Thursday, August 31, 2017

Automatically Extract Insights from Videos in OneDrive

With Microsoft Flow and Microsoft's newly released Video Indexer services, extracting insights from videos in libraries, whether it be people, places or any term, can be automated, saving dozens of man-hours over performing manually.

HUGE time saver in the exponentially growing Enterprise Content space of videos.

Check out Adi Regev's article from the Microsoft Flow Mobile Team:  How to gain business insights on videos in your work place

Thursday, August 24, 2017

SharePoint Online, OneDrive for Business and O365 Groups Site Deletion Policies

SharePoint Online and ODFB Site Deletion Policies

I was asked to recommend site deletion policies for a client's Office 365 tenant, in addition to methods of house-keeping for ODFB and Office 365 groups. My first thought was SharePoint Site Deletion Policies. as this was the method employed for SharePoint on-site. However, after completing the research, I now believe Office 365 Retention Policies are the best path forward, as these work with not only SharePoint Online, OneDrive for Business and Office 365 Groups, but also Exchange Online.

Read on to learn more:

Retention Policies

Volume and complexity of data is increasing daily – email, documents, instant messages, and more. Effectively managing or governing this information is important because of the need to:
  • ·       Comply proactively with industry regulations and internal policies that require content be retained for a minimum period of time – for example, the Sarbanes-Oxley Act might require retention of certain types of content for seven years.
  • ·       Reduce risk in the event of litigation or a security breach by permanently deleting old content that is no longer required to keep.
  • ·       Help organizations to share knowledge effectively and be more agile by ensuring that users work only with content that’s current and relevant to them.

A retention policy in Office 365 can help achieve all of these goals. Managing content commonly requires two actions:
1.       Retaining content so that it can’t be permanently deleted before the end of the retention period.
2.       Deleting content permanently at the end of the retention period.
A retention policy can:
·       Decide proactively whether to retain content, delete content, or both – retain and then delete the content.
·       Apply a single policy to the entire organization or just specific locations or users.
·       Apply a policy to all content or just content meeting certain conditions, such as content containing specific keywords or specific types of sensitive information.

Retention Policies with Content In-Place

When including a location such as a site or mailbox in a retention policy, the content remains in its original location. People can continue to work with their documents or mail as if nothing’s changed. But if they edit or delete content that’s included in the policy, a copy of the content as it existed when the policy was applied, is retained.
For sites, a copy of the original content is retained in the Preservation Hold library when users edit or delete it; for email and public folders, the copy is retained in the Recoverable Items folder. These secure locations and the retained content are not visible to most people. With a retention policy, people do not even need to know that their content is subject to the policy.
v Skype content is stored in Exchange, where the policy is applied based on message type (email or conversation).
v A retention policy applied to an Office 365 group includes both the group mailbox and site.

OneDrive Accounts and SharePoint Sites

A retention policy is applied at the level of a site. When including a SharePoint site or OneDrive account in a retention policy, a Preservation Hold library is created, if one doesn’t already exist. The Preservation Hold library is only visible to site collection administrators.

When content is changed, or deleted in a site with a retention policy for the first time since the policy was applied the content is copied to the Preservation Hold Library and allows for the change of the original content. New content (added after policy is applied) isn’t copied to the Preservation Hold library the first time it’s edited, only when it’s deleted. To retain all versions of a file, turn on versioning.

After a retention policy is assigned to a OneDrive account or SharePoint site, content can follow one of two paths:
  1. If the content is modified or deleted during the retention period, a copy of the original content as it existed when the retention policy was assigned is created in the Preservation Hold library. There, a timer job runs periodically and identifies items whose retention period has expired, and these items are permanently deleted within seven days of the end of the retention period.
  2. If the content is not modified or deleted during the retention period, it’s moved to the first-stage Recycle Bin at the end of the retention period. If a user deletes the content from there or empties this Recycle Bin (also known as purging), the document is moved to the second-stage Recycle Bin. A 93-day retention period spans both the first- and second-stage recycle bins. At the end of 93 days, the document is permanently deleted from wherever it resides, in either the first- or second-stage Recycle Bin.

v The Recycle Bin is not indexed and therefore searches do not find content there. This means that an eDiscovery hold can't locate any content in the Recycle Bin to hold it.

Document Versions and Retention Policies

If a document is deleted from a site that’s being retained and document versioning is turned on for the library, all versions of the deleted document are retained.

If document versioning isn’t turned on and an item is subject to several retention policies, the version that’s retained is the one that’s current when each retention policy takes effect. For example, if version 27 of an item is the most recent when the site is retained the first time, and version 51 is the most recent when the site is retained the second time, versions 27 and 51 are retained.

Retaining content for a specific period of time

Retain content indefinitely or for a specific number of days, months, or years. Alternatively, retention policies can also simply delete old content without retaining it.

v The duration for how long content is retained is calculated from the age of the content, not from when the retention policy is applied.
v Choose whether the age is based on when the content was created or (for OneDrive and SharePoint) when it was last modified.

Applying a Retention Policy to an Entire Organization or Specific Locations

Easily apply a retention policy to an entire organization, entire locations, or only to specific locations or users.

Org-wide policy

One of the most powerful features of a retention policy is that by default it applies to locations across Office 365, including:
ü  Exchange email
ü  SharePoint sites
ü  OneDrive accounts
ü  Office 365 groups (applies to content in the group’s mailbox, site, files, OneNote, and Team conversations. Support for content in Planner, Yammer, and CRM is coming soon.)
ü  Exchange public folders

v There is no limit to the number of mailboxes or sites the policy can include.
v For Exchange, any new mailbox created after the policy is applied will automatically inherit the policy.
v Limit of 10 org-wide policies and entire-location policies combined per tenant.

