Now Reading: Stop SharePoint Hoarding: The Blob Storage Fix
-
01
Stop SharePoint Hoarding: The Blob Storage Fix
1
00:00:00,000 –> 00:00:01,660
Your SharePoint looks confident.
2
00:00:01,660 –> 00:00:04,200
Copilot 2, ask a question, get an answer,
3
00:00:04,200 –> 00:00:06,600
deliver it with the swagger of a straight A student.
4
00:00:06,600 –> 00:00:07,360
The truth?
5
00:00:07,360 –> 00:00:10,200
It’s guessing between five files named final final V2,
6
00:00:10,200 –> 00:00:11,960
final V2 real and you know this one,
7
00:00:11,960 –> 00:00:13,480
final V2 real final.
8
00:00:13,480 –> 00:00:14,760
That confidence is a lie.
9
00:00:14,760 –> 00:00:17,320
You don’t have a storage problem, you have a relevance problem.
10
00:00:17,320 –> 00:00:20,320
Duplicates, bury the canonical truth, uses trust noise.
11
00:00:20,320 –> 00:00:22,680
We’re going to fix it without breaking collaboration.
12
00:00:22,680 –> 00:00:25,560
Keep active docs in SharePoint, quarantine junk elegantly
13
00:00:25,560 –> 00:00:28,520
in Azure Blob and make search and copilot smarter.
14
00:00:28,520 –> 00:00:30,920
There’s one permission choice that makes admins say yes.
15
00:00:30,920 –> 00:00:32,640
I’ll close that loop later.
16
00:00:32,640 –> 00:00:35,800
Why SharePoint hoarding, breaks, search and governance?
17
00:00:35,800 –> 00:00:38,640
Okay, so basically humans, hoard and systems comply.
18
00:00:38,640 –> 00:00:39,760
SharePoint is obedient.
19
00:00:39,760 –> 00:00:42,200
You upload drafts, make copies just in case,
20
00:00:42,200 –> 00:00:44,600
create an archive folder with good intentions
21
00:00:44,600 –> 00:00:47,400
and then versioning quietly multiplies every edit.
22
00:00:47,400 –> 00:00:50,560
The result isn’t simply bloat, it’s epistemic fog.
23
00:00:50,560 –> 00:00:53,720
Nobody can say which file is the latest truth with a straight face.
24
00:00:53,720 –> 00:00:55,400
Here’s what most people miss.
25
00:00:55,400 –> 00:00:58,040
Search isn’t a librarian, it’s a ranking engine.
26
00:00:58,040 –> 00:01:01,240
When you scatter duplicates and near duplicates across libraries and sites,
27
00:01:01,240 –> 00:01:05,720
you dilute signals, title, body, click history, links.
28
00:01:05,720 –> 00:01:08,480
All the relevance features get smeared across variants.
29
00:01:08,480 –> 00:01:12,000
So the top result might be a stale draft with attractive metadata
30
00:01:12,000 –> 00:01:14,560
while the actual final is buried two slots down.
31
00:01:14,560 –> 00:01:16,880
And yes, copilot sits on top of that same index,
32
00:01:16,880 –> 00:01:20,000
give it a messy corpus and it produces plausible but wrong summaries.
33
00:01:20,000 –> 00:01:22,720
Not hallucination, garbage in, confident garbage out.
34
00:01:22,720 –> 00:01:25,200
The counter intuitive part is cost isn’t your real enemy.
35
00:01:25,200 –> 00:01:28,600
Yes, every version counts toward your SharePoint quota
36
00:01:28,600 –> 00:01:30,920
and frequent edits explode the footprint.
37
00:01:30,920 –> 00:01:32,600
But the bigger price is wrong answers,
38
00:01:32,600 –> 00:01:34,800
try defending a decision when legal asks,
39
00:01:34,800 –> 00:01:36,400
which document did you rely on?
40
00:01:36,400 –> 00:01:39,640
And your search returns four finals with conflicting content.
41
00:01:39,640 –> 00:01:43,200
Governance isn’t a checkbox, it’s the ability to prove custody of truth.
42
00:01:43,200 –> 00:01:44,920
Versioning reality is matter.
43
00:01:44,920 –> 00:01:47,040
SharePoint tracks versions by default
44
00:01:47,040 –> 00:01:49,320
because recovery and accountability are crucial.
45
00:01:49,320 –> 00:01:51,680
But if a five maybe file accrues a hundred versions,
46
00:01:51,680 –> 00:01:53,160
that’s roughly 500mb.
