How Atrium Health SharePoint Team Manages Office 365

Notes from the field How Atrium Health SharePoint Team Manages Office 365

Diamond Platinum Gold Silver Thank you sponsors!

Who am I? Kelly D. Jones Atrium Health IAS Director (SharePoint / OneDrive / Yammer / Custom Dev) 20+ years industry experience; 10+ SharePoint My blog: http://www.KellyDJones.com Twitter: @ KellyDJones LinkedIn: https://www.linkedin.com/in/kdjones74/

What is Atrium Health?

Why this presentation? Office 365 impact – real world example Practical advice – beyond the sales demo Is the way we do things perfect? Um, no. Your mileage may vary.

Atrium Health ’s Move to Office 365 Office 365 E3 license for ~45k end users All end user mailboxes are Exchange Online

Atrium Health’s Office 365 Services

How will you support Office 365? Will you limit OneDrive sync? Will you support Explorer View? How will you direct people to Office? Will you allow external sharing? Will you back up SharePoint/OneDrive? Who can create SharePoint Site Collections? How will you track SharePoint site owners? Who can create Office 365 Groups/Teams? How will you populate Groups? Will you limit PowerApps/Flow connectors? Are you ready for disruptive changes? Are you ready for InfoPath/ SPDesigner retirement? How will you keep up to date? How does Atrium handle changes? How does Atrium communicate changes? Questions…

What we mean for “support” – Incident resolution – IT will fix it if something breaks IT Solution Creation – IT will build solution using O365 tools Training Learning materials/training available for end users Learning materials/training available for power users Adoption campaign Atrium Health – too many tools and not enough IT…. How will you support Office 365? Core Workloads 100% Supported by IT Exchange / Outlook Skype SharePoint / OneDrive Yammer Power BI (IT created dashboards) Community Support Workloads Best effort support by IT Office Apps (anything beyond install) PowerApps / Flow Stream Power BI (end user created dashboards)

Sync is allowed regardless of the button appearing Can also set per library (full control or edit permission on the library to configure) Mac OS Atrium Configuration: Sync to domain joined Windows PCs No Macs Will you limit OneDrive Sync?

Explorer View is still available in SharePoint and OneDrive Must use IE IE must be configured in a particular way User must be logged in via browser before using Explorer View Users like the familiar Windows Explorer user interface They’re less likely to use new features such as sharing and version history Users can break their SharePoint and OneDrive sites! Example 1: “I don’t need folder” Example 2: Windows 10 “shortcut” rename Atrium advises users against Explorer View, but we can’t block it Will you support Explorer View?

Lots of URLs can be used Office desktop apps can be starting point Atrium: Direct all teammates to two links: one internal, one external Link goes to https://office.com/1 Internal link also checks for browser version and generic login Generic logins are auto-login PCs in clinical environment If generic login detected, then username and password prompt appears How will you direct people to Office 365?

OneDrive setting applies to all OneDrive sites SharePoint can be configured per site collection You can whitelist/blacklist domains to share to You can allow anonymous or require external users to log in Atrium settings: External sharing allowed for OneDrive and SharePoint Anonymous is allowed in only TWO site collections No whitelist/blacklist configured Guests must sign in using the same account to which the sharing invitation was sent to Will you allow external sharing?

Atrium does not backup SharePoint/OneDrive (!) Scenarios: Document deleted – Recycle bin restore Document overwritten – Version history Version history is enabled by default on all libraries (NOT LISTS) Version history minimum is enforced by Microsoft – 100 versions Sub site deleted – Recycle bin Site Collection deleted – Recycle bin Our experience: People are more likely to misplace files than to delete them People use OneDrive when they should be using SharePoint Will you back up SPO/OneDrive?

Option 1: Self-Service Site Creation Option 2: Only IT administrators Who can create SharePoint Site Collections?

Atrium disabled “self-service site creation” from the start Only the IT SharePoint team can create site collections End Users submit a request fo r new site collections Identify owners (up to three) Title and description SharePoint Designer and External Sharing Data sensitivity Average 15-20 new site collections per month Less than 50 have been denied (duplicate, name too general, etc.) Who can create SharePoint Site Collections?

Rethinking our policy… We rarely deny new site collection requests We don’t have the resources to verify if a new site is a duplicate Site owners aren’t renewing sites consistently Site owners aren’t correctly identifying sensitive data sites No technical difference between sensitive and non-sensitive sites What’s the minimum we need to do : As IT to manage the environment? To meet compliance and security requirements? Answer: We must have an owner identified – Site Collection Administrators We must treat all sites as if they have sensitive data – Cloud Access Security Who will create SharePoint Site Collections?

Option 1: Custom List in SharePoint Lots of manual work to maintain ( Atrium’s old policy ) Option 2: SharePoint Site List in Admin Center Primary Admin isn’t easily updated by end users (?) Only one primary Option 3: Site Collection Administrators ( Atrium’s new policy ) Easily updated by any current Site Collection Administrator One loophole: what to do when the last SCA leaves? Custom utility will ( still developing) Log who the owners are and who their managers are When the last owner leaves, grants their manager SCA permission and emails them Just like OneDrive How will you track SharePoint Owners?

All Global Admins (can’t block admins) Option 1: Only specific users can create Business Users in a designated AD Security Group Note: people in this group must have an Azure AD Premium or Azure AD Basic EDU licenses ( Microsoft documentation ) Option 2: Any user can create There are 20 ways to create an Office 365 Group ( See blog post ) Most of the 20 are accessible to end users Microsoft Documentation Who can create Office 365 Groups?

You can only do the following if you can create groups: Office 365 Groups in Outlook Groupify a SharePoint site Create a plan in Planner Create a channel in Stream Create a workspace in PowerBI (groups no longer required) Microsoft Recommendation : Strongly consider self-service to empower group owners. What happens if you limit group creation?

They will create groups…. What happens if anyone can create Groups?

Using Microsoft features : Group Naming Policy Group Classification (data tier) Group Usage Guidelines Expiration Policy Terms of Use Custom utility to document Group owners (current and past) C# utility deployed as Azure WebJob Uses Microsoft Graph API to gather group info Writes log info to two SharePoint custom lists (Groups, Owners) Use SharePoint Version History to see when Groups/Owners change Future state will include process for last owner leaving scenario How to manage unrestricted group creation? Require Azure AD Premium License

Group Owners can add/remove members Group Owners can promote/demote owners Public groups – people can add themselves Private groups – owners must add Dynamic Groups – Add/Remove members based on profile information (Azure AD) Requires users to have Azure AD Premium license Atrium Configuration: No AD Dynamic Groups Legacy solution populates on prem AD Groups Building custom solution to populate groups How will you populate Group members?

Tip: Connectors are documented here Data Governance Policy – configuration applies to both PowerApps and Flow You cannot block a connector 100% You can only limit which connectors are used together Flow Admin Center  Data policies PowerApps Admin Center  Data policies SO, is SQL Server business? Yes – PowerApps/Flow can connect to any SQL Server No – PowerApps/Flow can connect to any SQL Server Suggested solution: Create a Flow that uses the Flow admin connector that looks for SQL Server connections and deletes any that aren’t on an approved white list Will you limit connectors in Flow?

Microsoft will notify customers about upcoming “disruptive changes” Microsoft defines whether a change is disruptive Are you ready for disruptive changes?

From Microsoft employee post on TechCommunity : “There is DIFFERENT governance for service removals in Office 365. The strict guidance is that Microsoft will give at least 30 days notice when we've indicated a replacement product; 365 days notice if there is no replacement; and that undocumented, unsupported features or risks which are found to compromise the security or platform integrity could be turned off immediately. For example, if we found a huge security loophole in the "Widget" web part, for example, we might remove that web part immediately to protect our customers while we work on the issue.” …“By precedent, even though we identified a replacement tech for Access Web Apps (PowerApps) we communicated that service removal 15 months in advance.” https://techcommunity.microsoft.com/t5/SharePoint/InfoPath-support-in-SharePoint-Online/m-p/97876#M9157 Disruptive changes: InfoPath & Designer?

