blog.frederique.harmsze.nl my world of work and user experiences

February 28, 2019

Office 365 security and compliance GDPR dashboard – Yes please

Filed under: Governance,Office365 — Tags: — frederique @ 23:57

These days, our project managers and site owners are aware that they have to be very careful to store no personal data, except data that are necessary to do the job, only accessible to the people who need to use it, only for the time they are needed, only for the purpose for which they were gathered. But are we sure that there were no personal data hidden somewhere in SharePoint 2007, dating from more than a decade ago, that we now risk exposing SharePoint Online after migration? Let us MAKE sure!

I am working on a project for a construction company that has been using SharePoint for ages. They have over 8.000 SharePoint sites for our Operating Company alone, most of them SharePoint 2007 sites. Currently, we are migrating these old sites to SharePoint Online, as “archive sites”, as part of our transition to Office 365. So we see a lot of old stuff passing by…

  • We want to make sure we keep all information that is still relevant for the company, such as construction details on the buildings they constructed, information needed for maintenance and guarantees.
  • But we also want to make sure that we do not have personal data that we are not allowed to have according to the privacy rules, GDPR (General Data Protection Regulation).

I am not worried about the remains in SharePoint 2007; those servers will be decommissioned and emptied soon. What I want to know: are compliant in our Office 365 environment, including SharePoint Online, where we are migrating all of that old information. The advantage of asking that question, is that we can use the modern tooling offered by Office 365 itself to check!

Tools in Office 365: GDPR dashboard and toolbox

Recently, I made our privacy officer very happy by showing him the GDPR Dashboard in the Office 365 security & compliance center. It is part of the admin toolbox which we already have in our tenant. So let’s comfigure it and use it to our advantage.

Security & Compliance center: GDPR dashboard

Security & Compliance center: GDPR dashboard (in a demo tenant, nothing going on…)

It took me a moment to find it, because I was looking in the Microsoft 365 admin center. You need to go to a different url: https://protection.office.com/ (at least, in the admin center of my tenant I see no link at this time)

And this dashboard comes with a toolbox:

GDPR toolbox

GDPR toolbox

Discover
Identify what personal data in your org is related to GDPR.
• Import data: Bring data into Office 365 to help safeguard it for GDPR.
• Find personal data: Use content search to find and export personal data to help facilitate compliance in your org.

Govern
Manage how personal data is classified, used, and accessed.
• Auto-apply labels: Automatically classify content containing personal data to help ensure it’s retained as needed.
• Create a disposition label: Trigger disposition reviews so you can decide if personal data should be deleted when it reaches a certain age.
• Use Compliance Manager: Access your org’s compliance posture for GDPR and get recommended actions for improvement.

Protect
Establish security policies to prevent, detect, and respond to cyberthreats.
• Create a data loss prevention (DLP) policy: Detect content containing personal data to help ensure it’s protected.
• Apply cyberthreat policies: Protect your users from cyberattacks like phishing, malware, malicious links, and more.

Monitor & respond
Track label usage, stay on top of data breaches, and respond to data subject requests (DSRs) and legal investigations.
• Respond to DSRs: Create DSR cases to find and export Office 365 data related to a data subject request.
• Respond to legal investigations: Use eDiscovery cases to respond to legal investigations.
• Review and explore label usage: Get insights into how labels are being used and take action if needed.
• Set up alert policies: Track and get notified about user and admin activities related to GDPR.
• View reports: Drill down on activity related to policy matches, threat detections, and more.
• Visit Service Assurance: Learn how Microsoft helps meet the security, privacy, and compliance needs of your org.

Data Loss Prevention Policy for GDPR

One of the items in the GDRP toolkit is to create a DLP (Data Loss Prevention) Policy to detect content containing personal data. You can create one starting from the shortcut in the GDPR toolbox or from the DLP section of the security & compliance center.

Data Loss Prevention policy: GDPR

Data Loss Prevention policy: GDPR

This will detect personal information in our environment:

  • EU Debit Card Number
  • EU Driver’s License Number
  • EU National Identification Number
  • EU Passport Number
  • EU Social Security Number (SSN) or Equivalent ID
  • EU Tax Identification Number (TIN)

You can select where it should apply. I want it to protect all content in all locations Office 365, including Exchange email and OneDrive and SharePoint documents (Hey, not SharePoint lists? And how about Yammer Groups, Teams conversations? Maybe it is assumed that nobody would put, for instance, a passport number in there. I have seen scans of passports in SharePoint documents and in email attachments, before they were removed as soon as possible…).

GDPR Policy: select the locations it should protect

GDPR Policy: select the locations it should protect

But for a test it is more practical to limit its scope and choose specifc locations.

