Search This Blog

Friday, February 5, 2016

Design a security trimmed navigation in SharePoint Online

Design a security trimmed navigation in SharePoint Online

...or SharePoint 2013, SharePoint 2016, SharePoint 2010...you get the picture by now.

What users want...

Users want to navigate quickly to the required information...ow gods if this was the only thing they wanted. Let's asume we have a user that wants just that :-)

...users get!

When working with SharePoint you have to take the boundaries and limits into account. One of the biggest challanges with navigation in SharePoint is how to get information accross site collections? Your biggest asset here is the use of search. Search is able to look beyond site collection boundaries. Another mayor benefit is that it is security trimmed. This means that you only see what you are allowed to see.

For more information on security trimming in SharePoint read the following:
https://technet.microsoft.com/en-us/library/dn167721.aspx

This makes search one of the best candidates for navigation.

My Enterprise Search Center is up and running now what?

In order to really use search you can (or must?) plan your information architecture.

Let's say we have created a site collection:
- Projects

We have created 1 (for simplicity) content type called: Base with a single site column: Customer. Customer is of the type managed metadata.

When we create a new Project site we add a list with the content type Base. After that we add a record to the list, defining the Title and Customer.

We created the following structure:
/sites/projects/Project1 | Base.Customer:Contoso 
/sites/projects/Project2 | Base.Customer:Microsoft
/sites/projects/Project3 | Base.Customer:Contoso

Because we added records to the lists and thus the site columns Search creates crawled properties. When this is done we can create managed properties.

Let's say we created a managed property called: Customer.
We can now search for:
Customer:Contoso.
This should result in 2 hits Project1 and Project3.

You can use the above to create the following wireframe:


The recipe:
- 1 web part page
- 1 search refiner webpart
- 1 search results webpart

Configure the refiner webpart to be able to refine on Customer (division or status).
Configure the search result webpart with the following config:
path:https://<tenant>.sharepoint.com/sites/projects    (contentclass:STS_List) ContentType:Base

Hope you have fun with this!

For background reading

https://support.office.com/en-us/article/Manage-the-search-schema-in-SharePoint-Online-d4fab46d-ba41-4c03-9d4c-32b5b33198b6#__toc351360841

https://support.office.com/en-us/article/Manage-the-search-schema-in-SharePoint-Online-d4fab46d-ba41-4c03-9d4c-32b5b33198b6?ui=en-US&rs=en-US&ad=US

https://support.office.com/en-us/article/Manually-request-crawling-and-re-indexing-of-a-site-a-library-or-a-list-9afa977d-39de-4321-b4ca-8c7c7e6d264e?ui=en-US&rs=en-US&ad=US

http://en.share-gate.com/blog/understand-sharepoint-crawled-and-managed-properties-for-search

Troubleshooting search in SharePoint Online.
https://blogs.perficient.com/microsoft/2014/11/troubleshooting-search-in-sharepoint-online-o365/

SharePoint Online, Windows Intune, Information Rights Management and a cherry pie

SharePoint Online, Windows Intune, Information Rights Management and a cherry pie

A short story on how Windows Intune, Information Rights Management SharePoint Online can work together while eating a delicious cherry pie.

First things first. What's what?

SharePoint Online 

Organizations use SharePoint to create websites. You can use it as a secure place to store, organize, share, and access information from almost any device. All you need is a web browser, such as Internet Explorer, Chrome, or Firefox.
https://support.office.com/en-us/article/What-is-SharePoint-97b915e6-651b-43b2-827d-fb25777f446f

Windows Intune

Microsoft Intune offers features for the management of mobile devices and applications, and pc management from the cloud. With Intune enables organizations to their employees virtually anywhere and on virtually any device access to enterprise applications, data and business information sources and at the same time secure.
https://www.microsoft.com/nl-nl/server-cloud/products/microsoft-intune/overview.aspx

Information Rights Management

Within SharePoint IRM protection is applied to files on the list and library level. Before your organization can make use of IRM protection, you must first set up Rights Management. IRM SharePoint Online is based on the Active Directory Rights Management service Microsoft Azure (Microsoft Azure AD RM) to encrypt and assign usage restrictions.
https://support.office.com/nl-nl/article/IRM-Information-Rights-Management-instellen-in-het-SharePoint-beheercentrum-239ce6eb-4e81-42db-bf86-a01362fed65c#

How can Windows Intune, IRM and SharePoint Online benefit from each other?

Really short: Windows Intune enables organizations to mark devices as trustworthy, or not. This makes it possible to say (for instance) : hey! Only devices I trust are allowed to access to SharePoint Online or corporate email.