Office 365 Admin Center – Service Health Dashboard Service health Issues that Microsoft determines at least one of your users might be seeing Message center Change announcements that are applicable to your tenant Planned maintenance outages – typically seven-day notice Example: SharePoint and OneDrive were read only from 9pm-1am (Wed-Thurs) with one-week notice Office 365 Admin app – same data as Admin Center web site Mobile and desktop versions Push notifications for health issues How to keep up?

Office blogs: https://blogs.office.com/ Microsoft Tech Community  Blogs Curate a list of blogs by industry MVPs Microsoft Tech Community: https://techcommunity.Microsoft.com Roadmap: Thin on details and few if any dates published Usage reports update: new reports for SharePoint, OneDrive and Yammer New reports in the Office 365 usage dashboard. We continue to add new usage reports, including Yammer groups, SharePoint clients and OneDrive clients, to provide you with a complete picture of how your organization is using Office 365. Feature ID: 70929 How to keep up? New Infographic: http://icsh.pt/TheJoneses

Individual teams (SharePoint, Exchange, Desktop) Monitor news from Microsoft daily (blogs, Message Center, etc.) Office 365 Tech Team / Leads Meet weekly to coordinate efforts Determine what needs to be escalated Teammate Workgroup – IS and business users/leaders How do we handle changes?

Yammer announcements Information on People Connect (top level intranet) Focused emails (ex: site owners only) Enterprise wide emails Announcements on home page of People Connect How do we communicate change?

#SPSCLT19 Speaker Survey Session 3 Thank you. What questions did I forget?

Speaker Survey and Raffle This year we are replacing the paper version of Speaker Survey with Microsoft Forms. Scan the QR code for each session to access and submit your survey. QR codes can be found in the program guide or on the room sign located by the door. You will receive ONE raffle ticket for each session survey you complete. The raffle ticket volunteer will validate your First and Last name before providing your ticket(s) Drawing will be held this afternoon 4:30-5:00 pm. Must be present to win. You can download and use the QR Reader app available for both iOS and Android

SharePint Happy Hour event held after SPSCLT19 at Duckworth’s Grill and Taphouse Uptown. Walking distance from UNC Charlotte Center City campus and the 7 th street light rail stop.

Migrating to SharePoint Online Monday Tuesday Wednesday Thursday Friday Week 1 SP Team Migrate site (full copy) SP Team Testing SP Team Testing Week 1 Business Owner Business owner testing Business owner testing Week 2 SP Team Migrate site to production (incremental) Identify next batch of sites Week 2 Business Owner Business Owner Testing Business Owner Testing Business Owner Sign Off Tool used: MetaVis Architect Suite (now Metalogix Essentials)

SharePoint Team – Aligning Skill Set Support SP Instructor SP Admin SP Analyst SP Designer SP Dev Architect / Manager PM / Tech Lead 2011 1 1 1* .5 2012 1 1 1* 1* 1* .5 2013 1 1 1* 1* 1* 1 1 .5 2014 1 1 1* 1* 1 1 .5 2015 1 1 1* (Migration) 1* (Migration) 1 1 1 (Migration) 2016 1 .25* 1 1 1 (Migration) 2017 1 .25* 1 1 1 2018 1 .25* 1 .5 Hiring 2019 1 .25* 1 .5 1 *Contractor

Where did they announce this change? The Office 365 Message Center for announcements The Office 365 Health Dashboard Tech net Blogs published by the product groups (Office Blogs, PowerApps, Planner, O365 Roadmap, SharePoint) Blogs by industry MVPs (150+) Product team announcements in the Microsoft Tech Community forums Plus Spaces in the Microsoft Tech Community (aka forums, 20+) #6 – “The Office Retirement Blog” – which didn’t exist until this post. I spotted it because of #5… Disruptive change – Access Web Apps

How Atrium Health SharePoint Team Manages Office 365

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

How Atrium Health SharePoint Team Manages Office 365

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Clinical approach Dyspnoea A simple and practical approach.pptx

Cancer Awareness therapy for public by Dr Kanhu Charan Patro

Prof Satyadas Memorial oration Kozhikode.pptx

Viral Conjunctivitis and it;s managment.pptx

Essential Thrombocythemia 15 Years of Experience at the Hematology Department, Algies, Algeria.pdf

Hypertension sign symptoms cmdt style with regime