GDPR policy limited to one test site collecton

GDPR policy limited to one test site collecton

You can customize what it should detect, for example: content shared with outsiders or only insiders?

GDPR Policy: tweak the details of what it should detect

GDPR Policy: tweak the details of what it should detect

And then what action should it take if it detects personal data? For example, email a report to the person who set the policy, the global admin, some specific mail address.

GDPR Policy: what action should it take with what it has detected?

GDPR Policy: what action should it take with what it has detected?

As a result, you get reports like these, in a csv file:

GDPR policy: report from demo tenant, converted from csv to columns to make it more readable

GDPR policy: report from demo tenant, converted from csv to columns to make it more readable

 

Ok, to be honest, in our first test it did not seem to detect any of our own examples of personal information we added in a SharePoint testsite, while it found a lot of false positive. But still, it looks very useful, once we get it to work properly.

January 31, 2019

Where is our Office 365 data located?

Filed under: Office365 — Tags: — frederique @ 20:23

I am involved in the roll-out of Office 365 at a company, where they still have a lot of data on file shares. We explain that we are moving into the cloud and that sometimes prompts the question where the data will actually live. Good question.

“In the cloud”… to some people it sounds rather out there. We are a down to earth company, we don’t have our head in the clouds, so what do you mean working in the cloud?? But of course the data “in the cloud” is stored solidly in Microsoft data centers.

So where are those data centers in which our data are stored then? For one thing, it is always data centers plural: Microsoft copies our data to at least two different locations, so that they will be safe even if something catastrophic happens at one of the datacenters. I’ve heard colleagues say that our data is stored in The Netherlands, but that is only a partial answer.

You can check where your data is stored via: https://products.office.com/where-is-your-data-located. But make sure you scroll beyond the picture, because some services in Office 365 may store data in other locations.

For this company, with headquarters based in The Netherlands, the bulk of the data resides the Euopean Union, mostly The Netherlands and Ireland. However, there are exceptions:

  • Sway lives in the United States.
    That does not bother us much, because Sway is hardly used in any of the organizations I’ve worked at.
  • Yammer lives in the United States too!
    That is cause for more concern, because Yammer is used more extensively. Fortunately, Yammer is not the most likely place for people to share sensitive, confidential information But it is still something to take into account in our Office 365 governance and its associated guidance.
Microsoft data centers for the European Union. But for some services, the data is stored in the US.

Microsoft data centers for the European Union. But for some services, the data is stored in the US.

October 31, 2018

3 simple things that help user adoption

Filed under: Adoption,Office365 — frederique @ 22:58

Setting up effective tools and processes to achieve user adoption often turns out to be difficult. No time, no money, no resources. You should still make that time, find the money, and locate the resources, because why roll out something like Office 365 if users do not adopt it? Nevertheless, let us take a look at some things you can start doing right now that require only a little attention.

Set an example

Office 365 is a great toolkit for communication, collaboration and sharing knowledge. So let’s use it to support the roll-out of Office 365. Eat your own dog food!

Use Office to collaborate in your IT / information management / roll-out team. That allows you to check if everything is working properly, and it offers an example of the practical application of the tools that you can show to others.

And use Office 365 to share with the stakeholders outside your team. For instance, when you organize something like workshops or training sessions:

  • Do not send any materials as e-mail attachments, but share them on a SharePoint site.
  • Offer a Skype meeting or Teams meeting to allow people to join you online if they cannot join in real life.
  • Take notes of these sessions in OneNote and share them.

Also, encourage managers and other influencers to use the new tools when they become available. For instance, post announcements on the SharePoint. And if they want to send a newsletter or other e-mail for higher visibility, only include summaries in the mail text, with links to the full story.

Offer help content to answer frequently asked questions

User will ask how things work. At least, I get quite a few emails and calls with such questions and I know many my colleagues get them as well. Instead of detailing the same answer to each user, put these answers in a central location and point to those instructions and explanations to help them out.

  • A basic user manual,
  • A help page,
  • A list with clear tips or frequently asked questions.
  • A demo site with the SharePoint site template you have found or developed. Add some content to show what you can do in such a site.
  • A Short video, if you have more time or if you find it easier to show something in a quick recording than writing it down.

Anything, as long as it explains what is what, how to use it and what’s in it for them.

Do you have an information portal or help center? Great, use it!
If you don’t have anything elaborate (yet), just put something in a public team site. Even if you cannot broadcast the information yet, at least the information is available. Just send a link to anyone who asks a question.

Inspire people who show an interest

It takes a lot of time and effort to get everyone onboard on the Office 365 train. But in every organization, there are at least some enthusiasts who like to experiment and get started with new tools. They may contact you to learn more.