47
00:01:53,160 –> 00:01:55,280
Multiply that by thousands of active documents
48
00:01:55,280 –> 00:01:58,400
and congratulations, you’re funding a museum of your own indecision.
49
00:01:58,400 –> 00:02:00,360
Microsoft’s automatic version history
50
00:02:00,360 –> 00:02:03,440
does help by trimming older versions intelligently,
51
00:02:03,440 –> 00:02:06,760
hourly, daily, weekly snapshots over time,
52
00:02:06,760 –> 00:02:09,160
preserving the useful points while cutting noise
53
00:02:09,160 –> 00:02:10,880
that reduces storage pain dramatically.
54
00:02:10,880 –> 00:02:13,880
The problem is it doesn’t touch your rogue copies or pseudo archives.
55
00:02:13,880 –> 00:02:16,480
Automatic trimming curates history within a file.
56
00:02:16,480 –> 00:02:20,120
It doesn’t referee the clones you made in that archive folder from 2019
57
00:02:20,120 –> 00:02:21,640
that somehow still gets edited.
58
00:02:21,640 –> 00:02:24,800
Everything clicked when I realized most storage cleanups fail
59
00:02:24,800 –> 00:02:26,640
because they treat duplicates like trash.
60
00:02:26,640 –> 00:02:28,760
Users aren’t lazy, they’re risk averse.
61
00:02:28,760 –> 00:02:31,080
Delete feels irreversible, so they create shadow copies,
62
00:02:31,080 –> 00:02:33,880
label them, final some date, and swear they’ll tidy later.
63
00:02:33,880 –> 00:02:35,240
Later doesn’t exist.
64
00:02:35,240 –> 00:02:37,280
This is why pressing delete versions in bulk
65
00:02:37,280 –> 00:02:40,120
is a political disaster disguised as a technical action.
66
00:02:40,120 –> 00:02:41,760
You win quota, you lose trust.
67
00:02:41,760 –> 00:02:43,640
What this actually means is you need a pattern
68
00:02:43,640 –> 00:02:46,680
that makes the canonical document obvious without threatening users.
69
00:02:46,680 –> 00:02:48,200
Think of it like a city zoning plan.
70
00:02:48,200 –> 00:02:51,600
SharePoint is downtown, busy, collaborative, well lit.
71
00:02:51,600 –> 00:02:53,600
Azure Blob is the warehouse district
72
00:02:53,600 –> 00:02:55,600
cheap, safe, out of the way.
73
00:02:55,600 –> 00:02:57,120
Active documents live downtown,
74
00:02:57,120 –> 00:02:58,880
stale drafts, obsolete duplicates,
75
00:02:58,880 –> 00:03:01,840
and just in case variants get moved to the warehouse
76
00:03:01,840 –> 00:03:04,960
with a forwarding address, not destroyed, not hidden quarantined.
77
00:03:04,960 –> 00:03:06,240
Here’s the weird part.
78
00:03:06,240 –> 00:03:08,800
When you remove near duplicates from the active index,
79
00:03:08,800 –> 00:03:10,200
search precision jumps.
80
00:03:10,200 –> 00:03:13,520
Fewer false positives, the canonical document signals dominate.
81
00:03:13,520 –> 00:03:16,000
Copilot’s answer stabilizes because its context window
82
00:03:16,000 –> 00:03:17,480
isn’t clogged with ancient drafts that
83
00:03:17,480 –> 00:03:20,240
rhymed with your query better than they matched the truth.
84
00:03:20,240 –> 00:03:23,280
Users ask, “But what if I need the old draft?”
85
00:03:23,280 –> 00:03:25,360
Fine, you can restore it with one click.
86
00:03:25,360 –> 00:03:27,680
The difference is it’s not sitting in the middle of traffic
87
00:03:27,680 –> 00:03:29,120
pretending to be current.
88
00:03:29,120 –> 00:03:30,480
Governance gets say-ner too.
89
00:03:30,480 –> 00:03:32,480
Retention policies stay honest when you stop
90
00:03:32,480 –> 00:03:34,000
playing shell games with copies.
91
00:03:34,000 –> 00:03:36,240
The preservation hold library continues doing its job
92
00:03:36,240 –> 00:03:38,960
for items under hold, untouchable as it should be,
93
00:03:38,960 –> 00:03:41,840
while your offloaded junk sits in blob with metadata,
94
00:03:41,840 –> 00:03:45,120
original path, hash, timestamps, and who moved it.
