SharePoint Everywhere, SharePoint Mobile App

 

Today, we are more on-thego than we have ever been and access to digital information has never been more critical with on demand immediate access.  Have you ever lost your smart phone or your tablet?  Been in a remote area without any connection?  Felt flustered and lost because you could not reach out to the digital world to grab the information that you require? Have you walked into a meeting ready to “wing it” because the updated information on the project was not accessible once you left the office? SharePoint Mobile App is the solution that has been developed to meet the need of keeping in communication with your corporation’s intranet while you’re on-the-go. 

SharePoint is evolving. Changing. Adapting. Meeting users’ needs.  SharePoint is now available for your smart phone or tablet with SharePoint Mobile App. SharePoint is now available in your pocket while you’re on the go, providing accessibility to your intranet from any location, 24/7 and across on all your personal mobile devices. 

The SharePoint Mobile App works with SharePoint Online in Office 365, on-prem with SharePoint Server 2013 and 2016 and your hybrid environment.  It is cloud based, working synergistically with OneDrive, and is available for iOS as well as Android and Windows (the latter two will be available later this year).  It is driven by Office Graph, a backend tool which facilitates searches across integrated applications in Office 365 including its content repositories and OneDrive.  The artificial intelligence of Graph allows the program to machine learn – analyzing, building and connecting people based on the content that each user accesses the most frequently.  As a result, it provides the most pertinent content, sites, portals, and contacts for given projects within a corporate enterprise with extreme ease of access.  SharePoint mobile has brought intranet corporate collaboration to a whole new level. 

On the Discover screen, one can quickly and easily access corporate news and announcements, most frequented sites, contact list of co-collaborators and search across the corporate structure for digital information through navigation tiles which resemble the Sway environment.  With Graph operating in the background, the tiles will feature the information that is most relevant to the collaborator based on their usage, assignments and hits in SharePoint 2016 and Office 365. 

With early release versions of SharePoint Mobile App, there will be smaller tiles, or tabs, and when touched, will open and provide details and specific information.  Let’s start with the first tab – the Sites tab. By selecting the Sites tab, a list of sites that the collaborator frequents and follows will appear.  The next level will provide additional information including recent activity, files and assets, which also include lists, documents, pages and subsites.  True to the definition of collaboration, these sites can be easily shared. 

As with all Microsoft products, SharePoint Mobile App is linked with other Office apps.  What does this mean for the collaborator?  This means that there is a seamless integration of Office 365, SharePoint Mobile App and other Office programs such as Word, Excel and the remainder of the suite.  For example, when the collaborator is looking at Recent documents and clicks on a Word document, SharePoint Mobile App will take the user directly into the corresponding mobile app so they can readily edit, manage, share or view the document and/or information.   

As SharePoint is an intranet collaboration app, having the ability to see who you are collaborating with and having the ability to communicate with them would be vital for a successful project.  By touching the People tab, you will be able to browse and find colleagues within your network.  By tapping on the individual, pertinent information including their contact information, projects they are collaborating on and team members of these projects will appear.  

Though Graph provides the most frequently used and accessed information on an individualized basis, there are instances when it is still necessary to find digital information manually. This brings us to SearchSearch in the SharePoint Mobile App provides a full enterprise search so that not only can you search for content, but you can also search for people by applying filters such as sites, files and people.  Search crawls across the corporate intranet including the SharePoint team sites, folders in OneDrive for Business, restricted to the ones which you have access to, company portals, and Graph’s recommended content. 

Though individual collaborators will see their recommended content, management requires the ability to make announcements, provide resource information, and provide standardized sites and programs that can be accessed by all members in the company.  Created by the SharePoint administrators in Office 365, the Links tab will provide corporate wide information for all employees. 

SharePoint Mobile App is an extremely powerful tool for on-the-go collaboration.  By integrating SharePoint, Office 365 and OneDrive, Microsoft is reshaping and redefining how intranet collaboration is done, what intranet collaboration should look like and why intranet collaboration is vital to the on-the-go corporate work style. 

Data Loss Prevention (DLP) in SharePoint 2016 and Office 365

 

With technology and the sharing of information, especially sensitive data, between staff, vendors and external companies, all corporations have become targets for hackers and criminals whose sole objective is to find an avenue to steal this information.  Quite common, it is the benevolent mistake of an employee who includes information about a client, such as a credit card number, a name or an account number, to the outside corporate world through email, social posting, lost portable drive with downloaded confidential information, or a photo of critical information that they took so they could access the information on the go without have to carry the document or file with them.  Breaches can include privacy (examples of companies include Sony, Human Resources and Skills Development Canada “HRSDC”, Adobe Systems, Corrections Canada), health and medical (examples include Health Net, Durham Regional Health, Kaiser Permanente), and identity theft (examples include JPMorgan Chase & Co, CIBC, Daimler Chrysler Financial Services Canada, Inc.).  These examples are all breaches of personal information and corporations are being held legally responsible and accountable.  Facebook Inc., Bell Canada and BC Provincial Health Services Authority have all faced class action suits and the plaintiffs have been successful in their cases.  As you can imagine, customer privacy and the ability to keep their information private, is not an option.  It is mandatory and DLP with SharePoint and Office 365 enhance the ability to keep this information from being shared with those who should not have access to it. 

DLP was first introduced in Microsoft Exchange Server 2010 and later expanded to include Outlook and Outlook Web App.  DLP has now been extended further to include SharePoint 2016 and Office 365, which allows a business to build a DLP structure across email and data, which is phenomenal news for all whether you are on-prem or in Office 365 (SharePoint Online being part of Office 365). 

