Stop SharePoint Hoarding: The Blob Storage Fix

1
00:00:00,000 --> 00:00:01,660
Your SharePoint looks confident.

2
00:00:01,660 --> 00:00:04,200
Copilot 2, ask a question, get an answer,

3
00:00:04,200 --> 00:00:06,600
deliver it with the swagger of a straight A student.

4
00:00:06,600 --> 00:00:07,360
The truth?

5
00:00:07,360 --> 00:00:10,200
It's guessing between five files named final final V2,

6
00:00:10,200 --> 00:00:11,960
final V2 real and you know this one,

7
00:00:11,960 --> 00:00:13,480
final V2 real final.

8
00:00:13,480 --> 00:00:14,760
That confidence is a lie.

9
00:00:14,760 --> 00:00:17,320
You don't have a storage problem, you have a relevance problem.

10
00:00:17,320 --> 00:00:20,320
Duplicates, bury the canonical truth, uses trust noise.

11
00:00:20,320 --> 00:00:22,680
We're going to fix it without breaking collaboration.

12
00:00:22,680 --> 00:00:25,560
Keep active docs in SharePoint, quarantine junk elegantly

13
00:00:25,560 --> 00:00:28,520
in Azure Blob and make search and copilot smarter.

14
00:00:28,520 --> 00:00:30,920
There's one permission choice that makes admins say yes.

15
00:00:30,920 --> 00:00:32,640
I'll close that loop later.

16
00:00:32,640 --> 00:00:35,800
Why SharePoint hoarding, breaks, search and governance?

17
00:00:35,800 --> 00:00:38,640
Okay, so basically humans, hoard and systems comply.

18
00:00:38,640 --> 00:00:39,760
SharePoint is obedient.

19
00:00:39,760 --> 00:00:42,200
You upload drafts, make copies just in case,

20
00:00:42,200 --> 00:00:44,600
create an archive folder with good intentions

21
00:00:44,600 --> 00:00:47,400
and then versioning quietly multiplies every edit.

22
00:00:47,400 --> 00:00:50,560
The result isn't simply bloat, it's epistemic fog.

23
00:00:50,560 --> 00:00:53,720
Nobody can say which file is the latest truth with a straight face.

24
00:00:53,720 --> 00:00:55,400
Here's what most people miss.

25
00:00:55,400 --> 00:00:58,040
Search isn't a librarian, it's a ranking engine.

26
00:00:58,040 --> 00:01:01,240
When you scatter duplicates and near duplicates across libraries and sites,

27
00:01:01,240 --> 00:01:05,720
you dilute signals, title, body, click history, links.

28
00:01:05,720 --> 00:01:08,480
All the relevance features get smeared across variants.

29
00:01:08,480 --> 00:01:12,000
So the top result might be a stale draft with attractive metadata

30
00:01:12,000 --> 00:01:14,560
while the actual final is buried two slots down.

31
00:01:14,560 --> 00:01:16,880
And yes, copilot sits on top of that same index,

32
00:01:16,880 --> 00:01:20,000
give it a messy corpus and it produces plausible but wrong summaries.

33
00:01:20,000 --> 00:01:22,720
Not hallucination, garbage in, confident garbage out.

34
00:01:22,720 --> 00:01:25,200
The counter intuitive part is cost isn't your real enemy.

35
00:01:25,200 --> 00:01:28,600
Yes, every version counts toward your SharePoint quota

36
00:01:28,600 --> 00:01:30,920
and frequent edits explode the footprint.

37
00:01:30,920 --> 00:01:32,600
But the bigger price is wrong answers,

38
00:01:32,600 --> 00:01:34,800
try defending a decision when legal asks,

39
00:01:34,800 --> 00:01:36,400
which document did you rely on?

40
00:01:36,400 --> 00:01:39,640
And your search returns four finals with conflicting content.

41
00:01:39,640 --> 00:01:43,200
Governance isn't a checkbox, it's the ability to prove custody of truth.

42
00:01:43,200 --> 00:01:44,920
Versioning reality is matter.

43
00:01:44,920 --> 00:01:47,040
SharePoint tracks versions by default

44
00:01:47,040 --> 00:01:49,320
because recovery and accountability are crucial.

45
00:01:49,320 --> 00:01:51,680
But if a five maybe file accrues a hundred versions,

46
00:01:51,680 --> 00:01:53,160
that's roughly 500mb.

47
00:01:53,160 --> 00:01:55,280
Multiply that by thousands of active documents

48
00:01:55,280 --> 00:01:58,400
and congratulations, you're funding a museum of your own indecision.

49
00:01:58,400 --> 00:02:00,360
Microsoft's automatic version history

50
00:02:00,360 --> 00:02:03,440
does help by trimming older versions intelligently,

51
00:02:03,440 --> 00:02:06,760
hourly, daily, weekly snapshots over time,

52
00:02:06,760 --> 00:02:09,160
preserving the useful points while cutting noise

53
00:02:09,160 --> 00:02:10,880
that reduces storage pain dramatically.

54
00:02:10,880 --> 00:02:13,880
The problem is it doesn't touch your rogue copies or pseudo archives.

55
00:02:13,880 --> 00:02:16,480
Automatic trimming curates history within a file.

56
00:02:16,480 --> 00:02:20,120
It doesn't referee the clones you made in that archive folder from 2019

57
00:02:20,120 --> 00:02:21,640
that somehow still gets edited.

58
00:02:21,640 --> 00:02:24,800
Everything clicked when I realized most storage cleanups fail

59
00:02:24,800 --> 00:02:26,640
because they treat duplicates like trash.

60
00:02:26,640 --> 00:02:28,760
Users aren't lazy, they're risk averse.

61
00:02:28,760 --> 00:02:31,080
Delete feels irreversible, so they create shadow copies,

62
00:02:31,080 --> 00:02:33,880
label them, final some date, and swear they'll tidy later.

63
00:02:33,880 --> 00:02:35,240
Later doesn't exist.

64
00:02:35,240 --> 00:02:37,280
This is why pressing delete versions in bulk

65
00:02:37,280 --> 00:02:40,120
is a political disaster disguised as a technical action.

66
00:02:40,120 --> 00:02:41,760
You win quota, you lose trust.