95
00:03:45,120 –> 00:03:46,240
That’s chain of custody.
96
00:03:46,240 –> 00:03:48,480
You can actually answer, “Where did this come from?
97
00:03:48,480 –> 00:03:49,840
And when did we move it?”
98
00:03:49,840 –> 00:03:52,000
Without spelunking through audit logs like a raccoon
99
00:03:52,000 –> 00:03:55,520
in a filing cabinet, compare that to the do-nothing timeline.
100
00:03:55,520 –> 00:03:57,520
Search keeps returning five candidates.
101
00:03:57,520 –> 00:03:59,200
Users choose the wrong one.
102
00:03:59,200 –> 00:04:00,880
Copilot propagates that error,
103
00:04:00,880 –> 00:04:03,120
and your single source of truth is a vibe,
104
00:04:03,120 –> 00:04:04,080
not a fact.
105
00:04:04,080 –> 00:04:06,960
Your review meetings become folklore recitals,
106
00:04:06,960 –> 00:04:09,360
who remembers which draft was blessed, painful.
107
00:04:09,360 –> 00:04:11,840
So, cleaning is necessary,
108
00:04:11,840 –> 00:04:13,920
but it can’t feel like deletion theatre.
109
00:04:13,920 –> 00:04:16,480
The simple version is, “Reduce the active working set,
110
00:04:16,480 –> 00:04:19,360
keep collaboration intact and make reversibility obvious.”
111
00:04:19,360 –> 00:04:20,960
That way people stop hoarding in place
112
00:04:20,960 –> 00:04:22,720
and start trusting the environment again.
113
00:04:22,720 –> 00:04:25,120
Now, how do you do that without sparking a user revolt
114
00:04:25,120 –> 00:04:26,560
and an admin refusal?
115
00:04:26,560 –> 00:04:29,760
Enter the architecture, and, spoiler alert,
116
00:04:29,760 –> 00:04:31,600
the subtle permission choice that decides
117
00:04:31,600 –> 00:04:34,160
whether security blesses this or blocks it.
118
00:04:34,160 –> 00:04:38,160
The architecture, SPFX command, plus azure blob,
119
00:04:38,160 –> 00:04:40,960
plus function, plus table, enter the fix,
120
00:04:40,960 –> 00:04:42,800
keep downtown for collaboration,
121
00:04:42,800 –> 00:04:45,360
ship clutter to the warehouse with a forwarding address.
122
00:04:45,360 –> 00:04:48,480
Technically, it’s four parts that behave like adults,
123
00:04:48,480 –> 00:04:52,000
and SPFX, list view command, set to initiate the move,
124
00:04:52,000 –> 00:04:54,080
and azure function to do the heavy lifting,
125
00:04:54,080 –> 00:04:57,680
azure blob storage, as the warehouse with hot cool archive aisles,
126
00:04:57,680 –> 00:04:59,920
and azure table storage, as the ledger that remembers
127
00:04:59,920 –> 00:05:00,880
where everything went.
128
00:05:00,880 –> 00:05:04,080
Okay, so basically, the SPFX command adds a move
129
00:05:04,080 –> 00:05:06,400
to blob action to modern libraries.
130
00:05:06,400 –> 00:05:08,880
User selects stale drafts or duplicate variants,
131
00:05:08,880 –> 00:05:10,560
click once, and this is crucial,
132
00:05:10,560 –> 00:05:12,640
the browser doesn’t hold a file like a packmule.
133
00:05:12,640 –> 00:05:14,560
It sends a reference,
134
00:05:14,560 –> 00:05:16,880
site web list item ID, drive item ID,
135
00:05:16,880 –> 00:05:19,280
and an access token proving the user can touch it.
136
00:05:19,280 –> 00:05:22,560
That’s it, no 100 may be uploads crawling through cafe Wi-Fi,
137
00:05:22,560 –> 00:05:24,880
no please keep the tab open nonsense.
138
00:05:24,880 –> 00:05:26,480
And here’s what most people miss,
139
00:05:26,480 –> 00:05:29,360
server to server beats browser relays every day of the week.
140
00:05:29,360 –> 00:05:30,880
The azure function receives that reference
141
00:05:30,880 –> 00:05:33,200
and performs the copy directly from SharePoint
142
00:05:33,200 –> 00:05:36,880
using Microsoft Graph or Rest with throughput designed for servers,
143
00:05:36,880 –> 00:05:39,120
not laptops pretending to be forklifts.
