Intranets With Office 365 – Planning For An Office 365 Intranet
Almost every customer we work with has suffered from a few problems with their SharePoint and Office 365 Intranet or Portal. These are a few examples of the challenges we see (especially when customers haven’t built their Office 365 intranet with our guidance/advice):
- Trying to build a high-value and effective Intranet without sufficient SharePoint and Office 365 expertise or when architect and developer resources are scarce.
- Building an Intranet without sufficient or good requirements from the business.
- Not embracing or understanding Office 365 experiences or feature sets, leading to redundancy, conflicting experiences, or confusion.
- Often an issue here is having insight into the Office 365 roadmap and what’s coming.
- Providing consistent and connected experiences across the distributed organization.
- Primary issue areas are navigation, discovery, and integration.
- Effectively leveraging and maximizing social collaboration and communication.
- Intranets should be interactive, personalized and dynamic.
- Driving and guiding adoption of Office 365 and the Office 365 Intranet.
The good news is that we help many customers with each of these challenges. What follows is a breakdown of challenge areas and high-level recommendations.
Authentication & Identity
There are some significant benefits to leveraging Office 365 for your Intranet when it comes to authentication and identity. One of the biggest is that authentication can happen securely from anywhere at any time and any device.
Access Without A VPN
For many Intranets just being able to access the Intranet from home, remote offices, customer sites and on the road can be a big benefit. This is enabled with no additional effort.
Enabling Multi-Factor Authentication
Office 365 provides security and authentication features that many customers have not had available for previous iterations of their Intranet. This was often due to high cost or complexity of implementing them. As an example, Office 365 supports multi-factor authentication at no additional cost and is extremely easy to administer and implement.
To be clear, this is a feature that may not be necessary. But for some organizations, they implemented Office 365 Intranets without knowing it was available or sometimes have held off moving to Office 365 because they didn’t know this was possible (and easy).
Multi-factor authentication increases the security of user logins for cloud services above and beyond just a password. With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.
After being enrolled for multi-factor authentication, the next time a user signs in, they see a message asking them to set up their second authentication factor.
Any of the following options may be used for the second factor of authentication.
- Call my mobile phone. The user receives a phone call that asks them to press the pound key. Once the pound key is pressed, the user is logged in.
- Text code to my mobile phone. The user receives a text message containing a six-digit code that they must enter into the portal.
- Call my office phone. This is the same as Call my mobile phone, but it enables the user to select a different phone if they do not have their mobile phone with them.
- Notify me through the app. The user configured a smartphone app, and they receive a notification in the app that they must confirm the login. Smartphone apps are available for Windows Phone, iPhone, and Android devices.
- Show one-time code in the app. The same smartphone app is used. Instead of receiving a notification, the user starts the app and enters the six-digit code from the app into the portal.
Once a user is signed in they can change their second factor of authentication.
Branding The Sign In Experience
You can customize the sign on experience so that when users are prompted for access, you have an opportunity to share key messages and continue to re-enforce your brand.
When you spend so much time and energy on the branding for your Intranet it would be silly not also to implement this kind of improved experience that not only improves your Intranet sign-in experience but all of the Office 365 sign in experiences (such as for OneDrive, Planner, Video, Delve and Outlook Online).
Planning For Secondary Users
When using SharePoint Online and Office 365, there may be additional planning needed around secondary users or users that are not part of the Intranet membership. As an example, if you have a large enterprise, it is entirely possible that you have multiple businesses within one Office 365 tenant.
If this is the case for your business, you will need to set the right expectations early that some experiences like people search (often considered part of intranet planning) may not necessarily be isolated to your business group from the broader organization. While you can create custom search pages and tailor search results to show only users from your organization we recommend caution here as there are many ‘global’ wide search experiences throughout the Office 365 apps that are connected to your Office 365 Intranet.
External Users & Extranets
Most Intranets don’t necessarily include a strategy for external users and external sharing. However, it is important to understand how you will handle and tackle external sharing and whether the entire Intranet collection will have external sharing disabled.
Things like MFA for external users is supported via Azure B2B and Azure AD Premium options, and you can even explore some of the latest innovation that allows you to do external user lifecycle management in Azure.
Availability & Outages
One concern people share is that they are concerned that there could be availability issues or outages that impact their organization. Considering the critical nature of an intranet, this is an important risk to evaluate.
Microsoft provides a commitment to delivering at least 99.9% uptime for Office 365. They have maintained that commitment. Microsoft also provides historic uptime tracking.
To date the world wide uptime for Office 365 can be found in the trust center and has been:
How Does Microsoft Communicate Around An Outage?