67
00:02:41,760 --> 00:02:43,640
What this actually means is you need a pattern

68
00:02:43,640 --> 00:02:46,680
that makes the canonical document obvious without threatening users.

69
00:02:46,680 --> 00:02:48,200
Think of it like a city zoning plan.

70
00:02:48,200 --> 00:02:51,600
SharePoint is downtown, busy, collaborative, well lit.

71
00:02:51,600 --> 00:02:53,600
Azure Blob is the warehouse district

72
00:02:53,600 --> 00:02:55,600
cheap, safe, out of the way.

73
00:02:55,600 --> 00:02:57,120
Active documents live downtown,

74
00:02:57,120 --> 00:02:58,880
stale drafts, obsolete duplicates,

75
00:02:58,880 --> 00:03:01,840
and just in case variants get moved to the warehouse

76
00:03:01,840 --> 00:03:04,960
with a forwarding address, not destroyed, not hidden quarantined.

77
00:03:04,960 --> 00:03:06,240
Here's the weird part.

78
00:03:06,240 --> 00:03:08,800
When you remove near duplicates from the active index,

79
00:03:08,800 --> 00:03:10,200
search precision jumps.

80
00:03:10,200 --> 00:03:13,520
Fewer false positives, the canonical document signals dominate.

81
00:03:13,520 --> 00:03:16,000
Copilot's answer stabilizes because its context window

82
00:03:16,000 --> 00:03:17,480
isn't clogged with ancient drafts that

83
00:03:17,480 --> 00:03:20,240
rhymed with your query better than they matched the truth.

84
00:03:20,240 --> 00:03:23,280
Users ask, "But what if I need the old draft?"

85
00:03:23,280 --> 00:03:25,360
Fine, you can restore it with one click.

86
00:03:25,360 --> 00:03:27,680
The difference is it's not sitting in the middle of traffic

87
00:03:27,680 --> 00:03:29,120
pretending to be current.

88
00:03:29,120 --> 00:03:30,480
Governance gets say-ner too.

89
00:03:30,480 --> 00:03:32,480
Retention policies stay honest when you stop

90
00:03:32,480 --> 00:03:34,000
playing shell games with copies.

91
00:03:34,000 --> 00:03:36,240
The preservation hold library continues doing its job

92
00:03:36,240 --> 00:03:38,960
for items under hold, untouchable as it should be,

93
00:03:38,960 --> 00:03:41,840
while your offloaded junk sits in blob with metadata,

94
00:03:41,840 --> 00:03:45,120
original path, hash, timestamps, and who moved it.

95
00:03:45,120 --> 00:03:46,240
That's chain of custody.

96
00:03:46,240 --> 00:03:48,480
You can actually answer, "Where did this come from?

97
00:03:48,480 --> 00:03:49,840
And when did we move it?"

98
00:03:49,840 --> 00:03:52,000
Without spelunking through audit logs like a raccoon

99
00:03:52,000 --> 00:03:55,520
in a filing cabinet, compare that to the do-nothing timeline.

100
00:03:55,520 --> 00:03:57,520
Search keeps returning five candidates.

101
00:03:57,520 --> 00:03:59,200
Users choose the wrong one.

102
00:03:59,200 --> 00:04:00,880
Copilot propagates that error,

103
00:04:00,880 --> 00:04:03,120
and your single source of truth is a vibe,

104
00:04:03,120 --> 00:04:04,080
not a fact.

105
00:04:04,080 --> 00:04:06,960
Your review meetings become folklore recitals,

106
00:04:06,960 --> 00:04:09,360
who remembers which draft was blessed, painful.

107
00:04:09,360 --> 00:04:11,840
So, cleaning is necessary,

108
00:04:11,840 --> 00:04:13,920
but it can't feel like deletion theatre.

109
00:04:13,920 --> 00:04:16,480
The simple version is, "Reduce the active working set,

110
00:04:16,480 --> 00:04:19,360
keep collaboration intact and make reversibility obvious."

111
00:04:19,360 --> 00:04:20,960
That way people stop hoarding in place

112
00:04:20,960 --> 00:04:22,720
and start trusting the environment again.

113
00:04:22,720 --> 00:04:25,120
Now, how do you do that without sparking a user revolt

114
00:04:25,120 --> 00:04:26,560
and an admin refusal?

115
00:04:26,560 --> 00:04:29,760
Enter the architecture, and, spoiler alert,

116
00:04:29,760 --> 00:04:31,600
the subtle permission choice that decides

117
00:04:31,600 --> 00:04:34,160
whether security blesses this or blocks it.

118
00:04:34,160 --> 00:04:38,160
The architecture, SPFX command, plus azure blob,

119
00:04:38,160 --> 00:04:40,960
plus function, plus table, enter the fix,

120
00:04:40,960 --> 00:04:42,800
keep downtown for collaboration,

121
00:04:42,800 --> 00:04:45,360
ship clutter to the warehouse with a forwarding address.

122
00:04:45,360 --> 00:04:48,480
Technically, it's four parts that behave like adults,

123
00:04:48,480 --> 00:04:52,000
and SPFX, list view command, set to initiate the move,

124
00:04:52,000 --> 00:04:54,080
and azure function to do the heavy lifting,

125
00:04:54,080 --> 00:04:57,680
azure blob storage, as the warehouse with hot cool archive aisles,

126
00:04:57,680 --> 00:04:59,920
and azure table storage, as the ledger that remembers

127
00:04:59,920 --> 00:05:00,880
where everything went.

128
00:05:00,880 --> 00:05:04,080
Okay, so basically, the SPFX command adds a move

129
00:05:04,080 --> 00:05:06,400
to blob action to modern libraries.

130
00:05:06,400 --> 00:05:08,880
User selects stale drafts or duplicate variants,

131
00:05:08,880 --> 00:05:10,560
click once, and this is crucial,

132
00:05:10,560 --> 00:05:12,640
the browser doesn't hold a file like a packmule.

133
00:05:12,640 --> 00:05:14,560
It sends a reference,

134
00:05:14,560 --> 00:05:16,880
site web list item ID, drive item ID,

135
00:05:16,880 --> 00:05:19,280
and an access token proving the user can touch it.

136
00:05:19,280 --> 00:05:22,560
That's it, no 100 may be uploads crawling through cafe Wi-Fi,

137
00:05:22,560 --> 00:05:24,880
no please keep the tab open nonsense.

138
00:05:24,880 --> 00:05:26,480
And here's what most people miss,

139
00:05:26,480 --> 00:05:29,360
server to server beats browser relays every day of the week.

140
00:05:29,360 --> 00:05:30,880
The azure function receives that reference

141
00:05:30,880 --> 00:05:33,200
and performs the copy directly from SharePoint

142
00:05:33,200 --> 00:05:36,880
using Microsoft Graph or Rest with throughput designed for servers,

143
00:05:36,880 --> 00:05:39,120
not laptops pretending to be forklifts.

144
00:05:39,120 --> 00:05:42,720
When and only when the hash of the blob copy matches the original,

145
00:05:42,720 --> 00:05:44,720
it logs the move in table storage,

146
00:05:44,720 --> 00:05:46,080
then deletes the source item.

147
00:05:46,080 --> 00:05:47,600
Yes, it respects the recycle bin window

148
00:05:47,600 --> 00:05:48,800
because we're not maniacs.

149
00:05:48,800 --> 00:05:51,040
Reversibility is policy, not a promise.

150
00:05:51,040 --> 00:05:53,280
Now, scope the warehouse, blob storage has tiers

151
00:05:53,280 --> 00:05:54,800
because not all junk is equal.

152
00:05:54,800 --> 00:05:57,520
Hot is for items you might touch soon.

153
00:05:57,520 --> 00:05:59,680
Last quarter's drafts you're still arguing about.

154
00:05:59,680 --> 00:06:03,280
Cool is cheaper, for files you rarely restore.

155
00:06:03,280 --> 00:06:06,240
Archive is the deep freeze, dirt, cheaper rest,

156
00:06:06,240 --> 00:06:08,240
slower to thought, and perfect for,

157
00:06:08,240 --> 00:06:11,120
we legally must keep this, but nobody sane will open it.

158
00:06:11,120 --> 00:06:14,480
Your policy can start every offload in hot for 30-90 days,

159
00:06:14,480 --> 00:06:18,080
then auto-tier to cool with archive only when legal stops hyperventilating.

160
00:06:18,080 --> 00:06:19,680
The economics are blob-sided.

161
00:06:19,680 --> 00:06:22,720
SharePoint extra storage is priced like airport bottled water.

162
00:06:22,720 --> 00:06:23,920
Blob is wholesale.

163
00:06:23,920 --> 00:06:26,560
You don't optimize pennies, you redesign the pantry.

164
00:06:26,560 --> 00:06:29,920
And yes, the ledger, as your table storage is the boring hero.

165
00:06:29,920 --> 00:06:33,680
Every move writes a row with original site web, list library,

166
00:06:33,680 --> 00:06:38,240
server-relative path, unique ID, content hash, size, timestamps,

167
00:06:38,240 --> 00:06:42,560
user who initiated, blob-URI, blob tier, and a restore pointer.

168
00:06:42,560 --> 00:06:45,120
That gives you chain of custody, restore precision,

169
00:06:45,120 --> 00:06:46,880
and auditing without spelunking.

170
00:06:46,880 --> 00:06:49,840
It's not sickle because you don't need joins to read a single receipt.

171
00:06:49,840 --> 00:06:51,440
Keep it simple, keep it fast.

172
00:06:51,440 --> 00:06:55,200
The truth, the token story decides whether security approves this in under five minutes

173
00:06:55,200 --> 00:06:57,200
or sends you to permissions purgatory.

174
00:06:57,200 --> 00:07:00,080
You're tempted to request application permissions, sites.

175
00:07:00,080 --> 00:07:04,640
Read all, sites read write all, so your function can touch anything.

176
00:07:04,640 --> 00:07:06,320
That's how you get an instant note.

177
00:07:06,320 --> 00:07:09,360
The fix is delegated permissions with the on-be-half of flow.

178
00:07:09,360 --> 00:07:11,680
The SPFX command acquires a user token.

179
00:07:12,160 --> 00:07:16,000
Passes it to the function, and the function exchanges it for a downstream token scope

180
00:07:16,000 --> 00:07:17,680
to SharePoint operations.

181
00:07:17,680 --> 00:07:19,840
The app acts as the user, not as a god.

182
00:07:19,840 --> 00:07:23,120
If the user can't touch a file, neither can your function.

183
00:07:23,120 --> 00:07:24,560
Lease privilege preserved.

184
00:07:24,560 --> 00:07:26,000
Audit trails stay sane.

185
00:07:26,000 --> 00:07:27,280
Admin stop glaring.

186
00:07:27,280 --> 00:07:28,400
Here's the weird part.

187
00:07:28,400 --> 00:07:30,400
This model also solves politics.

188
00:07:30,400 --> 00:07:33,440
When a librarian clicks move to blob, they're not elevating.

189
00:07:33,440 --> 00:07:36,240
They're exercising their existing rights with better ergonomics.

190
00:07:36,240 --> 00:07:38,400
No tenant-wide consent to a mystery daemon.

191
00:07:38,400 --> 00:07:40,880
In SharePoint Admin, you expose your API scope,

192
00:07:40,880 --> 00:07:45,120
approve exactly that scope for the SPFX solution, and you're done.

193
00:07:45,120 --> 00:07:47,520
No gruntful control to the solar system requests.

194
00:07:47,520 --> 00:07:49,200
The approvers name is in the log.

195
00:07:49,200 --> 00:07:50,080
Everyone sleeps.

196
00:07:50,080 --> 00:07:52,800
What actually moves, bites, yes.

197
00:07:52,800 --> 00:07:54,240
But also meaning.

198
00:07:54,240 --> 00:07:57,520
You retain the metadata that matters to govern and to undo.

199
00:07:57,520 --> 00:08:00,080
Original URL, drive item ID,

200
00:08:00,080 --> 00:08:03,840
ETAC, created modified, author editor, content type,

201
00:08:03,840 --> 00:08:06,160
retention flags, and a computed hash.

202
00:08:06,160 --> 00:08:08,480
Store the hash because integrity beats vibes.

203
00:08:08,480 --> 00:08:11,840
Store the retention flag because you must never offload items on hold.

204
00:08:11,840 --> 00:08:14,320
The function checks for holds before doing anything cute.

205
00:08:14,320 --> 00:08:16,800
If it's on a retention policy or e-discovery hold,

206
00:08:16,800 --> 00:08:18,640
it refuses and logs the refusal.

207
00:08:18,640 --> 00:08:20,720
Compliance is a tripwire, not an afterthought.

208
00:08:20,720 --> 00:08:21,680
Performance matters.

209
00:08:21,680 --> 00:08:24,560
Bad requests, parallelism tuned to your function plan,

210
00:08:24,560 --> 00:08:26,560
back off on throttling, and idempotency,

211
00:08:26,560 --> 00:08:28,160
so retries don't create duplicates.

212
00:08:28,160 --> 00:08:29,360
Promise all in the client?

213
00:08:29,360 --> 00:08:30,960
Find for UI responsiveness,

214
00:08:30,960 --> 00:08:34,560
but the real throughput comes from the function fanning out server side.

215
00:08:34,560 --> 00:08:36,960
And yes, you monitor, success counts, failure codes,

216
00:08:36,960 --> 00:08:39,920
average copy time, egress bytes for restores, tier transitions.

217
00:08:39,920 --> 00:08:43,360
If restores spike, you over aggressively offload it.

218
00:08:43,360 --> 00:08:45,040
Dial it back, don't guess measure.

219
00:08:45,040 --> 00:08:46,640
Restore is the litmus test.

220
00:08:46,640 --> 00:08:49,680
One click in the web part or command brings it back downtown.

221
00:08:49,680 --> 00:08:53,520
Fetch from blob, validate hash, recreate file with original metadata,

222
00:08:53,520 --> 00:08:56,320
reapply permissions, write a restore row.

223
00:08:56,320 --> 00:08:58,000
The canonical doc returns.

224
00:08:58,000 --> 00:08:59,600
The warehouse keeps the receipt.

225
00:08:59,600 --> 00:09:00,480
No drama.

226
00:09:00,480 --> 00:09:03,040
If you can't restore cleanly, you didn't build a quarantine.

227
00:09:03,040 --> 00:09:04,000
You built a shredder.

228
00:09:04,000 --> 00:09:04,800
Try again.

229
00:09:05,920 --> 00:09:07,840
So the architecture is simple on purpose.

230
00:09:07,840 --> 00:09:10,560
Push initiation to the edge, do transfer in the cloud,

231
00:09:10,560 --> 00:09:12,800
keep a small, durable index of moves,

232
00:09:12,800 --> 00:09:15,680
and tier storage by reality instead of superstition.

233
00:09:15,680 --> 00:09:18,320
It's the same city plan we started with downtown for

234
00:09:18,320 --> 00:09:20,720
living documents warehouse for artifacts

235
00:09:20,720 --> 00:09:24,000
with a concierge that remembers every box and returns it on demand.

236
00:09:24,000 --> 00:09:26,960
And yes, the one subtle permission choice, delegated oboe.

237
00:09:26,960 --> 00:09:29,200
That's the difference between approved this afternoon

238
00:09:29,200 --> 00:09:31,920
and ticket closed as a security risk.

239
00:09:31,920 --> 00:09:35,040
Permissions without the panic, the admin-safe oboe model.

240
00:09:35,040 --> 00:09:36,080
Here's what most people miss.

241
00:09:36,080 --> 00:09:39,760
The permission you ask for decides whether security blesses you or baryzeo.

242
00:09:39,760 --> 00:09:41,680
Application permissions feel powerful.

243
00:09:41,680 --> 00:09:42,320
Sites.

244
00:09:42,320 --> 00:09:43,680
Read all sites.

245
00:09:43,680 --> 00:09:46,640
Read, write, all queue, the cape and theme music.

246
00:09:46,640 --> 00:09:48,720
The truth, that's tenant wide god mode.

247
00:09:48,720 --> 00:09:49,920
You submit that request.

248
00:09:49,920 --> 00:09:52,640
Your admin sees unbounded access to every site

249
00:09:52,640 --> 00:09:55,120
and you get a polite no with a site of site eye.

250
00:09:55,120 --> 00:09:58,480
Enter delegated permissions with the on behalf of flow.

251
00:09:58,480 --> 00:10:00,880
The app doesn't act as an all-seeing service.

252
00:10:00,880 --> 00:10:02,960
It acts as the user who clicked.

253
00:10:02,960 --> 00:10:05,280
If the user can open the file, the function can move it.

254
00:10:05,280 --> 00:10:06,720
If they can't, it can't.

255
00:10:06,720 --> 00:10:09,040
Lease privilege, predictable boundaries, clean audit.

256
00:10:09,040 --> 00:10:11,040
It's not just safer, it's politically acceptable.

257
00:10:11,040 --> 00:10:13,280
Your approver isn't endorsing a super user,

258
00:10:13,280 --> 00:10:15,360
just authorizing a well-behaved courier.

259
00:10:15,360 --> 00:10:18,160
Okay, so basically the sequence is boring and beautiful.

260
00:10:18,160 --> 00:10:21,840
Step one, SPFX acquires a user access token

261
00:10:21,840 --> 00:10:23,440
through the page context.

262
00:10:23,440 --> 00:10:26,640
Standard, Microsoft identity flow, nothing exotic.

263
00:10:26,640 --> 00:10:29,600
Step two, the SPFX command sends the file reference

264
00:10:29,600 --> 00:10:31,360
plus that token to you as your function.

265
00:10:32,000 --> 00:10:35,200
Step three, the function performs an on behalf of token exchange,

266
00:10:35,200 --> 00:10:37,600
converting the user token into a downstream token

267
00:10:37,600 --> 00:10:40,000
scoped for SharePoint Graph or Rest.

268
00:10:40,000 --> 00:10:42,000
Step four, with that delegated token,

269
00:10:42,000 --> 00:10:44,800
the function copies server to server verifies the hash,

270
00:10:44,800 --> 00:10:48,000
writes the ledger row, and only then deletes the original.

271
00:10:48,000 --> 00:10:50,560
No elevation, no secrets pass to the browser,

272
00:10:50,560 --> 00:10:52,640
no mystery demons roaming your tenant.

273
00:10:52,640 --> 00:10:55,680
The counter-intuitive part is how this reduces admin friction.