Inspire them with tips and tricks of what is already possible and sneak peaks of what will become available soon. Then they can inspire their colleagues. But be honest about the limitations and the reasons why some things are not available yet – these early adopters may want to move faster than you call roll out Office 365 in a controlled manner.

Try to find out what they really need, in their situation. Standard Office 365 features can be amazing discoveries if you were unaware of them and they turn out to meet your needs. Examples of things that made some people quite happy recently:

  • For a colleague the idea of sharing notes in the team site notebook was an eye opener. After all, that is included in every SharePoint site but he was not aware of that, so he was taking notes in a notebook in his OneDrive. Quite a few people were awed by the functionality offered by OneNote, which they found a lot more practical than notes on paper or on Word.
  • For a team that is discussing a draft versions of deliverable documents, Microsoft Teams was just what they needed: persistent chat threads in the context of the document under discussion.
  • A colleague had heard about Teams and thought that they would help him. But after some brainstorming, it turned out he wanted to manage an overview of information that was perfectly suited to list in SharePoint with some fields for status, owner and hyperlinks to other sources.

 

These are some things you can do to take a few steps towards some user adoption. But don’t stop there. In most organizations, you need to do a lot more to achieve real user adoption. See for example these earlier blog posts: 5 lessons learned about user adoption programmes,  5 more lessons learned about User Adoption and the DIWUG eMagazine article: How do we get users to adopt Office 365?

September 30, 2018

New meeting tools in Microsoft Teams

Filed under: Office365 — Tags: — frederique @ 23:36

Almost two years ago, I go my first glimpse of Microsoft Teams. For me, it was a big surprise, but it was not the hub for teamwork that it was supposed to be. At Ignite 2017, Teams got serious. And recently at Ignite 2018, Teams really took off.

Microsoft Teams is replacing Skype for Business as the preferred tool for online meetings. We knew that was going to happen, and now we heard the exhortations to move our users from Skype to Teams. And it’s not just a question of replacement: Teams now offer options that extend beyond what we ever had in Skype for Business…

This post summarizes the announcements: What’s new in Teams – Ignite Edition. And I’ve taken a quick look at the current Teams Meeting myself.

Scheduling a meeting starting from a compleet overview

I can schedule a Teams meeting from Outlook. And I can schedule one from within Teams, where I am already working. This is not brand new, but it is practical.

In the meeting section of Teams, I get an overview of my meetings today. Teams is integrated with Outlook: I also see the appointments created in Outlook that don’t have anything to do with Teams meetings. When scheduling a meeting, I can invite guest who are outside our organization.

Meetings in Teams, including an overview of my meetings today, including appointments set up only in Outlook. And the details of a Teams meeting.

Meetings in Teams, including an overview of my meetings today, including appointments set up only in Outlook. And the details of a Teams meeting.

Blurring the background in video calls

When I give an important presentation using video, I am always careful to sit in front of a neutral background. Now Teams has a new option to avoid distractions: background blurring. It does give me a weird aura, but it also reduces the mess in the background.

A video call without and with background blurring.

A video call without and with background blurring.

Sharing notes and other options

Personally, I don’t use the video option much. In presentations, I do a bit of video so that people know who I am, But then I start showing the real thing: presentation materials and demos. The options to do that look a bit different from the buttons in Skype.

Like in Skype we can have a chat-conversation. In addition, we can also take notes right in the context of the meeting.

Sharing and other options in my Teams Meeting.

Sharing and other options in my Teams Meeting.

You can have a meeting in Teams with a guest outside your own organization. But that guest does not have access to the notes.

The external guests can join the meeting, but they cannot see the notes.

The external guests can join the meeting, but they cannot see the notes.

Recording a session and viewing it in Stream

In Skype for Business, we had an option to record a session. We don’t record regular meetings, but we do record presentations, like knowledge sharing sessions. The option is available in Skype, but publishing a recording is a bit messy: you have to find the file on your computer and then upload it into Stream yourself.

In a Teams meeting, the recording is automatically uploaded into Stream. And a link to that video is posted in the chat conversation. You can open the recording from that conversation as well as from Stream itself.

The recording is posted to the chat conversation of the meeting,

The recording is posted to the chat conversation of the meeting,

Open the recording directly from the chat

Open the recording directly from the chat

It looks like it’s time to transform my recurring Skype mMetings into Team Meetings…

August 31, 2018

Some gotchas and glitches in Microsoft Stream

Filed under: Office365 — Tags: , — frederique @ 23:50

We are using Office 365 and investigating Stream as the video tool for a communication solution. Stream is interesting, but we hit some stumbling blocks. Let me share some of the lessons we learned setting up a channel, allowing the right people to upload videos into it and trying to achieve a smooth end-user experience.