Entire Locations

Include or exclude an entire location, such as Exchange email or OneDrive accounts. Like an org-wide policy, if a policy applies to any combination of entire locations, there is no limit to the number of mailboxes or sites the policy can include.

v Limit of 10 org-wide policies and entire-location policies combined per tenant.

Inclusions or Exclusions

Apply a retention policy to specific users, Office 365 groups, or locations.
However, note that the following limits exist for a retention policy that includes or excludes over 1,000 specific users:

  • Retention policies can contain no more than 1,000 mailboxes and 100 sites.
  • A Tenant can contain no more than 1,000 such retention policies.

    1. Retention wins over deletion. Suppose that one retention policy says to delete Exchange email after three years, but another retention policy says to retain Exchange email for five years and then delete it. Any content that reaches three years old will be deleted and hidden from the users’ view, but still retained in the Recoverable Items folder until the content reaches five years old, when it will be permanently deleted.
    2. The longest retention period wins. If content’s subject to multiple policies that retain content, it will be retained until the end of the longest retention period.
    3.  Explicit inclusion wins over implicit inclusion. This means:

    4. The shortest deletion period wins. Similarly, if content’s subject to multiple policies that delete content (with no retention), it will be deleted at the end of the shortest retention period.

        • If a label with retention settings is manually assigned by a user to an item, such as an Exchange email or OneDrive document, that label takes precedence over both a policy assigned at the site or mailbox level and a default label assigned by the document library. For example, if the explicit label says to retain for ten years, but the policy assigned to the site says to retain for only five years, the label takes precedence. Note that auto-apply labels are considered implicit, not explicit, because they’re applied automatically by Office 365.
        • If a retention policy includes a specific location, such as a specific user’s mailbox or OneDrive for Business account, that policy takes precedence over another retention policy that applies to all users’ mailboxes or OneDrive for Business accounts but doesn’t specifically include that user’s mailbox.

    SharePoint Online and OneDrive for Business

    ·        Holds created in the eDiscovery Center (eDiscovery hold)
    ·        Document deletion policies (Deletion only)
    ·        In place records management (Retention)
    ·        Site closure and deletion policies (Deletion only)
    ·        Information management policies (Deletion only)

    Note that if any of the eDiscovery holds have been used for the purpose of data governance, instead use a retention policy for proactive compliance. Use a hold created in the Security & Compliance Center only for eDiscovery.

    Retention Policies Override Information Management Policies

    In SharePoint sites, information management policies may be used to retain content. If a retention policy created in the Security and Compliance Center is applied to a site that already uses content type policies or information management policies for a list or library, those policies are ignored while the retention policy is in effect.


    A single retention policy can easily apply to an entire organization and locations across Office 365, including Exchange Online, SharePoint Online, OneDrive for Business, and Office 365 groups.
    There are several other features that have previously been used to retain or delete content in Office 365. These are listed below. These features will continue to work side by side with retention policies and labels created in the Security & Compliance Center. But moving forward, for data governance, best practice is to use a retention policy or labels instead of these features. A retention policy is the only feature that can both retain and delete content across Office 365.

    Ü  BEST PRACTICE - To retain or delete content anywhere in Office 365, best practice is to use a retention policy.

    Friday, August 11, 2017

    Office 365 – You can now manage domain guest access for Groups

    Guest Domain Access for O365

    An update is being rolled out to let you manage allowed/blocked domains for guest access to Office 365 Groups.
    After allowing guest access to Groups, Microsoft now helps securing this access by allowing administrators to define a list of allowed/blocked domains.
    This feature is not available (yet?) using the Office 365 administration portal but with PowerShell.
    This functionality is using Azure AD policy feature

    Important Points

    • When using this functionality, you can not define both options. This means any domains not listed as allowed, will then be blocked and vice versa
    • Only one policy per tenant
    • This is a different list than the one used for SharePoint Online sharing; you will be able to import the existing SPO list but after you will have to manage it separately
    • This does not apply to guests already members of an Office 365 Groups; only new guest will have the policy applied

    How to use

    Install the prerequisites

    The PowerShell command to set the domain allow/block list for Office 365 Groups guest access is using the preview modules of Azure Active Directory PowerShell modules.
    • You must use Azure AD PowerShell Preview – at least version – you can get Azure AD PowerShell Preview using the following procedure
      • Run a PowerShell command prompt using the runadadministrator and check the installed Azure AD PS module installed with the command Get-Module -ListAvailable AzureAD*
    • If you get a version different than (or later), you need to uninstall your current version with the command Uninstall-Module AzureAD
    • If you have no result or after uninstalling the previous version run the command Install-Module AzureADPreview to install the required preview module; you may be prompted to trust the repository to download the module

    Configure the domains list

    Once you have the required module installed, you can use the script available to manage the domains list.
    Once you have saved the script you can then use it to add/update/remove/import the domains list
    • Create the allow/block domain list Set-GuestAllowBlockDomainPolicy.ps1 -Update –AllowList / –BlockList @("", "") – this command can be used to overwrite an existing list
    • Import the existing list from SharePoint Online Set-GuestAllowBlockDomainPolicy.ps1 –MigrateFromSharepoint: don’t forget after this import you will have to manage it separately
    • Add a domain to the existing list Set-GuestAllowBlockDomainPolicy.ps1 -Append -AllowList / –BlockList @("")
    • Or finally remove the policy with Set-GuestAllowBlockDomainPolicy.ps1 –Remove
    Unfortunately there is not (yet?) a way to get the existing list or remove one domain; if you want to remove one domain you need to overwrite the list with the domain(s) you want to remove not included
    Reference: Benoit Hamet