274
00:10:55,680 --> 00:10:58,320
You expose a custom API scope from your function app,

275
00:10:58,320 --> 00:11:01,440
something like user impersonation for your move endpoint.

276
00:11:01,440 --> 00:11:03,600
In the SPFX package, you declare that scope.

277
00:11:03,600 --> 00:11:08,000
In SharePoint admin, API access shows one tidy request.

278
00:11:08,000 --> 00:11:10,640
This solution wants to call this API with this scope.

279
00:11:10,640 --> 00:11:12,560
Approved ones, the consent is scoped,

280
00:11:12,560 --> 00:11:13,840
auditable and reversible.

281
00:11:13,840 --> 00:11:16,000
Compare that to please-approved sites, read right,

282
00:11:16,000 --> 00:11:18,240
all for our entire tenant.

283
00:11:18,240 --> 00:11:21,200
One earns a same day green check,

284
00:11:21,200 --> 00:11:23,600
the other earns a risk review and a calendar invite.

285
00:11:23,600 --> 00:11:26,240
Governance wins by default in this model.

286
00:11:26,240 --> 00:11:28,160
Every action inherits user permissions.

287
00:11:28,160 --> 00:11:29,760
The "who did what" is your user,

288
00:11:29,760 --> 00:11:32,400
not a service principle with cartoonishly large rights.

289
00:11:32,400 --> 00:11:35,760
Your logs show user you moved document D at time T from library L

290
00:11:35,760 --> 00:11:37,680
to block container C hash H.

291
00:11:37,680 --> 00:11:40,800
That's a chain of custody lawyers can read without a decoder ring.

292
00:11:40,800 --> 00:11:43,600
And when compliance asks whether items under retention

293
00:11:43,600 --> 00:11:46,080
or e-discovery hold or protected, you say yes.

294
00:11:46,080 --> 00:11:49,200
Because the function checks for holds with the same delegated token

295
00:11:49,200 --> 00:11:51,040
and refuses to move held items.

296
00:11:51,040 --> 00:11:53,920
It logs the refusal, least privilege meets least surprise.

297
00:11:53,920 --> 00:11:56,480
But won't delegated tokens limit automation?

298
00:11:56,480 --> 00:11:59,120
Only if your plan was to ignore access boundaries.

299
00:11:59,120 --> 00:12:03,680
Batch moves still work because the function processes item lists the user selected.

300
00:12:03,680 --> 00:12:07,360
Service scale happens in the cloud layer parallel copy operations with back off

301
00:12:07,360 --> 00:12:09,760
while the permission boundary stays human sized.

302
00:12:09,760 --> 00:12:11,440
And yes, admins retain control.

303
00:12:11,440 --> 00:12:14,480
If a scope misbehaves, they revoke it in the admin center.

304
00:12:14,480 --> 00:12:16,160
If a site should never be touched,

305
00:12:16,160 --> 00:12:18,400
its permissions block the move by design.

306
00:12:18,400 --> 00:12:21,920
Everything clicked when I realized the OBO model isn't a concession.

307
00:12:21,920 --> 00:12:23,440
It's the enabler.

308
00:12:23,440 --> 00:12:25,280
It gets your approved, keeps you compliant

309
00:12:25,280 --> 00:12:27,840
and gives you clean forensics when something needs to be put back.

310
00:12:27,840 --> 00:12:30,800
You're not asking for trust, you're proving restrained.

311
00:12:30,800 --> 00:12:34,560
And that astonishingly is what gets security to say yes without a committee.

312
00:12:34,560 --> 00:12:40,080
The playbook, identify, offload, restore, without breaking work.

313
00:12:40,080 --> 00:12:43,280
Okay, so basically you need three gears that mesh cleanly.

314
00:12:43,280 --> 00:12:46,000
Identify candidates with rules,

315
00:12:46,000 --> 00:12:49,360
users respect, offload with verification and receipts,

316
00:12:49,360 --> 00:12:51,840
and restore so effortlessly that nobody panics.

317
00:12:51,840 --> 00:12:55,280
Do this and the warehouse becomes normal, not scary.

318
00:12:55,280 --> 00:12:59,600
Identification first, stop guessing, score, use rules that expose intent,

319
00:12:59,600 --> 00:13:01,760
not just size, duplicates.

320
00:13:01,760 --> 00:13:04,480
Compute a content hash on the latest version per file

321
00:13:04,480 --> 00:13:08,560
and flag siblings across folders or sites with matching hashes in similar titles.

322
00:13:08,560 --> 00:13:10,160
Your final V2 clones.

323
00:13:10,160 --> 00:13:13,840
Obsolid drafts, files with no edits in 120 plus days,

324
00:13:13,840 --> 00:13:16,480
older than the canonical sibling by created date

325
00:13:16,480 --> 00:13:18,480
and never referenced in links or news.

326
00:13:18,480 --> 00:13:22,560
Often archive folders, anything named archive old,

327
00:13:22,560 --> 00:13:26,080
bark or this with last modified older than your policy threshold.

328
00:13:26,080 --> 00:13:30,640
At one human signal, owner confirmation required if the candidate was modified

329
00:13:30,640 --> 00:13:34,320
in the last 45 days, fear fades when people feel consulted.

330
00:13:34,320 --> 00:13:36,720
Scoring candidates keeps politics calm.

331
00:13:36,720 --> 00:13:38,160
Start with attributes.

332
00:13:38,160 --> 00:13:41,360
Version age, older versions beyond your automatic window,

333
00:13:41,360 --> 00:13:44,880
last access, nobody opened it in 90, 1080 days,

334
00:13:44,880 --> 00:13:48,000
edit frequency, bursts of edits followed by silence,

335
00:13:48,000 --> 00:13:51,280
and duplication weight, hash match and title similarity.

336
00:13:51,280 --> 00:13:55,040
Assign points, set a threshold, and mark items recommended versus

337
00:13:55,040 --> 00:13:56,400
requires owner okay.

338
00:13:56,400 --> 00:13:59,200
Nobody argues with a meter.

339
00:13:59,200 --> 00:14:00,560
Now the offload policy.

340
00:14:00,560 --> 00:14:02,480
In modern libraries, user select items,

341
00:14:02,480 --> 00:14:05,920
hit the SPFX move to blob and your Azure function takes over.