We are working on a communication solution to share safety information with the entire organization. In addition to pages about safety rules et cetera, the team is making videos to explain safety measures and inviting vloggers to create videos about their safety experiences on the job. Because it is very important that the information follows the official safety rules, the content is curated assiduously.

In this organization we are rolling out Office 365, so we got started with a Communication Site in SharePoint Online and Stream for the videos. We were guided by Microsoft’s Overview of Groups and Channels, which was helpful but not enough to pull us through.

Set-up a channel where the right people can upload videos

Permissions are not set on Channels but on Groups

In the old Video portal in Office 365, you set permissions on the channel. In the new Stream, permissions are not managed on the channel, but directly on the video or on Groups. The channels are only meant to structure the collection of videos that the Group is publishing. In our situation, a small group of editors should upload the videos and everyone in the organization should be able to view them. So following Microsoft’s Group & channel examples, we set up:

  • A Public Group in Stream, where we Allow all members to contribute: everyone can see the content of this Group, but only the Group can contribute.

    Screenshot: Create a public group

    Create a Public Group, so that everyone can view the content and the users add to the group can contribute

  • In that Group, we created a Group channel. The Owners can change the settings of the Group and the channel, and the people they add as Members can upload and manage the videos in the channel.

    Screenshot: create group channel

    Create a group channel, so that the group can upload videos

In the Group and the Channel,

  • Owners can change the settings of the group the channel, add members and other owners, upload and manage videos
  • Members can also manage the group and channel settings like the title, and they can upload and manage videos. But they cannot add other members.
  • Everyone in the organization (because it is a public group) can view the content, but not contribute.
ScreenshotL add member

The Group Owners can add members and other owners, in the tab Membership of the Group.

Even Group owners cannot upload videos if video uploads are restricted centrally

Even the Owners of Stream Groups cannot upload videos, if video uploading is restricted in the central settings. We hit this problem. In our case, some owners could upload videos and others could not, and it took us a while to find out why. You will find this option in Stream itself (not in the central Office 365 Admin portal), in the menu under the gear icon: Admin settings.

Screenshot: link to Admin settings.

Link to the Admin settings in Stream.

The check the settings under Content Creation. You are fine if the option to Restrict video uploads = Off.

Screenshot: Restrict video uploads is Off.

Content creation settings in Stream: Restrict video uploads is Off.

If video uploads are restricted, you have to make sure that the people who are supposed to upload videos in your channel are added to the ‘whitelist’.

Screenshot: Restrict video uploads is On

Content creation settings in Stream: Restrict video uploads is On.

So if the editors cannot upload videos check this setting. And ask the governance board for your Office 365 environment if they can please relax this setting and stop the restriction on video uploads, because managing this ‘whitelist’ of unrestricted users will be a nightmare.

Finding the options

Keep titles short: Channels titles cannot be more than 30 characters

When you create a channel, This title only just fit in ‘’Test video companywide channel’, even though the title field looks much bigger. And even so, under 20 characters are displayed in the channel over view cards.

Partial screenshot: channels tab

In the Group, the tab Channels displays the channels of this group, but only short version of the channel titles

Editing the Group properties

Owners and (if members are allowed to contribute) can change the settings of the group and its channels. The entry point to the edit-options are somewhat hidden: follow the dot dot dots…you see in the group itself and in the overviews.

Screenshots: entry points to edit tgroup and channel settings

Click on the ellipsis next to the title in the group or channel, or in the overviews.

You cannot change the Group picture in Stream

You can edit the title, description and access options. But you cannot change the picture here.

Screenshot of the group edit options.

Editing the Group properties.

You have to go to the Group settings elsewhere in Office 365. After all, the Group we use in Stream is a regular Office 365 Group.

To change the picture, go to the settings in Office 3656 Group.

To change the picture, go to the settings in Office 3656 Group.

Stream on a SharePoint page does not work properly

Stream web part is in Preview and slows Internet Explorer 9 terribly

We have a Communication Site in SharePoint Online for the non-video content. In that Modern template, there is a web part (app part, whatever it’s called nowadays), to display a Stream video or channel on the page. But that is a Preview.

Putting the Stream preview on the page is a performance killer in Internet Explorer 9. This old Internet Explorer does not work well with the Modern interface.

Preview Stream webpart on a Communication Site

Preview Stream webpart on a Communication Site

Videos don’t play on iPhones

Because the Stream web part does not work properly on the laptops, we embedded key videos directly on the page. On the laptop that works.

However, in the SharePoint App on the iPhone, that does not work. On the iPhone, you get a message to log on. And that does not work…

On an iPhone, you do not get the video, but a log on message. Which does not work.

On an iPhone, you do not get the video, but a log on message. Which does not work.

Unfortunately, this is a show stopper for us: most users will probably use their iPhone to view the information, including the videos. Hm. So we have to keep looking…

May 31, 2018

Yammer does not work – Are you sure you should blame the tool?

Filed under: Adoption,Office365 — Tags: , — frederique @ 23:52

Yammer has been around for a decade already, as an enterprise social networking service. It has been incorporated in the Office 365 toolkit. And it can be very effective. However, now I am hearing from my client that Yammer does not work for them and they want some other tool. Is Yammer really that bad, or is there I some other reason why they say Yammer does not meet their needs?

Currently I am working for a construction company. They want a platform to communicate about safety and to interact with the employees about that topic. This is a construction company, so safety is a big issue. For all of the employees.

How about Microsoft Teams?

They asked me for a demo of Microsoft Teams, because they thought that this would be a great tool to use for their safety communication and interaction. Microsoft Teams is newer, and that it why they think it is hotter I fear….

Don’t get me wrong, I Microsoft Teams is great. But not for this purpose.

  • The maximum number of members in a Team is 2.500 which is not nearly enough.
  • A Team does not have visitors, but only members and owners. That is great for conversations, but these members can also edit other information in the Team. And the client wants to offer “official” information as well. SharePoint is better for that purpose, though you can of course connect a SharePoint site to a Team.
  • A Team does look quite complex and ‘geeky’ with all those channels and tabs and everything. You don’t have a simple starting point like a homepage. A Communication site does that better.
  • Teams is for teams, that is why it is called Teams… As Microsoft puts it: Teams are for the inner loop, the inner circle with whom you are collaborating closely.

How about Yammer?

A Communication site is great for the “official stuff”: well thought-out pages about the topic, guidelines and instructions, overviews of contacts, events etc. But for interaction with the people, Yammer is more suited. We can bring the two together, by adding a Yammer app (web part, app part, whatever you call it) to the homepage of the site.

However, when I mentioned Yammer, they all pulled faces and grumbled that they had tried Yammer and that it did not work for them at all. Hmmmm…

I admit, Yammer is definitely not perfect:

  • The search is terrible… I find it difficult to find what I am looking for via the search box in Yammer.
  • The Yammer app (web part, app part, whatever you call it) you can add to a homepage of your Communication site is very, very basic: pictures are not displayed, you only see the last comment.
  • Links to SharePoint pages are not displayed nearly as nicely as links to internet pages.

But I like Yammer and use it a lot in our company:

  • An informal forum to ask questions, share lessons learned and post new tidbits
  • Clear structure via groups and threads, with an overview on the ‘start page’ and per group a view of the new conversations so that you know when you are up-to-date.
  • Rich conversations using tags (to help you find them and collect the conversations on a topic), mentions (to engage specific colleagues), attached images as slide shows, links to for example Stream videos and websites with a visual preview…

Why is Yammer working for us and maybe not for my client?

  • Many of my colleagues (including me…) often are working elsewhere. We only meet online.
    If everyone is in the same office most of the time, they can easy discuss questions and ideas in the coffee corner. Then they don’t really need Yammer, so they won’t use Yammer as much. So if the same organisation starts using Yammer to share with people who are not in the same office, it may be used more.
  • I use Yammer, instead of another tool, because that is where the action is: questions posed in Yammer are answered, ideas get commented upon, tidbits get liked etc.
    If Yammer is not being used in a community, it is not worth going there and posting something. But if nobody posts anything or nobody reacts, nobody will start use it. In our organisation the vicious circle was broken early, because we are an IT company with people who like this stuff, and because it meets our needs.
  • We know where to find Yammer. In the early days, we had a Yammer feed web part right in the middle of the homepage of our intranet (now Yammer is more prominent than that homepage…).
    In my client’s organisation, I Yammer is hardly connected to anything else. There is a link to Yammer on the homepage, but that is a static link buried among other links.
  • In our organisation, Yammer is the dominant tool for spreading news: management posts updates, HR uses Yammer to tell us about people who join or leave us, sales tells about new clients…
    In my client’s organisation, I get a lot of this information via email. The disadvantage of email for such communication, is that it does not allow you to start a conversation: ask questions, say hello / goodbye to the new / old colleagues, give kudos for achievements.
  • We grumbled a bit about unpractical features in Yammer but we could get passed them and now we can take advantage of the continuous improvements, like the ability to edit a post (not all that recent, but a huge relief when that became possible,,,) .
    I wonder if my client had their experience with Yammer a long time ago; they may not have noticed that some of their obstables have been removed.

