alone understand how they work and how to use them to make their lives easier. Yes, some savvy early adopters already know or pick things up by searching the internet. But many people need training and guidance. This is something I hear in every meeting with the business, on every visit, on every occasion… “You need to provide training”, “maybe you could give us some information”, “who is going to coach us?”, “why did you dump this on us without implementing it properly?”…

You can’t just switch on Office 365 and automatically have all users of a large, non-IT company embrace it. You need to help the users to adopt the toolkit, to make it their own.

“But how should I have known that?”

A management assistant contacted me about this SharePoint site she had for her board of directors. SharePoint was acting weird, she said. When she added a new folder with documents, the other could not see it. But then I saw that she was sharing files in her OneDrive for Business. “But that is the same as SharePoint isn’t it? ” No, it is not the same. “But how should I have known that?” Well, nobody had explained what’s what, how it works and what it is for. So basically my answer was: I am here now to help you and the board with this…

If is really tricky when you deploy functionality without explaining anything or helping the users adopt the tools properly. If they use the tools in the wrong way, you may end up with information loss, data leaks, or at the very least seriously frustrated users.

“I have a feeling we are not taking advantage of the possibilities”

Everybody is using Office 365, but that is because they are using Office to write documents in the same way as before, Exchange Online to send email in the same way, make meeting minutes in Word like they always did, store files in SharePoint in folders like they were used to on the P-drive. A few people have an inkling that maybe there is more, you have new ways to work more smartly. But what and how? In the few instruction sessions that were organized by IT, they explained which buttons to push to make the tool work. But that did not help the users to understand how to move to a new way of working.

You need to show how the users can take advantage of the new tools in their work. Demo realistic scenarios, so that they can see how it all fits together. They can open a meeting invitation in their Outlook calendar to participate in an online meeting in Skype for Business (ok, already old school) or Teams (the new tool). They can then take meeting notes in the OneNote notebook that is shared in their SharePoint team site, which they can access via their Outlook invite and the Team and the OneNote client. Et cetera, et cetera.

“My colleagues already hate SharePoint”

Some departments and project teams have SharePoint team sites. However, SharePoint has not been explained properly to these users. I heard from a hardy “champion“, who does think that SharePoint can help them collaborate more effectively, efficiently and smoothly. His colleagues however, do not understand how it works, so it does not work for them. They don’t have the time, savviness or optimism to find out how to make it work. And the poor champion does not have the means to help them out, because he is not sure about the best practices either.

We have to make sure users can learn how to use the new tools as soon as they have to start using them. Otherwise, the negative vibe will block successful adoption.

“Aha, but that is handy and quite easy too! ”

At a small scale, I have been explaining how Office 365 tools work and how to use them to make our lives easier. For example, the board was very happy to see that they could share information easily in their new SharePoint site. The management assistant could give access to new board members in seconds, which had been a terrible hassle on their network drive. And even the least savvy board member agreed that uploading a document was actually not difficult at all. Another colleague wanted to telephone to talk about a SharePoint site. I talked her into a Skype meeting, and she was very enthusiastic about the option to share her screen and just show me. That is something that can really make your life easier…

If you explain the low hanging fruit, you can already help people and make them happy.

“I am glad you are here! When are you coming back?”

Recently, I visited several other offices, elsewhere in the country. I told key contacts I would be there and that this would be an excellent opportunity to discuss their Office 365 questions and needs in person. And yes indeed, at each office, I hardly had time to grab a cup of coffee before I was swamped by users and their questions.

Even at this day and age, with the excellent tools offered by Office 365 for remote meetings, it is still important to visit other workplaces in person, for real-life interaction.

“Do you people at HQ really think we have time for this?”

Yes, quite a few people were willing to spend time finding out how Office 365 works and improve their way of working. But that does not mean that the IT department or HQ in general can just dump anything on the innocent users and make it their problem. For example, the roll-out of Office 2016 caused issues, especially on older laptops. So IT formed a taskforce to solve these issues. Nice. But then they told the end-users that they had to come to the head office for a whole day on a Monday, to work with the taskforce. What? As if these users, who are already terribly busy, would have time to spend a full day at headquarters. And when they politely said “you people at HQ”? I could hear them thinking “you total idiots at HQ” or even worse…

IT and the other staff departments at headquarters are there to facilitate the business, not the other way around…

“Teams and Planner don’t work for me”

In our tenant environment, self-service creation of Office 365 Groups is switched off. So users cannot create Microsoft Teams or Plans in Planner. This makes sense, because the basics have not been configured properly and we would end up with a complete mess. Unfortunately, the Create buttons are there, and nobody has told the community that only IT can do this. So this time it is the savvy early adopters who get frustrated.