342
00:14:05,920 --> 00:14:07,600
Move semantics are not hope.

343
00:14:07,600 --> 00:14:09,040
There are four step ritual.

344
00:14:09,040 --> 00:14:13,200
Copy to blob, verify hash, log to table, then delete the source.

345
00:14:13,200 --> 00:14:16,080
If any step fails, you abort and leave the file in place.

346
00:14:16,080 --> 00:14:19,200
After a successful delete, SharePoints Recycle Ben Safety Window

347
00:14:19,200 --> 00:14:21,280
gives you a grace period for oops moments.

348
00:14:21,280 --> 00:14:24,240
That's your parachute, not your plan, make it fast and quiet.

349
00:14:24,240 --> 00:14:28,480
Bad references from the client, the function fans out up to your safe parallel limit,

350
00:14:28,480 --> 00:14:31,360
respects throttling and retreats, identitently.

351
00:14:31,360 --> 00:14:33,360
Large files write server to server paths,

352
00:14:33,360 --> 00:14:37,600
your user's laptop never sees payload for access tiers default to hot for 60 days.

353
00:14:37,600 --> 00:14:39,840
If nobody restores, auto tier to cool.

354
00:14:39,840 --> 00:14:42,560
Archive only after legal blesses the deep freeze.

355
00:14:42,560 --> 00:14:46,400
And yes, write the receipt every time original URL drive item ID,

356
00:14:46,400 --> 00:14:50,720
ETUG, hash, size, initiator, timestamps, blob, UI and current tier.

357
00:14:50,720 --> 00:14:53,200
Receipts prevent arguments.

358
00:14:53,200 --> 00:14:54,320
Exceptions matter.

359
00:14:54,320 --> 00:14:57,200
If an item sits on a retention policy or e-discovery hold,

360
00:14:57,200 --> 00:14:58,640
the function refuses to move it.

361
00:14:58,640 --> 00:14:59,440
Full stop.

362
00:14:59,440 --> 00:15:02,080
It writes a refused due to hold ledger entry,

363
00:15:02,080 --> 00:15:04,240
so auditors cannot solemnly.

364
00:15:04,240 --> 00:15:06,640
If a library participates in a record center pattern

365
00:15:06,640 --> 00:15:10,480
or has a sensitivity label that forbids relocation and force that in code,

366
00:15:10,480 --> 00:15:13,040
the average user shouldn't be able to outclick compliance.

367
00:15:13,040 --> 00:15:14,000
This is not optional.

368
00:15:14,000 --> 00:15:17,520
It's the price of approval. Restore semantics are your trust engine.

369
00:15:17,520 --> 00:15:21,680
One click in your web part or a command on the item card triggers a symmetrical process.

370
00:15:21,680 --> 00:15:24,480
Fetch from blob, validate hash,

371
00:15:24,480 --> 00:15:29,280
recreate in SharePoint with original metadata, name, content type,

372
00:15:29,280 --> 00:15:33,760
created modified stamps where supported, author editor when permissible,

373
00:15:33,760 --> 00:15:36,400
and reapply permissions mapped from the ledger.

374
00:15:36,400 --> 00:15:38,880
Write a restore row with who, when and where.

375
00:15:38,880 --> 00:15:41,440
If a file already exists at that path, you choose.

376
00:15:41,440 --> 00:15:44,960
Suffix the name with a timestamp or require an override confirmation.

377
00:15:44,960 --> 00:15:46,480
Predictability beats cleverness.

378
00:15:46,480 --> 00:15:49,360
Owner experience is where this lives or dies.

379
00:15:49,360 --> 00:15:51,200
They need a dry run report first.

380
00:15:51,200 --> 00:15:55,280
Read only, no changes, that lists candidates by score with reasons.

381
00:15:55,280 --> 00:15:59,120
Hashtublikets final V2, no opens in 180 days,

382
00:15:59,120 --> 00:16:01,280
older than canonical by nine months.

383
00:16:01,280 --> 00:16:03,680
Provide a one click approved deny per batch.

384
00:16:03,680 --> 00:16:06,080
Show the restore SLA prominently.

385
00:16:06,080 --> 00:16:08,480
Self-service restore in under one minute.

386
00:16:08,480 --> 00:16:11,360
People tolerate quarantine when reversal is obvious.

387
00:16:11,360 --> 00:16:13,120
Governance wants transparency.

388
00:16:13,120 --> 00:16:14,720
Send weekly summaries.

389
00:16:14,720 --> 00:16:15,680
Items moved.

390
00:16:15,680 --> 00:16:16,880
Items refused.

391
00:16:16,880 --> 00:16:19,360
Top libraries by offload volume restores requested,

392
00:16:19,360 --> 00:16:21,760
average restore time and tier transitions.

393
00:16:21,760 --> 00:16:26,240
If restores spike in a library, your identification threshold is too aggressive.

394
00:16:26,240 --> 00:16:27,040
Dial it back.

395
00:16:27,040 --> 00:16:28,400
This isn't a morality play.

396
00:16:28,400 --> 00:16:29,520
It's a feedback loop.

397
00:16:29,520 --> 00:16:30,160
Tune it.

398
00:16:30,160 --> 00:16:31,920
One micro story to make it stick.

399
00:16:31,920 --> 00:16:35,200
We ran this pattern on a project library drowning in finals.

400
00:16:35,200 --> 00:16:38,240
After the first pass, search precision jumped.

401
00:16:38,240 --> 00:16:40,000
Not because we got better at search,

402
00:16:40,000 --> 00:16:43,440
but because we removed four local likes that rhymed with the query.

403
00:16:43,440 --> 00:16:46,320
The canonical dog floated to the top like it always should have.

404
00:16:46,320 --> 00:16:48,320
Copilot stopped citing a quarter-all draft.

405
00:16:48,320 --> 00:16:50,000
Everyone claimed we made search smarter.

406
00:16:50,000 --> 00:16:50,640
We didn't.

407
00:16:50,640 --> 00:16:52,160
We made the haystack smaller.

408
00:16:52,160 --> 00:16:54,160
So the playbook is simple and strict.

409
00:16:54,160 --> 00:16:55,280
Detect with signals.