During an outage, Microsoft communication has significantly improved over the past few cycles. Microsoft communicates outages through seven channels today.
- Via the Office 365 Service Health Dashboard
- Via the Office 365 Message Center
- Via the Office 365 Admin App
- Via the Office 365 Service Communications API
- Via the System Center Operations Management ‘Management Pack’ For Office 365
- Via http://Status.Office365.com
- Via Microsoft Employees (Who Use Internal Tools/Systems)
Microsoft has also invested further into incident service communications.
They are working on making the communication even timelier:
- Red Alert monitoring & SHD automation.
- Closure Summary and Enhanced Post Incident Report (PIR) process.
- Increased listening systems: support “Big Red ”
They are working on making the communication even more targeted:
- Authenticated SHD
- Tenant level posts
- Critical Functionality Loss (CFL)
They are working on making the communication even more accurate:
- Provide more technical detail.
- Share new fields like:
- Estimated time to restore.
- User workaround.
- Percent of users are impacted.
- User experience.
- Customer impact.
Can We Recover Intranet Content Or Back It Up?
For most Intranets the most relevant backup capabilities are out of the box capabilities such as versioning and recycle bins. This solves most concerns about backup and recovery when combined with Office 365’s high availability.
Restoring Individual Pages, Lists, Libraries, Items, Or Documents
When you delete an item from SharePoint team site library, or from a list, it isn’t immediately removed from SharePoint. Deleted items go into the recycle bin, where they stay until they’re automatically removed approximately 90 days later. Within that time, you can either restore the files to their original location or remove them to free up storage space.
When you delete an item from a site recycle bin, it automatically goes into the Second-Stage Recycle Bin (Site Collection Recycling Bin) where it remains for a set period until it’s completely purged from SharePoint. This gives you greater control when users delete files, versions of files, list items, libraries, lists, and folders from a SharePoint site by providing a two-stage safety net before an item is permanently deleted from a site.
When an item is restored, it is restored to the same location that it was deleted from. If you restore an item that was originally located in a deleted folder, the folder is recreated in its original location, and the item is restored in that folder.
The behavior of items in the first-level (Site) Recycle Bin:
- Items in the Recycle Bin count against site quota.
- The site collection administrator can see all items deleted by any user from any site within the site collection.
- Non-administrator users can see the items they deleted from the site.
- Items in the Recycle Bin can be sent to the Second-Stage Recycle Bin by the user or the site collection administrator.
- All items re automatically deleted approximately 90 days after they were originally recycled.
The behavior of items in the Second-Stage Recycle Bin:
- Items in the Second-Stage Recycle Bin don’t count against site quota.
- Items in the Second-Stage Recycle Bin can only be seen by the site collection administrator.
- Items in the Second-Stage Recycle Bin can only be restored or deleted by the site collection administrator.
- All items are automatically deleted approximately 90 days after they were originally recycled.
- All items are automatically deleted when the total storage for the Second-Stage Recycle Bin exceeds 200% of your site collection quota.
Restoring Entire Site Collections
The Recycle Bin in SharePoint Online in Office 365 for business provides a safety net when an entire site collection is deleted. When a SharePoint Online administrator deletes a site collection, it is placed in the Recycle Bin, where it is kept for 30 days before it is automatically permanently deleted.
As a SharePoint Online administrator, you can view and manage deleted site collections from the SharePoint Online Administration Center Recycle Bin page. From this page, you can view site collections that are currently in the Recycle Bin, see how many days are left before the site collection is permanently deleted, and restore a deleted site collection without contacting Microsoft Support.
Advanced Backup & Restore Options
For the latest information on Microsoft’s backup and disaster recovery capabilities beyond recycling bins and versioning see the online service description.
Data protection services are provided to prevent the loss of SharePoint Online data. Backups are performed every 12 hours and retained for 14 days. This describes the data backup services as offered when SharePoint Online is available. You can recover components of Site or Site Collection.
SharePoint Online has set an RPO and RTO in the event of a disaster:
- 1 hour RPO: Microsoft protects your SharePoint Online data and has a copy of that data that is equal to or less than 1 hour old.
- 6 hour RTO: Organizations will be able to resume service within 6 hours after service disruption if a disaster incapacitates a hosting data center.
To restore from this method you need to contact the Office 365 support team.
SharePoint Online 3rd Party Backup Options
Lastly, for some special circumstances, you may want to evaluate third-party tools. Many of these have offerings that extend to other areas of Office 365 providing advanced archiving and backup/recovery options. However, consider bandwidth and data transfer volume if you have larger sites depending on the third party option you are evaluating.