So to adopt and take advantage of Yammer:

  • Determine to what problem it is the solution: conversations about special topics between people who are not sharing the same office.
  • Actively seed and drive the conversation when that does happen organically: have editors / moderators post tips and news, answers questions or redirect them to someone who can (using the mention-option). Make sure these posts are interesting to the users: relevant, useable and/or great fun :-)
  • Make sure it is easy to find Yammer: embed Yammer feeds in SharePoint sites, invite colleagues to join groups that are of special interest to them.
  • In help & training, tell users about Yammer and how it can be useful, show it to them in a moderated Yammer group sharing Office 365 expertise for instance. Share success stories (for example gathered as #YamWins)
  • Introduce Yammer to anyone who does organisation-wide or department-wide communication. If they welcome response, explain that Yammer is a better medium than email.
  • Check what are the blocking issues for this organisation and try again when they have been solved in the Office 365 evolution.

If a tool in the toolkit is not used, the question always is: is the tool inadequate or are there another reasons why the users did not adopt it? Like they don’t know about the tool or they don’t understand how to use the tool effectively. If the problem lies in the adoption, there is no guarantee that replacing the tool will be helpful at all. Then there will just be another tool that users don’t know about and don’t understand…

 

 

Microsoft-InnerOuterLoop

March 31, 2018

The user properties need to be correct in Office 365

Filed under: Adoption,Office365 — frederique @ 22:31

In Office 365, things like the job titles, departments and offices of our users are very visible. And we use those properties heavily in the search options. So we are in trouble if these properties are incorrect.

At the moment, we are rolling out Office 365 in a large company. Users are invited to join SharePoint Online sites and Yammer groups. They get Outlook Online. So they are looking around in Office 365 and noticing the properties that are displayed. A well-meaning IT guys pointed out the people search. But now the users are starting to notice that these properties are sorely out of date… And they are not happy about that…

  • “I’ve uploaded my photo in my profile, but that profile says that I am a secretary and I have changed jobs years ago. So how can I change that?”
  • “I’ve followed the wizard to set up Multi-Factor Authentication, like you told me, and I ended up on a page that displays as my office the location where I worked over 3 years ago. I have tried to get that changed time and time again, but it is still wrong”.
  • “This people search result that you pointing out does not make any sense. When I filter by my department, I get the wrong people.”
  • “That search result gives me several people who have left the company years ago.”

The functionality does not work properly, so we don’t get the benefits. And the users get annoyed, so we are actually worse off…

In her Office 365 profile, Megan can change her add her own mobile number and change her birthday. But she cannot edit her job title or department.

In her Office 365 profile, Megan can change her add her own mobile number and change her birthday. But she cannot edit her job title or department.

So:

  • Try to clean up your Active Directory before you roll out Office 365. And implement a solid procedure to keep it up-to-date when people join, move or leave the company or change anything else.
  • If you cannot trust your Active Directory data, do not synchronise too many data into Office 365. Let the users enter their contact details manually. Not the optimal solution, but better than incorrect personal data.
  • And until you have arranged something appropriate, do not promote the functionality….

 

 

January 31, 2018

Office 365 rollout: 5 basics easier said than done

Filed under: Office365 — Tags: — frederique @ 23:42

Currently I am involved in the roll-out of Office 365 at a large construction company. Several thousands of users move over to new tools and a lot of content is migrated. Of course we try to disrupt these users as little as possible, because their business is construction and not IT. But it is not that easy. These are 5 basics that should be taken care of, which sound obvious but turn out to be quite challenging real life.

1.Decide early on how you deal with the different brands in the organization

Not all organizations are homogeneous. In this organization, we have different companies, with different brands, within the same Group. And they are all part of the same Office 365 tenant, facilitated by the Group. Say, the Contoso Construction Group has operating companies and business units like ‘Contoso Buildings South’, but also a unit specializing in hospital support called ‘Helping Health’. So now what?

  • Should everyone get an SMTP address (for e-mail), SIP address (for Skype for Business) and UPN (to log on) that is unified on @contosogroup.com?
  • Or is it important in their market that the people working for the separate brands keep their special e-mail addresses and Skype addresses so that their clients recognize them? So do they keep @helpinghealth.com for these people, in addition to the @contosogroup.com that others have?
  • Or do they have an @helpinghealth.com e-mail address that clients understand, while they log on with the Group UPN @contosogroup.com? This can get confusing for these users, because instructions often say that you have to log on with your email address. Not in this case.

You can keep the separate addresses, but then you need to connect those to your tenant. And for that, you need to decide what you want to do. Preferably with plenty of time before the technical guys need to make it happen and the communication and adoption people need to explain everything.