If advanced options are visible to end users, the buttons have to work. Or it has to be very clear why they have not been enabled yet, what is the plan for these advanced options, and maybe how they can request a sneak preview or pilot.

“The champions programme? We thought that had died”

Almost two years ago, we actively recruited users to act as Office 365 champions . We promised them training and asked them become the first point of contact for their colleagues. And then the plans from IT changed, funding was lost and that training was postponed. A year ago, we gave them a couple webinars about some of the aspects of Office 365. And no follow-up. Now we are finally trying to start up the community and get serious about adoption. But by now, some of the prospective champions I talked to confessed that they thought we had all died or something. Or at least the programme had died. “You are going to train us? Yes please, about time!”

Actually, it is a miracle most of them still want to talk to me, respond to the survey and tell us they want to learn more. Even if they need to vent their frustration first. When you recruit people to become Office 365 champions, you have to train and involve them right away and keep at it.

“Why didn’t you tell us that the adoption programme was delayed?”

Ok, we had to postpone our adoption activities and that was bad. Especially the people who had signed up to become Office 365 champions were very unhappy about this. But what really exasperated them, was that we did not fess up to the prospective champions what was going on. Quite a few of them reproached us that we should have communicated properly about the delay and the reason for it.

And they were right… You need to tell people what’s the plan, what is going on and what has been canceled.

So yes, it really is important to take action right from the start of the roll-out of Office 365 to help people adopt it. You should NOT deploy Office 365 and then start thinking about user adoption as an afterthought.  Not just because I say so, but because the people at the workplace, our users, say so… Many things went wrong in this Office 365 roll-out, but one thing is clear: now that we are finally starting a project to promote the adoption Office 365, we are definitely fulfilling a need.

March 31, 2019

Saving overweight views in SharePoint

Filed under: SharePoint — Tags: , — frederique @ 19:30

SharePoint Online cannot handle views involving more than 5 000 items, especially in Classic mode. Even if it does not have to display them all on the same screen. The view collapses under its own weight, unless you limit the number of items by filtering it down using indexed columns. And when the view does break, the end-users do not see any information and freak out. Ok, this is not new. But we still bump into this issue, so let me discuss it in this post.

I am not the first line of support for end-users, but I do speak to people in the business and they do know how to find me when they experience difficulties in Office 365. Recently, I spoke with a few people in the business, who thought that their document libraries had broken down irrevocably and who started to doubt the entire concept of their SharePoint site. Oh dear… The users got a message telling them that the view they were looking at exceeded the list view threshold of 5.000 items. And they interpreted this message as follows: our document library breaks when we put more than 5 000 items in it. But we have far more documents, so this is not working at all.. Help!!

Overweight view in the Classic experience

Overweight view in the Classic experience

Overweight view in the Modern experience

Overweight view in the Modern experience

These users have libraries with over 5 000 items, which are structured with document sets (so yes, they are still using the Classic experience). However, some of their most important views ignore the document sets. For example, one of the views displays the key documents from each set, which they need to list as input for some subcontractors. The key question for me was:
Do you want your view to display more than 5 000 items?
Or are you trying to distill a much shorter summary from a large library?

Fortunately, the desired view was much shorter than 5 000 items, so we only had to configure the view properly.

The following tricks helped us to slim down overweight views and get them to work for our end-users:

  • Use a filter to narrow down the number of items, instead of the item limit.
    Setting the item limit does not help. If you set the view to display, for example, 30 items at the time or display only 30 items, SharePoint still tries to get all of the items in one go, before displaying the first batch.
  • Filter by indexed columns.
    Filtering by columns that have not been indexed does not help either. You need an indexed column: List settings > Columns: Indexed columns. For example, if the column Created has been indexed, you can create a working ‘Recent’ view by not only sorting by Created but additionally filtering Created is larger than [Today] – 365 (or a smaller number, if too many items were created this year). See Add an index to a SharePoint column.

    Recent items, filtered to display only items created this year, with the newest items displayed at the top.

    Recent items, filtered to display only items created this year, with the newest items displayed at the top.

    • Use a simple index, by one column only. A compound index including a secondary column does not help.
    • You should set up the indexed columns while the list or library still has under 5 000 items.
      In the early days of SharePoint Online, you were stuck if you had not indexed your filter columns before the list grew beyond 5000 items. These days, SharePoint Online is smarter, although you will still experience less problems if you set up the indices beforehand.
    • SharePoint Online starts to index a column automatically when you create a view sorting or filtering by that column. For example, if you create a ‘Recent’ view sorted by Created date, that column gets indexed automatically.
      This only works if the list settings don’t block it. Stick to the default setting: List settings > Advanced settings > Allow automatic management of indices? = Yes.
      And this only works if the list still has less than 20 000 items. So again, it pays to be proactive about these large lists.
    • You can still index a column manually too, even after the list has become overweight. In my experience, it may take some time for that index to actually appear. Lists that are only slightly overweight can create an index within minutes, but it hasn’t always been that quick.

