Montag, 5. Juni 2017
Samstag, 18. März 2017
In addition to my first post about the insides of Office Graph and Delve (Delve and the Office Graph Inside Out) this article is focusing on which signals are used by the Graph to generate the individual Delve experience.
Signals used by the Graph
You can find all the information you need about signals used by the Graph in this msdn article: https://msdn.microsoft.com/office/office365/howto/query-Office-graph-using-gql-with-search-rest-api
Based on this article we have the following Action Types:
As you can see in the msdn article the list of signals can be dived in private signals and public signals so that data privacy is respected all the time:
In addition Mark Kashman published an article on Microsoft techcommunity about Understanding security and privacy of Delve and intelligent experiences in Office 365. In this article, we can find the following diagram:
So we can extend the list taken from the msdn article to this aggregated version:
- Member of
- Created by
- Shared with me
- Direct reports
Some of this signals are clear like for example Modified, Viewed, Created by, etc. some others are a little bit mystic like TrendingAround. We can imagine what TrendingAround means, but we cannot get an information about how this signal is processed in all details.
Anyway, it is easy to understand how this signals are used to generate the individual Delve experience.
The myth about the People suggestion in Delve
It is easy to imagine how content suggestions are generated based on signals. But one of the most asked questions about the Delve experience is about the difference between People list on the left and Related People in my personal Delve feet. Based on the signals list we can definitely get a better understanding about this. People on the left are other users we visited in Office 365 respectively we have clicked on their Delve profile. Related People are based on signals like “Member of”.
So for example if you are Member of
- Member of a Distribution List in Exchange Online
- Member of a Office 365 Group
- Member of the same Manger or “Direct Reports” entity
this is processed by the Graph to generate the Related People overview in your Delve feet.
As we can see also in this scenario data privacy and data security is respected by the Office Graph and Delve. If you are a “Member of” the same Distribution List or Office 365 Group, you can see all the other members anyway.
More details about this and also about compliance in Delve can be found in Mark Kashmans article “Understanding security and privacy of Delve and intelligent experiences in Office 365” I mentioned above.
Samstag, 14. Januar 2017
Insides - Management - Compliance
While there exist many excellent blog posts, interviews and videos about Delve and the Office Graph from experts around the world, this post will be about Insides, Management, Compliance. We will also look at data security and data privacy aspects and concerns, not only from a technical perspective but also with regards to the new EU General Data Protection Regulation (EU Datenschutzgrundverordnung)
My experience with customers is that they need to understand more what the Office Graph is doing and how the results Delve is showing are build. I use in my sessions or in discussions with customers this picture from a Microsoft deck to explain a little bit the underlying fabric:
The Active Content Cache
- Designed to enable near-real time updates at conversational speed (measured in seconds)
- Contains most recently active items
- Not designed to contain the full Tenant Graph, but rather the most likely to be relevant nodes and edges.
- Every object has an expiration policy associated with it.
Tenant Graph Store
- The full graph of all the nodes and edges within a tenant.
- Optimized for analytics, not speed
- Indexed to efficiently locate nodes and used to push nodes and edges into the Active Content Cache.
- Because optimization decisions the latency of moving nodes and edges into the Active Content Cache cannot be guaranteed to be “conversational.”
- Directs the incoming edits to the Active Content Cache and Tenant Graph Store
- Updates external applications regarding these edits
- Powers the Conversational Experience
- Specific to each workload, this is the piece responsible for reviewing local data and updating the Graph through the REST API.
- Only changes to the Active Content Cache or to Tenant Analytics are pushed by the API
I wrote a blogpost about how to switch to an opt-in like experience instead of the opt-out version. To be true this is only a workaround but customers like it. It gives them the changes to start with only some users in Delve to get more familiar with it. Opt-in as a default for Delve
If you don’t want a specific document to show up in Delve, you can create a HideFromDelve site column of the type Yes/No. This site column creates a new crawled property, ows_HideFromDelve, which is automatically mapped to the HideFromDelve managed property.
We had an internal Yammer discussion with Mark Kashman about Delve Security & Privacy. Mark wrote the following statement and I asked him if this is good for sharing. Marks answer was: “Certainly OK to share the copy/paste'able section I wrote in the initial post of this thread.” So I will share this with you:
Delve is covered under the Office 365 Trust Center and meets all of the requirements of our highest level of compliance which Microsoft refers to as “Tier D” compliance, e.g., ISO 27001 and 27018 certification, SOC 1 and SOC 2 compliance. Delve is also licensed under the Microsoft standard Online Services Terms which include commitments such as the EU Model Clauses. This, too, applies to the Microsoft Graph - the underlying intelligent layer that uses advanced analytics to provide relevant, personalized insights via Delve and other user interface experiences throughout Office 365.
Office 365 customers own their Microsoft Graph data, which is stored in their partition of the SharePoint Online and Exchange Online environments. It, too, has the same data protection and security as other customer data stored in the same cloud services.
For users, Delve never changes any permissions on content or other information. Users only discover what they already have permission to see. Only users can see their private documents in Delve, unless they decide and take action to share them. Other people can't see each other's private activities, such as what documents they've read, what emails they've sent and received, or what Skype for Business conversations they've been in. Other people can see when others modify a document, but only if they have access to the same document. What you see when you open Delve is personalized to that user, and no one else sees exactly the same thing as they do.
It is possible to opt out of Delve and the Microsoft Graph at both the tenant level and the user level. Once opted out, users will not see the Delve tile in the Office 365 app launcher, and various services that surface aspects of the Microsoft Graph to provide intelligence throughout Office 365 will simply not appear, or revert back to previous non-Graph-based methods - i.e. search-based vs graph-based. One example, if you opt out, you would not see the new "Discover" tab within OneDrive for Business - yet the core of OneDrive for Business remains intact.
To learn more, please review these two important Delve security and privacy support articles; the first for admins and second for users: "Office Delve for Office 365 admins", "Are my documents safe in Office Delve?".