144
00:05:39,120 –> 00:05:42,720
When and only when the hash of the blob copy matches the original,
145
00:05:42,720 –> 00:05:44,720
it logs the move in table storage,
146
00:05:44,720 –> 00:05:46,080
then deletes the source item.
147
00:05:46,080 –> 00:05:47,600
Yes, it respects the recycle bin window
148
00:05:47,600 –> 00:05:48,800
because we’re not maniacs.
149
00:05:48,800 –> 00:05:51,040
Reversibility is policy, not a promise.
150
00:05:51,040 –> 00:05:53,280
Now, scope the warehouse, blob storage has tiers
151
00:05:53,280 –> 00:05:54,800
because not all junk is equal.
152
00:05:54,800 –> 00:05:57,520
Hot is for items you might touch soon.
153
00:05:57,520 –> 00:05:59,680
Last quarter’s drafts you’re still arguing about.
154
00:05:59,680 –> 00:06:03,280
Cool is cheaper, for files you rarely restore.
155
00:06:03,280 –> 00:06:06,240
Archive is the deep freeze, dirt, cheaper rest,
156
00:06:06,240 –> 00:06:08,240
slower to thought, and perfect for,
157
00:06:08,240 –> 00:06:11,120
we legally must keep this, but nobody sane will open it.
158
00:06:11,120 –> 00:06:14,480
Your policy can start every offload in hot for 30-90 days,
159
00:06:14,480 –> 00:06:18,080
then auto-tier to cool with archive only when legal stops hyperventilating.
160
00:06:18,080 –> 00:06:19,680
The economics are blob-sided.
161
00:06:19,680 –> 00:06:22,720
SharePoint extra storage is priced like airport bottled water.
162
00:06:22,720 –> 00:06:23,920
Blob is wholesale.
163
00:06:23,920 –> 00:06:26,560
You don’t optimize pennies, you redesign the pantry.
164
00:06:26,560 –> 00:06:29,920
And yes, the ledger, as your table storage is the boring hero.
165
00:06:29,920 –> 00:06:33,680
Every move writes a row with original site web, list library,
166
00:06:33,680 –> 00:06:38,240
server-relative path, unique ID, content hash, size, timestamps,
167
00:06:38,240 –> 00:06:42,560
user who initiated, blob-URI, blob tier, and a restore pointer.
168
00:06:42,560 –> 00:06:45,120
That gives you chain of custody, restore precision,
169
00:06:45,120 –> 00:06:46,880
and auditing without spelunking.
170
00:06:46,880 –> 00:06:49,840
It’s not sickle because you don’t need joins to read a single receipt.
171
00:06:49,840 –> 00:06:51,440
Keep it simple, keep it fast.
172
00:06:51,440 –> 00:06:55,200
The truth, the token story decides whether security approves this in under five minutes
173
00:06:55,200 –> 00:06:57,200
or sends you to permissions purgatory.
174
00:06:57,200 –> 00:07:00,080
You’re tempted to request application permissions, sites.
175
00:07:00,080 –> 00:07:04,640
Read all, sites read write all, so your function can touch anything.
176
00:07:04,640 –> 00:07:06,320
That’s how you get an instant note.
177
00:07:06,320 –> 00:07:09,360
The fix is delegated permissions with the on-be-half of flow.
178
00:07:09,360 –> 00:07:11,680
The SPFX command acquires a user token.
179
00:07:12,160 –> 00:07:16,000
Passes it to the function, and the function exchanges it for a downstream token scope
180
00:07:16,000 –> 00:07:17,680
to SharePoint operations.
181
00:07:17,680 –> 00:07:19,840
The app acts as the user, not as a god.
182
00:07:19,840 –> 00:07:23,120
If the user can’t touch a file, neither can your function.
183
00:07:23,120 –> 00:07:24,560
Lease privilege preserved.
184
00:07:24,560 –> 00:07:26,000
Audit trails stay sane.
185
00:07:26,000 –> 00:07:27,280
Admin stop glaring.
186
00:07:27,280 –> 00:07:28,400
Here’s the weird part.
187
00:07:28,400 –> 00:07:30,400
This model also solves politics.
188
00:07:30,400 –> 00:07:33,440
When a librarian clicks move to blob, they’re not elevating.
189
00:07:33,440 –> 00:07:36,240
They’re exercising their existing rights with better ergonomics.