410
00:16:55,280 --> 00:16:56,160
Move with receipts.

411
00:16:56,160 --> 00:16:57,280
Restore without drama.

412
00:16:57,280 --> 00:16:59,200
Quarantine isn't deletion.

413
00:16:59,200 --> 00:17:00,240
It's discipline.

414
00:17:00,240 --> 00:17:02,400
And discipline is what makes downtown livable again.

415
00:17:02,400 --> 00:17:04,080
The payoff.

416
00:17:04,080 --> 00:17:05,200
Search precision.

417
00:17:05,200 --> 00:17:06,480
Copilot quality.

418
00:17:06,480 --> 00:17:07,920
Compliance confidence.

419
00:17:07,920 --> 00:17:09,440
Here's what most people miss.

420
00:17:09,440 --> 00:17:10,720
Cleaning isn't cosmetic.

421
00:17:10,720 --> 00:17:12,000
It rewires signals.

422
00:17:12,000 --> 00:17:13,760
Remove local likes and your ranking features.

423
00:17:13,760 --> 00:17:15,120
Stop arguing with themselves.

424
00:17:15,120 --> 00:17:19,600
Title, body, clicks, backlinks, all consolidate on the canonical dog.

425
00:17:19,600 --> 00:17:22,800
Instead of being smeared across five cousins with final in their names.

426
00:17:22,800 --> 00:17:25,040
Precision goes up, noise goes down.

427
00:17:25,040 --> 00:17:26,640
Users stop scrolling with a sigh.

428
00:17:26,640 --> 00:17:28,080
Copilot writes the same index.

429
00:17:28,080 --> 00:17:30,720
So its IQ shockingly tracks your housekeeping.

430
00:17:30,720 --> 00:17:33,680
Give it a smaller cleaner corpus and it stops quoting a quarter-all draft

431
00:17:33,680 --> 00:17:35,120
that happened to rhyme with your prompt.

432
00:17:35,120 --> 00:17:35,920
The truth?

433
00:17:35,920 --> 00:17:37,280
You didn't fix AI.

434
00:17:37,280 --> 00:17:38,480
You trimmed the haystack.

435
00:17:38,480 --> 00:17:41,280
The model finds the needle because you stopped feeding a tinsel.

436
00:17:41,280 --> 00:17:43,280
Compliance gets the adult treatment.

437
00:17:43,280 --> 00:17:44,960
Chain of custody isn't a slogan.

438
00:17:44,960 --> 00:17:46,320
It's a row in your ledger.

439
00:17:46,320 --> 00:17:47,360
Who moved what?

440
00:17:47,360 --> 00:17:47,760
When?

441
00:17:47,760 --> 00:17:48,320
From where?

442
00:17:48,320 --> 00:17:48,960
With which hash?

443
00:17:48,960 --> 00:17:49,600
To which tier?

444
00:17:49,600 --> 00:17:50,880
You can answer quickly.

445
00:17:50,880 --> 00:17:52,560
Which artifact did we rely on?

446
00:17:52,560 --> 00:17:53,760
And where did the others go?

447
00:17:53,760 --> 00:17:55,280
Retention and holds remain sacred

448
00:17:55,280 --> 00:17:57,120
because you never move held content.

449
00:17:57,120 --> 00:17:58,480
That's defensibility.

450
00:17:58,480 --> 00:17:59,520
Legal doesn't want heroics.

451
00:17:59,520 --> 00:18:01,040
They want receipts.

452
00:18:01,040 --> 00:18:02,880
Cost is the cameo, not the star.

453
00:18:02,880 --> 00:18:04,320
But the math is brutal.

454
00:18:04,320 --> 00:18:06,800
SharePoint extra storage is priced like airport water.

455
00:18:06,800 --> 00:18:08,000
Blobhott is wholesale.

456
00:18:08,000 --> 00:18:11,200
Cool and archive are bulk bins for infrequent restores.

457
00:18:11,200 --> 00:18:13,840
Egress is background noise compared to paying premium rent

458
00:18:13,840 --> 00:18:15,600
for content you don't actively use.

459
00:18:15,600 --> 00:18:17,200
And because you tier by reality,

460
00:18:17,200 --> 00:18:19,440
hot for short grays, cool for the long tail,

461
00:18:19,440 --> 00:18:20,960
archive for deep cold,

462
00:18:20,960 --> 00:18:23,200
you pay for behavior, not superstition.

463
00:18:23,200 --> 00:18:25,600
KPI time because feelings are not metrics.

464
00:18:25,600 --> 00:18:29,200
Duplicate ratio falls as hash-matched siblings leave downtown.

465
00:18:29,200 --> 00:18:31,600
Version storage shrinks because you're no longer hoarding clones

466
00:18:31,600 --> 00:18:32,960
on top of version history.

467
00:18:32,960 --> 00:18:35,200
Search click through on position one rises

468
00:18:35,200 --> 00:18:37,840
when the top result is actually the source of truth.

469
00:18:37,840 --> 00:18:39,440
Copilot answer consistency improves

470
00:18:39,440 --> 00:18:42,000
because fewer divergent drafts compete for context.

471
00:18:42,000 --> 00:18:43,600
Restore SLA stays sub-minute,

472
00:18:43,600 --> 00:18:45,360
which is exactly how you keep users calm.

473
00:18:45,360 --> 00:18:48,160
If restored spike, your scoring is too aggressive.

474
00:18:48,160 --> 00:18:50,000
Adjust thresholds, rerun the dry run,

475
00:18:50,000 --> 00:18:51,040
and try again.

476
00:18:51,040 --> 00:18:52,320
Feedback not faith.

477
00:18:52,320 --> 00:18:54,640
And yes, performance in practice mirrors the design.

478
00:18:54,640 --> 00:18:56,480
Server to server copy is steady.

479
00:18:56,480 --> 00:18:59,200
Parallelism keeps throughput high without melting throttles.

480
00:18:59,200 --> 00:19:00,560
The browser stays light.

481
00:19:00,560 --> 00:19:02,240
Your logs show exactly where time goes.

482
00:19:02,240 --> 00:19:04,320
In other words, the payoff is not theoretical.

483
00:19:04,320 --> 00:19:06,000
It's operational, measurable,

484
00:19:06,000 --> 00:19:08,560
and most importantly obvious to the average user

485
00:19:08,560 --> 00:19:10,160
who just wants the right file to win.

