Insides - Management - Compliance
While there
exist many excellent blog posts, interviews and videos about Delve and the
Office Graph from experts around the world, this post will be about Insides,
Management, Compliance. We will also look at data security and data privacy
aspects and concerns, not only from a technical perspective but also with
regards to the new EU General Data Protection Regulation (EU
Datenschutzgrundverordnung)
Insides
My
experience with customers is that they need to understand more what the Office
Graph is doing and how the results Delve is showing are build. I use in my
sessions or in discussions with customers this picture from a Microsoft deck to
explain a little bit the underlying fabric:
The Active Content Cache
- Designed to enable near-real time updates at conversational speed (measured in seconds)
- Contains most recently active items
- Not designed to contain the full Tenant Graph, but rather the most likely to be relevant nodes and edges.
- Every object has an expiration policy associated with it.
Tenant Graph Store
- The full graph of all the nodes and edges within a tenant.
- Optimized for analytics, not speed
- Indexed to efficiently locate nodes and used to push nodes and edges into the Active Content Cache.
- Because optimization decisions the latency of moving nodes and edges into the Active Content Cache cannot be guaranteed to be “conversational.”
Input Router
- Directs the incoming edits to the Active Content Cache and Tenant Graph Store
- Updates external applications regarding these edits
- Powers the Conversational Experience
Workload Analytics
- Specific to each workload, this is the piece responsible for reviewing local data and updating the Graph through the REST API.
- Only changes to the Active Content Cache or to Tenant Analytics are pushed by the API
Management
I wrote a
blogpost about how to switch to an opt-in like experience instead of the
opt-out version. To be true this is only a workaround but customers like it. It
gives them the changes to start with only some users in Delve to get more
familiar with it. Opt-in
as a default for Delve
If you
don’t want a specific document to show up in Delve, you can create a
HideFromDelve site column of the type Yes/No. This site column creates a new
crawled property, ows_HideFromDelve, which is automatically mapped to the
HideFromDelve managed property.
Compliance
We had an
internal Yammer discussion with Mark Kashman about Delve Security & Privacy.
Mark wrote the following statement and I asked him if this is good for sharing.
Marks answer was: “Certainly OK to share
the copy/paste'able section I wrote in the initial post of this thread.” So
I will share this with you:
Delve is covered under
the Office 365 Trust Center and meets all of the requirements of our highest
level of compliance which Microsoft refers to as “Tier D” compliance, e.g., ISO
27001 and 27018 certification, SOC 1 and SOC 2 compliance. Delve is also
licensed under the Microsoft standard Online Services Terms which include
commitments such as the EU Model Clauses. This, too, applies to the Microsoft
Graph - the underlying intelligent layer that uses advanced analytics to
provide relevant, personalized insights via Delve and other user interface
experiences throughout Office 365.
Office 365 customers
own their Microsoft Graph data, which is stored in their partition of the
SharePoint Online and Exchange Online environments. It, too, has the same data
protection and security as other customer data stored in the same cloud
services.
For users, Delve never
changes any permissions on content or other information. Users only discover
what they already have permission to see. Only users can see their private
documents in Delve, unless they decide and take action to share them. Other
people can't see each other's private activities, such as what documents
they've read, what emails they've sent and received, or what Skype for Business
conversations they've been in. Other people can see when others modify a
document, but only if they have access to the same document. What you see when
you open Delve is personalized to that user, and no one else sees exactly the
same thing as they do.
It is possible to opt
out of Delve and the Microsoft Graph at both the tenant level and the user
level. Once opted out, users will not see the Delve tile in the Office 365 app
launcher, and various services that surface aspects of the Microsoft Graph to
provide intelligence throughout Office 365 will simply not appear, or revert
back to previous non-Graph-based methods - i.e. search-based vs graph-based.
One example, if you opt out, you would not see the new "Discover" tab
within OneDrive for Business - yet the core of OneDrive for Business remains
intact.
To learn more, please
review these two important Delve security and privacy support articles; the
first for admins and second for users: "Office Delve for Office 365 admins",
"Are my documents safe in Office Delve?".
THX Mark!