      Indexed columns: Created has been indexed automatically, The others have been indexed manually, after the list became larger than the threshold of 5 000 items

      Indexed columns: Created has been indexed automatically, The others have been indexed manually, after the list became larger than the threshold of 5 000 items

  • If you filter by one column AND another column, the first one should already bring the number of items down to under 5 000. You may think that an AND filter is symmetrical, but it is important to put the right filter in first. For example, if there are many final documents but not too many key documents, filter your view ‘Final key documents’ as Key documents = Yes AND Status = Final, and not the other way around.

    Filter by indexed columns: first by the one that restricts the number of items the most: Key document = Yes, And then refining it by Status= Final to achieve the desired view.

    Filter by indexed columns: first by the one that restricts the number of items the most: Key document = Yes.
    And then refining it by Status= Final to achieve the desired view.

  • Filtering by one column OR another column breaks the view. So don’t filter a view ‘My Documents’ as Modified by [Me]  OR Created by [Me], even if there are only a few documents created or modified by each user.
  • Is the view still broken? Try to make the view less complex (see Manage large lists and libraries in SharePoint)
    • Sort by only one column.
    • Don’t sort by  “difficult” columns (people, lookup or managed metadata).
    • Don’t group.
    • Don’t use totals (which currently don’t work in the Modern view anyway).
    • Don’t display more than 12 of those “difficult” columns.

Views in the Modern mode of SharePoint are more robust, but they still have their limitations. In the Modern experience, I have seen views with over 7 000 items that worked just fine. But the view with over 70 000 items still broke; 20 000 seems to be the new 5 000. And the Modern ‘All items’ view of my test list of just over 5 000 item is still broken too; maybe I have to wait a bit longer for the view to get its act together and start working…

All in all, large views still need attention, but we do have some tricks to help our end-users.

February 28, 2019

Office 365 security and compliance GDPR dashboard – Yes please

Filed under: Governance,Office365 — Tags: , — frederique @ 23:57

These days, our project managers and site owners are aware that they have to be very careful to store no personal data, except data that are necessary to do the job, only accessible to the people who need to use it, only for the time they are needed, only for the purpose for which they were gathered. But are we sure that there were no personal data hidden somewhere in SharePoint 2007, dating from more than a decade ago, that we now risk exposing SharePoint Online after migration? Let us MAKE sure!

I am working on a project for a construction company that has been using SharePoint for ages. They have over 8.000 SharePoint sites for our Operating Company alone, most of them SharePoint 2007 sites. Currently, we are migrating these old sites to SharePoint Online, as “archive sites”, as part of our transition to Office 365. So we see a lot of old stuff passing by…

  • We want to make sure we keep all information that is still relevant for the company, such as construction details on the buildings they constructed, information needed for maintenance and guarantees.
  • But we also want to make sure that we do not have personal data that we are not allowed to have according to the privacy rules, GDPR (General Data Protection Regulation).

I am not worried about the remains in SharePoint 2007; those servers will be decommissioned and emptied soon. What I want to know: are compliant in our Office 365 environment, including SharePoint Online, where we are migrating all of that old information. The advantage of asking that question, is that we can use the modern tooling offered by Office 365 itself to check!

Tools in Office 365: GDPR dashboard and toolbox

Recently, I made our privacy officer very happy by showing him the GDPR Dashboard in the Office 365 security & compliance center. It is part of the admin toolbox which we already have in our tenant. So let’s comfigure it and use it to our advantage.

Security & Compliance center: GDPR dashboard

Security & Compliance center: GDPR dashboard (in a demo tenant, nothing going on…)

It took me a moment to find it, because I was looking in the Microsoft 365 admin center. You need to go to a different url: https://protection.office.com/ (at least, in the admin center of my tenant I see no link at this time)

And this dashboard comes with a toolbox:

GDPR toolbox

GDPR toolbox

Discover
Identify what personal data in your org is related to GDPR.
• Import data: Bring data into Office 365 to help safeguard it for GDPR.
• Find personal data: Use content search to find and export personal data to help facilitate compliance in your org.

Govern
Manage how personal data is classified, used, and accessed.
• Auto-apply labels: Automatically classify content containing personal data to help ensure it’s retained as needed.
• Create a disposition label: Trigger disposition reviews so you can decide if personal data should be deleted when it reaches a certain age.
• Use Compliance Manager: Access your org’s compliance posture for GDPR and get recommended actions for improvement.