486
00:19:10,160 --> 00:19:13,760
Minimum viable rollout, pilot to policy.

487
00:19:13,760 --> 00:19:15,280
Start small, loudly.

488
00:19:15,280 --> 00:19:18,960
Pick one high noise library with leaders who actually answer emails.

489
00:19:18,960 --> 00:19:20,400
Define success upfront.

490
00:19:20,400 --> 00:19:21,920
Fewer duplicates in results,

491
00:19:21,920 --> 00:19:23,600
hire click through on the canonical,

492
00:19:23,600 --> 00:19:25,840
copilot answer citing the right doc,

493
00:19:25,840 --> 00:19:27,440
zero incidents with held content,

494
00:19:27,440 --> 00:19:28,800
and sub-minute restores.

495
00:19:28,800 --> 00:19:30,640
If you can't measure it, you can't claim it.

496
00:19:30,640 --> 00:19:31,680
Guard rails first.

497
00:19:31,680 --> 00:19:35,120
Run a read-only dry run that scores candidates and explains why.

498
00:19:35,120 --> 00:19:36,960
Hashtublicate's final V2.

499
00:19:36,960 --> 00:19:39,120
No opens in 180 days.

500
00:19:39,120 --> 00:19:41,040
Older than canonical by nine months.

501
00:19:41,040 --> 00:19:44,560
Require owner approval for anything touched in the last 45 days.

502
00:19:44,560 --> 00:19:47,280
Block items under retention or hold in code.

503
00:19:47,280 --> 00:19:49,840
Don't trust humans to remember policy under pressure.

504
00:19:49,840 --> 00:19:53,520
Defaults that don't start fights offload to hot for 60 days,

505
00:19:53,520 --> 00:19:55,360
auto-tier to cool after that,

506
00:19:55,360 --> 00:19:58,640
and keep archive as a legal approved path for deep cold.

507
00:19:58,640 --> 00:20:01,360
Publish the restore SLA in 14.font,

508
00:20:01,360 --> 00:20:03,360
self-service restore in under one minute.

509
00:20:03,360 --> 00:20:04,880
This is quarantine, not deletion.

510
00:20:04,880 --> 00:20:06,560
Say it again for the average user.

511
00:20:06,560 --> 00:20:08,240
Change management without theater.

512
00:20:08,240 --> 00:20:10,880
Announce the pilot, show the dry run report,

513
00:20:10,880 --> 00:20:13,280
and give owners a one-click approved deny per batch.

514
00:20:13,280 --> 00:20:15,840
Build a tiny web part that lists their offloaded items

515
00:20:15,840 --> 00:20:18,160
with restore buttons and reason codes.

516
00:20:18,160 --> 00:20:21,200
People relax when reversibility is one click away

517
00:20:21,200 --> 00:20:22,400
and receipts are visible.

518
00:20:22,400 --> 00:20:23,840
Automate the boring parts.

519
00:20:23,840 --> 00:20:25,520
Schedule scans weekly.

520
00:20:25,520 --> 00:20:28,160
Maintain exception lists for special libraries.

521
00:20:28,160 --> 00:20:30,320
Alert when restore requests spike

522
00:20:30,320 --> 00:20:33,200
or when a site's duplicate ratio refuses to drop.

523
00:20:33,200 --> 00:20:36,000
Close the loop with a weekly summary to stay cold as,

524
00:20:36,000 --> 00:20:38,640
move count, refuse count, top offenders,

525
00:20:38,640 --> 00:20:40,800
average restore time and tier transitions.

526
00:20:40,800 --> 00:20:42,640
Green ticks make meetings shorter.

527
00:20:42,640 --> 00:20:44,000
Roll out with intent.

528
00:20:44,000 --> 00:20:45,520
After the pilot hits targets,

529
00:20:45,520 --> 00:20:47,760
promote the rule set to a policy template

530
00:20:47,760 --> 00:20:49,440
and apply it to the next two libraries

531
00:20:49,440 --> 00:20:50,960
with slightly different patterns,

532
00:20:50,960 --> 00:20:53,200
project sites and department archives.

533
00:20:53,200 --> 00:20:55,440
Itterate thresholds based on restore behavior.

534
00:20:55,440 --> 00:20:57,280
Only when three cohorts behave should you scale

535
00:20:57,280 --> 00:20:58,320
to a broader program.

536
00:20:58,320 --> 00:21:00,320
You're proving restrained as much as results.

537
00:21:00,320 --> 00:21:02,240
Final step and shrine the OBIO model.

538
00:21:02,240 --> 00:21:04,480
Document the scopes, the consent process

539
00:21:04,480 --> 00:21:06,720
and the refusal paths for holes and labels.

540
00:21:06,720 --> 00:21:08,880
Put the no-god mode principle in writing.

541
00:21:08,880 --> 00:21:10,400
Security signs off ones.

542
00:21:10,400 --> 00:21:12,640
You avoid permissions cause play forever.

543
00:21:12,640 --> 00:21:14,800
Then and only then call it standard.

544
00:21:14,800 --> 00:21:18,240
Your docs need a diet, not a dumpster.

545
00:21:18,240 --> 00:21:19,360
Key takeaway.

546
00:21:19,360 --> 00:21:21,520
Cleaner SharePoint isn't cosmetic.

547
00:21:21,520 --> 00:21:23,360
It upgrades search precision,

548
00:21:23,360 --> 00:21:24,560
steady scope pilot,

549
00:21:24,560 --> 00:21:26,720
and gives compliance receipts instead of excuses.

550
00:21:26,720 --> 00:21:30,240
If you want the exact SPFX+ azure function

551
00:21:30,240 --> 00:21:31,760
plus block plus table scaffolding

552
00:21:31,760 --> 00:21:33,680
and the delegated OBIO configuration,

553
00:21:33,680 --> 00:21:35,520
subscribe and catch the deep dive.

554
00:21:35,520 --> 00:21:38,720
We'll ship the starter kit, rules and policy templates.

555
00:21:38,720 --> 00:21:39,920
Do the efficient thing now,

556
00:21:39,920 --> 00:21:42,400
subscribe, enable alerts and stop hoarding.