Coming up on the show, we'll take a look at the latest updates to security and compliance
across SharePoint and OneDrive
Including new site level conditional access controls,
policy and secured sessions on shared systems
by configuring session lengths,
multi-geo support for the geographic distribution of users within a single tenant,
and to take advantage of all these cloud-based capabilities,
we'll show you the new SharePoint migration tool
to help you bring your content to the cloud.
Microsoft Mechanics
I'm joined yet again by a Bill Baer, welcome.
Good to be back!
So over the last six months there's been a lot of updates across security and compliance
for SharePoint and OnedDrive.
And we recently covered conditional access.
And also the introduction of multi-geo support to place the content
in your location of choice.
Now you can watch all these shows at the links below.
That's right a big focus for us right now has really been how we secure your data
both as you're accessing it, as well as when you're sharing it.
And we've built on that now with more granularity.
To that end as we think about specific scenarios we're investing in,
capabilities such as limited browser access
on specific sites that may contain confidential information.
Securing access on public computers by timing out idle sessions
and really support for multi-geo for data residency needs.
So here at the tenant level as you can see we have a policy configured
that allows full access on unmanaged devices.
However if we switch over to a site that inherits that policy,
as you can see we have the full suite of commands available to us.
So if I select this document,
as you can see I have download, share and I can open the document in Word online
as well as the rich client.
The improvement that we've made is I can now configure another site collection
for a more restrictive policy.
So on this particular site in the same tenancy,
as you can see the user is notifed that the organization
doesn't allow them to download print or sync using this particular device.
And similarly, as the other site if I select the document as you can see
I have fewer commands available to me.
Right and this really helps users stay productive while on an unmanaged device.
But, what if I'm on a public or shared computer like a kiosk?
Is there anything else that we can do there?
Sure.
Here in the ISE as you can see we have a new PowerShell commandlet
called Set-SPOBrowserIdleSignOut.
I can set the value to true and then I can set a specific warn after and sign out after interval.
In my particular scenario I'm setting the warn after to 30 seconds
and the sign out to 60 seconds.
That will warn the user and subsequently sign them out after 60 seconds.
Now in a production scenario, you'd really want this to be 10 to 15 minutes.
Now let's go ahead and take a look at the result.
I can switch over to a browser and sign in as a user.
And what will happen is as soon as that session becomes unattended or idle,
the user will be warned that they're about to be signed out of Office 365.
And then after the thresholds been met that I set earlier,
the user will be signed out as you can see here on the screen.
So again you probably know I set these policies to be 10 or 15 minutes before they log out.
And this really ensures that people can't leave a session running.
So the other person maybe that has access to that shared computer might be in a
hotel business center or something.
They won't be able to access the resources in SharePoint.
Right and one of the most common cases we see today
is access through public devices,
kiosks or terminals and shared systems.
So this really helps to ensure that those unattended sessions are expired properly.
So data residency is really an important requirement that really prevents
if you can't do it people from moving to the cloud, can we take a look?
Sure, but just a step back in case you're not familiar with multi-geo,
it's really about having a single tenant
and that tenant being able to span across multiple geographic locations.
For example, if an organization today has Office 365 OneDrive content in North America.
And let's say they're expanding their business globally and becoming a multi-national company.
And they have a need to store OneDrive and SharePoint data in perhaps Europe
Asia and Austrailia.
Admins can now use the multi geo capabilities to achieve this global reach.
Let's take a look at some of the new support we've added though
since we discussed this scenario previously in the show.
In the past you've only been able to define assignment of a specific geo with new users
And now what we're doing is we're extending that support
for moving existing users across geographic regions.
So for example, in this organization
Sesha has a OneDrive hosted in North America.
And let's say he's moving to Europe for their new role in the European subsidiary.
With a simple process I can move Sesha from North America to Europe
using a new windows PowerShell commandlet as you see here in the ISE.
It's called Start-SPOUserAndContentMove.
And we have a parameter associated with that called DestinationDataLocation.
In this particular case since we're moving Sesha from North America to Europe,
we'll go ahead and set that value to Europe as specified here.
You can also see we can set the user principal.
So in my case since we're moving Sesha its, Sesha@contosoworkdemo.onmicrosoft.com.
Let's go ahead and run it
and see what happens.
So will there be any impact to the user then after you've moved their content?
No as you can see here the moves in progress
and let's go ahead and take a look at their OneDrive for business web UX.
We'll flip over here.
And as you can see we're at Contosoworkdemo-my.sharepoint.com.
Since we're moving let's go ahead and refresh it.
Once refreshed as you can see,
the user is notified that their online files are being moved to the new data location
as set by the administrator
through me running that Windows PowerShell commandlet.
And all through this their Onedrive for business is set to a read-only state.
So what happens then once the migration completes?
So what happens first in this process is if
we look at the OneDrive for business sync client,
you'll notice that there's been no interruption to the sink itself.