2a.Make sure you have reliable information on your users

Many things in the Office 365 roll-out are about individual users. Yes, creating a SharePoint portal and templates for collaboration sites is about communities. But licenses, mailboxes and Office 2016 installations for example are about individuals. Which means that you need correct data on those individuals. This sounds obvious, but we have been tearing our hair out over incomplete and incorrect data for a while now…

  • Who is working in the organization? So who needs a license? Whose mailboxes need to be migrated? We have seen a lot of prehistoric mailboxes and accounts that have not been used since 2015. And on the other hand we are not sure we are not missing people.
  • What type of employee are they? Who has a full laptop and who only has a smartphone? Who works in an office and who works at a construction site? As an Information Worker or a construction worker? So what license do they need? What should they install and what kind of support will they need for that? And what would be helpful in their jobs, so what should we promote to them? We have users with special Toughbooks for which the installation process is different and we still don’t know exactly who has such a machine.
  • And who is part of which operating company, business unit, team when you migrate in batches? We try to address colleagues as a group, and to get managers to encourage their own people to take action of they have not done so yet. But there are always people on the wrong list.
  • Where are they based? For example, are they in or near the Amsterdam office or the Rotterdam office? This is particularly relevant if you offer support on location. Too often we have invited people for the wrong sessions.

So if there is a way to clean up your HR-system and Active Directory before you roll out Office 365, do it! Not only for the roll-out, but also to offer the users up-to-date and correct profile information. The people pane and Delve and such are quite prominent in Office 365 and these don’t make any sense if they tie into outdated data…

2b.Set up a watertight process for joiners, movers and leavers

As a corollary to the previous point, getting correct user information should not be a one-time effort, but a process that keeps everything up-to-date. When people join the organization, they need a license. When they move to other units or other roles, their information should be updated. When they leave the organization, their license should be revoked and their content archived or disposed according to the rules and regulations. Even while you arrange to migrate, for example, the users mailboxes, the list changes, so prepare for the moving target.

3.Think about the right order and logical batches first

You cannot do everything in one day, especially if you have a large organization, with a large group of users. And there are dependencies. So what do you have to do first? And what do you have to keep together?

In our organization, it was decided that we were not allowed to store active mail and department information in the cloud (in Exchange Online resp. SharePoint Online sites) without Multi-Factor Authentication (MFA). And Multi-Factor Authentication does not work with Outlook 2010.

So first we have to move everyone from Office 2010 to Office 2016. Then we can enable MFA. And then we can migrate to Exchange Online and get started with department sites in SharePoint Online. Not the other way around.

For the installation of Office 2016, we aim to roll out in batches to groups of colleagues who work on the same location. Then we can offer support on that location – users like face-to-face support more than remote support. And the colleagues can encourage each other and get triggered when they have been left out (because the list turned out to be incomplete again).

For the migration of the mailboxes and calendars from Exchange on-premises to Exchange Online, we try keep colleagues who collaborate a lot in the same batch. Especially managers and their management assistants. If one colleague is still on-prem and the other is already in the cloud, they cannot work in the same shared mailbox (they can read but not send on behalf) and they cannot consult and work in each other’s Outlook agenda. So we organize the batches by business unit.

And because we know we cannot trust batches to include all people who collaborate closely, we try to make the Exchange migration as compact as possible, to lose as little time as possible if somebody is migrated with the wrong batch. This implies that we do all the Office 2016 installations first, so that we have a clean run of Exchange migrations afterwards.

4.Don’t forget the details and the exceptions

The basic plan can be quite simple, but the devil is in the details. For example, the users need to install Office 2016 before Multi-Factor Authentication is switched on. Otherwise they can no longer use their Outlook. Ok, but what do we do with:

  • People who are on leave? Let them deal with it when they come back? Tell their boss?
  • People who don’t have the time for these things? Ask their boss to give this higher priority and stimulate them do the installation anyway?
  • Computers that do not have enough disk space for the installation? Give them a new computer or do some magic to make space anyway? How and who?
  • People who are very busy all day long at a construction site that has a very feeble internet connection? Can we ask them to do everything at home in their spare time or not?
  • Legacy applications that don’t work well with Office 2016? Is there a workaround like a remote desktop?
  • Training laptops managed by one person who does not have enough licenses to install Office 2016 on all of them?
  • People who don’t have a laptop or tablet but only a smartphone? An Office 365 license may be useful, but they don’t have to install Office 2016?
  • People who don’t have a company phone for the Multi-Factor Authentication messages? Ask them to use a private phone?
  • Non-personal accounts, like reception@contosogroup.com?
  • …?

Users often grumble that headquarters (and IT departments in particular) try to steamroller all over them, regardless of the complexities of their everyday work. And they are right. So pay attention to these real-life exceptions.