A typical flow for conditional access might look as follows:

Use conditional access to manage access to Microsoft Exchange On-premises, Exchange Online, Exchange Online Dedicated, and SharePoint Online.

https://technet.microsoft.com/en-us/library/dn818907.aspx

This shows how Microsoft Windows Intune and SharePoint Online work seamlessly together.

How does IRM help in this picture?
IRM helps secure confidential content in the following ways:
- prevent an authorized user to copy content for unauthorized use, customize, print, fax or copy and paste.
- prevent an authorized user to copy the content with the print screen feature of Microsoft Windows.
- prevent an unauthorized user to display the content that is sent in an e-mail message after being downloaded from the server.
- Access to content is limited to a specified period, after which users must confirm their credentials and need to download the content again.
- Assists in the implementation of corporate policy for use and dissemination of content in your organization.
https://support.office.com/nl-nl/article/IRM-Information-Rights-Management-op-een-lijst-of-bibliotheek-toepassen-3bdb5c4e-94fc-4741-b02f-4e7cc3c54aa1?ui=nl-NL&rs=nl-NL&ad=NL

Conclusion

Microsoft has done a great job in advanced security and protection of your intellectual property. Please use your own intellect by properly following the plan-do-act circle!

Friday, January 22, 2016

Grand Theft Data (Loss Prevention) in SharePoint 2016


Grand Theft Data (Loss Prevention) in SharePoint 2016 or Online



Sorry, no new version of GTA is forthcoming…this blog is about Data Loss Prevention (DLP) in SharePoint 2016 public beta 2 release.

DLP what is it not? DLP has nothing to do with backup or recovery. In general it is a combination of technology and processes that safeguard sensitive information from (un)intentional loss.

This blog is a summary from a nice blog on the MVP Award Program site.

What is DLP? It is a complementary set of technologies to aid your business strategy to handle and protect sensitive business data that restricts sensitive data being put into SharePoint. 
Examples are:
  • Credit card numbers
  • Passport numbers
  • Etc.

DLP is consists of 2 main elements:
  • Discovery
  • Policy
An important point to mention here is that both of these options do apply to both items stored in SharePoint 2016 On Prem, SharePoint Online and Items stored in OneDrive.
 

Data Loss Prevention: Discovery

Having the ability to perform a DLP query based on a DLP template. A.k.a check if credit card numbers and the like are in SharePoint! The outcome relies 100% on search having crawled all content.
 
In other words the Discovery section let you FIND and REPORT information that holds sensitive information.
 
You will be needing one (or more) eDiscovery sites for this.
So if you have a document with a creditcard number in it, the eDiscovery site will report this document.
 

Data Loss Prevention: Policy

Having the ability to enforce and actually restrict viewing of sensitive information! To do this you need to create a (set of) policy(s).
 
After you have set the policies and you have linked it to your site collection(s) the document with the creditcard number will be blocked!
 
You will need to create one (or more) compliance site(s) for this.
 
Please read Steve's blog for full details! It is really a very good document (and read)!
 

Sources:

http://www.mcafee.com/us/products/total-protection-for-data-loss-prevention.aspx
https://www.checkpoint.com/products/dlp-software-blade/
http://www.microsoft.com/en-us/download/details.aspx?id=49961

Update 29th januari 2016
I just came across some extra information from Microsoft Netherlands, written by Hans van der Meer, that might be usefull to you as well:
https://blogs.microsoft.nl/microsoftvoorwerk/technologie-helpt-voorkom-datalekken/

eDiscovery:
https://blogs.office.com/2015/06/17/introducing-compliance-search-in-office-365/?fromblog=997321


Think before you act

Think before you act

 
Information flows
 
SharePoint is just an enabler. The people that use your precious intranet, collaboration or whatever solution are the ones you need to keep happy. Mostly they don't give a…great deal about the technology below, in this case: SharePoint.
 
They just need to do their job and preferably as fast as possible! 

That is one of the major reasons why you need to think before you act. Ask yourself:
  • What are we trying to accomplish with this solution?
  • Who will be using this solution?
  • What is it that they need to do?

You need to be able to answer the questions above before even thinking about creating site collections, libraries or other objects. Please do! Plan for SharePoint 2013
 
Once you have the answers you will need to document them. Again Microsoft helps us by providing templates for documenting your solutions Planning worksheets. 
 
The planning worksheets help you build your logical architecture. Perhaps you already notice we are working from the business down! Please remember that we are building a solution for real people.
 
In my future posts we will be diving head first in the information architecture to find out that different persona's work with your solution, requiring their own specifics that need to be facilitated!

Usefull links: