[Editor’s Note: While I was able to attend SPC14 for the first two days and talk to a number of key SharePoint Records and Information Management thought leaders (both within and outside Microsoft), circumstances back home prevented me from staying long enough to attend any of the conference sessions. With that in mind, I’ve asked our good friend from the Netherlands, Eric Burger, if he would permit us to publish an English-language version of his SPC14 Records Management and Compliance summary that appears on his blog. Eric kindly agreed. Here’s what he had to report. - Don]
Having been treated to a one hour speech on the benefits of communication technology by former president Bill Clinton, SharePoint Conference 2014 kicked into high gear with a keynote by Jared Spataro, General Manager Product Marketing at Microsoft. He highlighted the remarkable growth of SharePoint, Office 365 and SharePoint Online sales. However, subsequent speeches by amongst others, Julia White, whose live demos introduced innovations in Office 365 not previously shown, got the audience really loose. A far-reaching integration of Office and social features called Office Graph, which breaches the traditional dividing lines between the domains documents, email, and social will be released in the coming months. Elements of Yammer can be added so that an overall picture of interaction, trends, communication and importance of certain objects, people and communications is created on the fly. The entirely new ‘Oslo’ concept, which allows the user to work from a visually very attractive, individually composed screen, has been developed to bring the working environment – documents, actions, people – intuitively to the user, to make him or her ‘work like a network’.
The last demonstrations in Monday’s keynotes were a pleasant surprise to all of us compliance-minded professionals. A brand new Compliance Center in Office 365 is the SharePoint- and Exchange dashboard for the compliance officer or record manager. Existing functions for security (encryption, data loss prevention, and information rights management), audit, e-Discovery and retention can now be activated, configured and controlled on tenant level. Previously, most of these functions were limited to configuration per site collection. Auditing in Office 365 has been extended with ‘viewing’, something that already existed for on prem. And audit reports – just a prototype in the demo – will be readable soon! Adding to the transparency trend, an ‘admin audit log’ will make Microsoft administrators’ steps traceable. These functions extend to Exchange, so compliance officers will have control of e-mail messages, can even put deleted messages on hold.
Also new are the ‘deletion policies’ in Exchange and SharePoint Online, by which specified categories of messages and documents can be disposed of after a certain time. This is not intended as a retention period applied to a process or content type (retention policies), but for example, allows e-mail notifications (meetings, tasks) to be removed automatically. It struck me that the granularity of this functionality overlaps with new opportunities in e-Discovery (time-based hold) and retention policies, so that even the speakers occasionally came up with the same examples for the various functionalities. We have to find the right scenario’s for each.
Once again, Microsoft added functionality to its legal hold features, extending hold with time-based hold. Holds can be applied from the Hold Center to any keyword, metadata element, webpage or item in SharePoint, Exchange, Lync and file-shares. Yammer is still excluded, though, and any relevant content from social should be exported to a file-share first to be added to a hold.
So this Compliance Center is a big step forward in centralized SharePoint information governance. On Tuesday, Astrid McClean, Senior Program Manager Information Protection, did an excellent job in explaining the Microsoft ‘in-place’ strategy and diverse functionalities brought together here. Check out her presentation (audio and slides).
Some of the 200+ sessions in this conference dug deeper into existing (mostly SP2010-) implementations of records management in SharePoint for large multinational companies. Main lessons to take home there: yes, you can do records management in SharePoint, even for the biggest multinational corporations, including General Motors worldwide. And, yes, record management should be centrally managed with compelling governance at the highest level.
Daniel Harris in his General Motors presentation (‘Managing 130,000 Users’ Documents and Records – Making It Easy While Maintaining Control’) focused heavily on the issue of governance. Not entirely out of the box SP2010, governance was maintained by a custom form for easy site provisioning. Security- and retention policies and metadata were all pre-arranged there. As only 25Gb site-collections are handed out, anything bigger asks for new registration. Before provisioning is activated two dedicated owners, a half hour of training and confirmation of compliance rules is obligatory. Automatic provisioning also creates record centers for each of these site-collections. Also, a few end-users’ buttons were added to file documents as a record.
Examples in a presentation by Nishan DeSilva, Senior Director, Information Governance Microsoft, (‘SharePoint for Large Scale Records Management – Hundreds of Millions of Documents and Beyond ‘) confirmed:
- Large archives in SharePoint are not the problem, uncontrollable growth of site-collections is;
- Custom workflows might be added to out of the box rules, to meet organizations’ needs in site provisioning;
- Only by strict and (where possible) automated governance is a large records management implementation controllable.
Other best practices, on Metadata and Content Type Planning, came from Lori Gowin, Premier Field Engineer at Microsoft. After all, we know that content types are often at the core of records management processes in SharePoint. Some jeering erupted though when pen and paper or whiteboard were still to be regarded as best practice. And of course: MS Excel! The audience expected a little more sophisticated tooling by now. Her overview highlighted a few key lessons:
- Do not change or remove any of the default content types in SharePoint – terrible things can happen – but make new types, derived from the standard;
- Plan in advance and make sure that the design has some room to grow;
- Keep the list of content types (not very clear to begin with in SharePoint) by formulating ‘categories’ as simple as possible;
- Use the content type hub to publish content types beyond the boundaries of site collections.
So where Office 365 was lacking robust records management functionality at the time of its 2011 introduction, it is now delivering the latest Microsoft technology, with SharePoint on premise falling behind. Code for the Compliance Center had just been tested shortly before SPC14 and will be shipping – added to the Office 365 environment automatically – in a couple of months.