So we have continuous sync activity
regardless of the move state of this particular user.
And really to answer your question as to what happens once the moves complete.
All we have to do is refresh now
and let's see if the move is completed.
Sesha's move is completed as you can see
as indicated that the bar is no longer at the top of the screen.
You'll also notice one other important change.
Instead of Contosoworkdemo-my.sharepoint.com,
it's contosoworkdemoeur-my.contoso.com.
Which indicates that Sesha has been moved
between North America and Europe.
Now if Sehsa has shared some links out maybe to some collegues, what happens then?
Yep that's a great questions.
What I've done here is I've opened up PowerPoint.
As you can see in the most recently used file list,
the file here that Sesha most recently used
still points to the old URL.
However, if I select that particular file
and open it up, it will continue to function.
And all of this happens behind the scenes,
So not only with most recently used files but also sharing link.
So there's really no loss of access to data.
So no real loss in terms of access to the user
or the team members where they've shared their OneDrive Docs?
Everything's just working?
That's right, other than that brief period of Read Only.
Even at the time, the user can continue to work with their synced files
and they can continue to work with the Office clients.
And additionally, all of these admin actions
of triggering a user move are also logged in the Office 365 audit logs
so that compliance officers can really go back and look if they need to.
So we've just moved a users OneDrive across geos.
Are there are any other functional capabilities coming up in a multi-geo?
Yes absolutely, there's many more.
For example, one of the ones we are adding is support for multi-geo unified search.
And that way users don't need to search each geographic location discreetly for content.
The search indexes at rest are always isolated in their respective geos
and they include their associated meta data.
But, it's really a unified experience.
So with multi-geo, we've addressed data residency needs
and in doing so we are hopefully helping unblock global rollouts.
Are we doing anything though to help IT migrate their on-prem content to the cloud?
Exactly, so with all of these updates in security and compliance,
We've blocked many of the concerns that IT has
with things like data residency
to allow them to move their data to the cloud.
So in addition to some of these foundational changes we've made,
we are also delivering a new SharePoint migration tool.
So if you're an organization that needs to move content from on-premises to the cloud,
you can really use this tool with your on-prem SharePoint sites or even your files shares.
And even target the geography of where you want to move your data.
In this scenario however, what i'm going to do is move from a file share to OneDrive for Business.
This is the new SharePoint migration tool on the screen.
All I have to do is click next
and then authenticate against Office 365 using my Office 365 account.
So we'll go ahead and enter the credentials and choose to sign in
and authenticate against Office 365.
I have a number of options I can choose from as I mentioned.
SharePoint sites, file shares and even CSVs for bulk migrations.
In this example, let's go ahead and take the file share option.
So I can click file share.
I can choose the folder I want to move,
Contoso documents in this case.
I click Next and then I can specify the URL.
In our example, we're going to choose OneDrive for Business.
So I'm going to specify a OneDrive for business URL.
And then I'm going to select a document library.
We'll choose Documents in this case.
And we'll add it to the migration queue.
Once added, it's as simple as clicking Migrate.
And throughout this process, I can keep apprised of the migration itself.
So I can choose the carrot here
and it shows me how many files have been migrated.
In addition to how many bites and gives me an option to view a more detailed task report.
So the content is now migrating as we speak
from a file share to OneDrive for business.
And this really allows me to target a specific geographic as well.
And here we are with a completed migration.
Today, if you see what we have here
we're really focused on file shares and document libraries.
But, for more complex migration scenarios
we have fast track or existing partners that our customers can work with.
So, what happens then if I have to migrate thousands or tens of thousands of users and lots of data?
This tools provides you the ability to take a CSV file
as an import for bulk migration scenarios.
And we're continuously working to ensure that these migrations regardless of their size.
Even if you have hundreds of terabytes of data
can happen within just a few weeks.
The best thing about all of this is it's free, it's simple and it's fast.
So lots of really great updates for SharePoint admins to protect data,
address data residency requirements and migrate data.
But, what's next?
What I've shown you here today through these demonstrations
is a subset of some of the latest controls we've built.
But, we're going to continue to evolve along with technology trends with more fine grain controls.
From the tenant level and the site level that you saw today,
all the way down to the file level in the future.
And of course, we are going to be tracking all of these updates as they happen on Microsoft Mechanics.
But, where do people go to learn more and really start playing with what they're seeing today?
So the OneDrive for business multi-geo experience I showed you,
it's available today in preview.
If you're interested, you can learn more at the link below.
All of the rest of the controls that I've showed you will be rolled out to preview soon.
And lastly, the SharePoint migration tool is available in preview to download today.
Thanks Bill for a really great overview.
Keep checking back to Microsoft Mechanics for the latest tech updates across Microsoft.
Goodbye for now.
Microsoft Mechanics
www.microsoft.com/mechanics
Không có nhận xét nào:
Đăng nhận xét