Protect
Establish security policies to prevent, detect, and respond to cyberthreats.
• Create a data loss prevention (DLP) policy: Detect content containing personal data to help ensure it’s protected.
• Apply cyberthreat policies: Protect your users from cyberattacks like phishing, malware, malicious links, and more.

Monitor & respond
Track label usage, stay on top of data breaches, and respond to data subject requests (DSRs) and legal investigations.
• Respond to DSRs: Create DSR cases to find and export Office 365 data related to a data subject request.
• Respond to legal investigations: Use eDiscovery cases to respond to legal investigations.
• Review and explore label usage: Get insights into how labels are being used and take action if needed.
• Set up alert policies: Track and get notified about user and admin activities related to GDPR.
• View reports: Drill down on activity related to policy matches, threat detections, and more.
• Visit Service Assurance: Learn how Microsoft helps meet the security, privacy, and compliance needs of your org.

Data Loss Prevention Policy for GDPR

One of the items in the GDRP toolkit is to create a DLP (Data Loss Prevention) Policy to detect content containing personal data. You can create one starting from the shortcut in the GDPR toolbox or from the DLP section of the security & compliance center.

Data Loss Prevention policy: GDPR

Data Loss Prevention policy: GDPR

This will detect personal information in our environment:

  • EU Debit Card Number
  • EU Driver’s License Number
  • EU National Identification Number
  • EU Passport Number
  • EU Social Security Number (SSN) or Equivalent ID
  • EU Tax Identification Number (TIN)

You can select where it should apply. I want it to protect all content in all locations Office 365, including Exchange email and OneDrive and SharePoint documents (Hey, not SharePoint lists? And how about Yammer Groups, Teams conversations? Maybe it is assumed that nobody would put, for instance, a passport number in there. I have seen scans of passports in SharePoint documents and in email attachments, before they were removed as soon as possible…).

GDPR Policy: select the locations it should protect

GDPR Policy: select the locations it should protect

But for a test it is more practical to limit its scope and choose specifc locations.

GDPR policy limited to one test site collecton

GDPR policy limited to one test site collecton

You can customize what it should detect, for example: content shared with outsiders or only insiders?

GDPR Policy: tweak the details of what it should detect

GDPR Policy: tweak the details of what it should detect

And then what action should it take if it detects personal data? For example, email a report to the person who set the policy, the global admin, some specific mail address.

GDPR Policy: what action should it take with what it has detected?

GDPR Policy: what action should it take with what it has detected?

As a result, you get reports like these, in a csv file:

GDPR policy: report from demo tenant, converted from csv to columns to make it more readable

GDPR policy: report from demo tenant, converted from csv to columns to make it more readable

 

Ok, to be honest, in our first test it did not seem to detect any of our own examples of personal information we added in a SharePoint testsite, while it found a lot of false positive. But still, it looks very useful, once we get it to work properly.

January 31, 2019

Where is our Office 365 data located?

Filed under: Office365 — Tags: — frederique @ 20:23

I am involved in the roll-out of Office 365 at a company, where they still have a lot of data on file shares. We explain that we are moving into the cloud and that sometimes prompts the question where the data will actually live. Good question.

“In the cloud”… to some people it sounds rather out there. We are a down to earth company, we don’t have our head in the clouds, so what do you mean working in the cloud?? But of course the data “in the cloud” is stored solidly in Microsoft data centers.

So where are those data centers in which our data are stored then? For one thing, it is always data centers plural: Microsoft copies our data to at least two different locations, so that they will be safe even if something catastrophic happens at one of the datacenters. I’ve heard colleagues say that our data is stored in The Netherlands, but that is only a partial answer.

You can check where your data is stored via: https://products.office.com/where-is-your-data-located. But make sure you scroll beyond the picture, because some services in Office 365 may store data in other locations.

For this company, with headquarters based in The Netherlands, the bulk of the data resides the Euopean Union, mostly The Netherlands and Ireland. However, there are exceptions:

  • Sway lives in the United States.
    That does not bother us much, because Sway is hardly used in any of the organizations I’ve worked at.
  • Yammer lives in the United States too!
    That is cause for more concern, because Yammer is used more extensively. Fortunately, Yammer is not the most likely place for people to share sensitive, confidential information But it is still something to take into account in our Office 365 governance and its associated guidance.
Microsoft data centers for the European Union. But for some services, the data is stored in the US.

Microsoft data centers for the European Union. But for some services, the data is stored in the US.

December 31, 2018

Best wishes for 2019

Filed under: Uncategorized — frederique @ 19:11

I wish you all the best for 2019. I am not just talking about SharePoint, obviously, but the new year as a whole.

Kerst2018-GlowEN

Older Posts »

Powered by WordPress