There is a difference between document lifecycle management and DLP.  DLP does not replace the process for document lifecycle management.  Rather, DLP allows your business to build a policy model to discover, or find, confidential data and protect it in a way not previously possible.  With the integration of DLP over email and data, businesses now have a method to protect critical data from leaving the corporate premises in err through real-time monitoring of user activity, thus reducing and/or preventing critical data breaches.   

The DLP configurations for SharePoint 2016 and Office 365 have slight differences between them. 

Unlike SharePoint 2016, Office 365 is ready for you to start creating policies through the Security and Compliance Admin Console within the Office 365 Admin Centre.  Yes, it is as simple as that.

However, SharePoint 2016 is not as simple as that.  Before you can begin, you must configure the prerequisites for the DLP:

  1. Create your search service application and define a crawl schedule.  Once this is completed, perform a full crawl;
  2. Configure outgoing mail in order for policy notifications to be sent via email;
  3. Allow Usage Reports by turning it on.  This will allow incident reports and overrides to be logged appropriately;
  4. Create, either one or both, eDiscovery Centre and/or Compliance Policy Centre site collection.  Note that:

     

    1. each web application requires its own Compliance Policy Centre – you cannot have one that applies to all site collections across all web applications; and
    2. one eDiscovery Centre site collection can run DLP queries across all site collections in all web applications. 
  5. Determine the compliance team, risk team and information security team.  Permissions are granted by making these users members of the Site Collection members group so that they may access and manage DLP policies. 

It cannot be stressed enough that a healthy search and crawl configuration is critical as the core data source behind both Office 365 and SharePoint 2016 is the SharePoint Search Index.  If the content is not in the Search Index, the DLP engine will not find it.  In addition to this, you cannot apply DLP policies to sites or content that has been excluded from SharePoint.

In order for new content to be found, a crawl must occur so that the Search Index is updated with the content.  Additionally, in order to enforce DLP policies, four related timer jobs must run.  All this must occur before DLP policies can be enforced on confidential and critical information, and this can take up to 24 hours before the policies become effective in SharePoint 2016. 

We’ve mentioned DLP policies, so how do we create these?  It’s important to note that writing the DLP policy in Office 365 is different than in Office 365.

Before writing any policies and rules, one should determine how many data items in your organization’s SharePoint are in breach of your company’s compliancy regulations.  The discovery process relies 100% on the crawled Search Index.  You have the ability to conduct a DLP query based on specific DLP templates across your SharePoint data.  By conducting this query, you can quickly identify the policies that require management as well as the areas that are in breach.  In SharePoint 2016, a new eDiscovery site template called a DLP query allows a user, who must have read access to all data in SharePoint, to launch queries against all DLP templates or specific content in the SharePoint environment.  Read access to all SharePoint data can be granted via a Web Application Policy on-prem or by adding the user as a site collection administrator in SharePoint Online or on-prem.   Once Discovery has been completed, and areas of breach have been determined, you can proceed to write the DLP policies and rules. 
 

DLP Policy Creation in Office 365
 

1.  Specify locations where the policy may be applied for SharePoint Online and OneDrive for Business by listing all sites or specific sites;

2. Configure one or more DLP Rules.  Each rule consists of:

a.  Conditions

There are 80 templates specifying the conditions and these are the same ones used in Exchange.  The full list of templates can be found via the hyperlink.  You must:

  1. choose the applicable templates to apply as you cannot create custom data sensitive templates
  2. determine and set the maximum and minimum number of instances for each sensitive data type selected
  3. determine who the content is shared with.  This includes internal and external people and organizations
  4. metadata properties

  b.  Actions

  1. send a default or custom email notification
  2. show a default or custom policy tip
  3. allow an override with or without business justification
  4. block content to all users with the exception of site owners, document owners or last modified user

   c.  Incident Reports

  1. logging of report
  2. level of severity
  3. email notification with report attached

  d.  General Settings

  1. name of rule plus description for each rule
  2. name of policy plus description for each
  3. indication of whether policy has been configured or not

 

DLP Policy Creation in SharePoint 2016 


The DLP policy creation in SharePoint 2016 is similar to Office 365, but there are some notable differences:   

1.  Specify DLP Policy name;

2.  Select 1 of the 10 possible policy templates.  Each policy template consists of a combination of 10 sensitive data types.  These relate only to US and UK sensitive data types;

3.  Determine and set the number of incidences of the sensitive data type which will, in turn, trigger the policy;

4.  Provide the specific email address for the incident report to be emailed to;

5.  Determine to display a default policy tip or not;

6.  Determine who will be blocked access to the content – all users except site owners, document owner or last modified user;

7.  Assign the policy to a site collection where you wish it to be enforced.  Each site collection must be specified one at a time as there is no overall site collection ability.  Also note that you cannot specify the application of a policy down to the subsite level. 

Remember, a search crawl and four timer jobs must be completed before the new data and policies are enforced.   

With SharePoint 2016 and Office 365, the integration of DLP policies and rules spanning data in SharePoint and Exchange provide corporate entities more power in technology to combat the onslaught of hackers who try to steal and misappropriate sensitive data.  By having control over DLP protocols, corporations now have the ability to audit their data and their users in real time to proactively prevent the loss of sensitive data.  Data Loss Prevention – this is what SharePoint 2016, Office 365 and the future of security software are focused on.