5.Involve all of the stakeholders

You always have to involve all of the stakeholders, and this is definitely no exception. It takes quite some time, to involve everyone and even to make sure everybody is informed. But it is indispensable.

  • We have the directors and high level managers of the group and the operating companies as decision makers. And where they don’t have to make a decision, they still need to be the first to be informed, before the innocent employees.
  • The IT, communication and information management teams guide and carry out the rollout.
  • We have champions all over the organization who help their colleagues with information, support and encouragement. And don’t forget the secretaries of the different business units, who help us with practical things like locations for the floorwalkers and checks on our user lists. They get updates and knowledge sharing from us before we communicate to the end-users.
  • We communicate with the users who have to take action and/or be aware of something that is changing. They get messages and have the opportunity to respond and ask questions via email, a feedback form, a phone number, whatsapp and sometimes a floorwalker on location.
  • And we have contact with the bosses of the end-users if the end users don’t take action before the deadline: if they don’t listen to us, they may listen to their own boss…

So is this rocket science? No. is is surprising that you have to take care of these basics? No. But is it then easy to do in real life? No! It takes time and effort and smarts. But we will get it done anyway!

December 31, 2017

Article in DIWUG eMagazine – Let us work in Teams

Filed under: Office365 — Tags: — frederique @ 17:46

DIWUG eMagazine is a free magazine published by and for the Dutch community of Information Worker solutions specialists. It has an on school printed paper version as well as a downloadable electronic version.

My article in this edition is about Microsoft Teams. This tool allows teams to collaborate in a chat-based app. It is a hub for teamwork in Office, that ties into existing features combined with new functionality. In this article, we look into the why, what, who and where of Teams.

You can find it here: Download DIWUG SharePoint eMagazine #20

DIWUGPaperVersion

November 30, 2017

Where do I find my Teams?

Filed under: Digital Workplace,Office365 — Tags: — frederique @ 22:44

Ok, so Microsoft Teams is a helpful tool in the Office 365 toolkit for collaboration. But where can I find those Teams? Actually, in many places: in the Office 365 portal in the browser, in a desktop app and in a mobile app. You can structure your set of Teams to make your favorites more prominent, and ask for email notifications with shortcuts to recent activity.

In previous posts I discussed the questions what’s with Microsoft Teams and who is in my Team? Now let us dive into the question where you should look if you want to work in a Team.

On different devices, in the browser and apps

The best way to experience Microsoft Teams is in the desktop app.

The Microsoft Teams desktop app

The Microsoft Teams desktop app

But here is also a Teams app for iPhone, Android and even Windows Phone, so that you can find your Teams on the go.

A Microsoft Teams channel conversation in the Windows Phone App

A Microsoft Teams channel conversation in the Windows Phone App

In Office 365 in the web browser, there is an online version that offer almost all of the functionality included in the desktop app, except for calls with voice and video. Teams has its own tile in the App Launcher.

Teams has a tile in the App Launcher of Office 365.

Teams has a tile in the App Launcher of Office 365.

Structure your collection in the desktop app

Because you may soon be a member of many Teams, it is important to structure your Teams collection.

  • Collapse the Team headings when you don’t need to see the underlying channels, to get a better overview.
  • Select your favorite Teams and demote the rest: click on the ellipsis at the root of the Team and toggle to Favorite or Remove favorite.
  • Within the Favorites list, you can determine the sort order by dragging and dropping Teams up or down. Simple, but I like this a lot! In the overview of my Team Sites in SharePoint Online for example, I don’t have that level of control.
  • The Teams and channels marked in bold have something new.
  • Still can’t find a Team? Then use the search box.
You favorite Teams are displayed at the top of the list. Add a Team to your favorites via the ellipsis.

You favorite Teams are displayed at the top of the list. Add a Team to your favorites via the ellipsis.

The one thing to keep in mind when you organize your favorites, is that Teams in other tenants, where you are a guest (external member) are NOT listed in the same menu. You need to switch to see them.

Switch tenants

Megan works for Contoso and has some Teams there. She can switch to the Teams at Macaw where she is a Guest.

Email notifications to guide you in

It is helpful to receive an email notification when something happens in a Team, especially for people who do not live in Microsoft Teams all day.

You determine which notifications you want to receive and how often, via your Profile in the left bottom corner.

In the notification settings, you can ask for an e-mail, for example, when you are mentioned in a chat (Via Profile > Notifications)

In the notification settings, you can ask for an e-mail, for example, when you are mentioned in a chat (Via Profile > Notifications)

So yes, I find it quite easy to find my Teams.

Older Posts »

Powered by WordPress