190
00:07:36,240 –> 00:07:38,400
No tenant-wide consent to a mystery daemon.
191
00:07:38,400 –> 00:07:40,880
In SharePoint Admin, you expose your API scope,
192
00:07:40,880 –> 00:07:45,120
approve exactly that scope for the SPFX solution, and you’re done.
193
00:07:45,120 –> 00:07:47,520
No gruntful control to the solar system requests.
194
00:07:47,520 –> 00:07:49,200
The approvers name is in the log.
195
00:07:49,200 –> 00:07:50,080
Everyone sleeps.
196
00:07:50,080 –> 00:07:52,800
What actually moves, bites, yes.
197
00:07:52,800 –> 00:07:54,240
But also meaning.
198
00:07:54,240 –> 00:07:57,520
You retain the metadata that matters to govern and to undo.
199
00:07:57,520 –> 00:08:00,080
Original URL, drive item ID,
200
00:08:00,080 –> 00:08:03,840
ETAC, created modified, author editor, content type,
201
00:08:03,840 –> 00:08:06,160
retention flags, and a computed hash.
202
00:08:06,160 –> 00:08:08,480
Store the hash because integrity beats vibes.
203
00:08:08,480 –> 00:08:11,840
Store the retention flag because you must never offload items on hold.
204
00:08:11,840 –> 00:08:14,320
The function checks for holds before doing anything cute.
205
00:08:14,320 –> 00:08:16,800
If it’s on a retention policy or e-discovery hold,
206
00:08:16,800 –> 00:08:18,640
it refuses and logs the refusal.
207
00:08:18,640 –> 00:08:20,720
Compliance is a tripwire, not an afterthought.
208
00:08:20,720 –> 00:08:21,680
Performance matters.
209
00:08:21,680 –> 00:08:24,560
Bad requests, parallelism tuned to your function plan,
210
00:08:24,560 –> 00:08:26,560
back off on throttling, and idempotency,
211
00:08:26,560 –> 00:08:28,160
so retries don’t create duplicates.
212
00:08:28,160 –> 00:08:29,360
Promise all in the client?
213
00:08:29,360 –> 00:08:30,960
Find for UI responsiveness,
214
00:08:30,960 –> 00:08:34,560
but the real throughput comes from the function fanning out server side.
215
00:08:34,560 –> 00:08:36,960
And yes, you monitor, success counts, failure codes,
216
00:08:36,960 –> 00:08:39,920
average copy time, egress bytes for restores, tier transitions.
217
00:08:39,920 –> 00:08:43,360
If restores spike, you over aggressively offload it.
218
00:08:43,360 –> 00:08:45,040
Dial it back, don’t guess measure.
219
00:08:45,040 –> 00:08:46,640
Restore is the litmus test.
220
00:08:46,640 –> 00:08:49,680
One click in the web part or command brings it back downtown.
221
00:08:49,680 –> 00:08:53,520
Fetch from blob, validate hash, recreate file with original metadata,
222
00:08:53,520 –> 00:08:56,320
reapply permissions, write a restore row.
223
00:08:56,320 –> 00:08:58,000
The canonical doc returns.
224
00:08:58,000 –> 00:08:59,600
The warehouse keeps the receipt.
225
00:08:59,600 –> 00:09:00,480
No drama.
226
00:09:00,480 –> 00:09:03,040
If you can’t restore cleanly, you didn’t build a quarantine.
227
00:09:03,040 –> 00:09:04,000
You built a shredder.
228
00:09:04,000 –> 00:09:04,800
Try again.
229
00:09:05,920 –> 00:09:07,840
So the architecture is simple on purpose.
230
00:09:07,840 –> 00:09:10,560
Push initiation to the edge, do transfer in the cloud,
231
00:09:10,560 –> 00:09:12,800
keep a small, durable index of moves,
232
00:09:12,800 –> 00:09:15,680
and tier storage by reality instead of superstition.
233
00:09:15,680 –> 00:09:18,320
It’s the same city plan we started with downtown for
234
00:09:18,320 –> 00:09:20,720
living documents warehouse for artifacts
235
00:09:20,720 –> 00:09:24,000
with a concierge that remembers every box and returns it on demand.
236
00:09:24,000 –> 00:09:26,960
And yes, the one subtle permission choice, delegated oboe.
237
00:09:26,960 –> 00:09:29,200
That’s the difference between approved this afternoon
238
00:09:29,200 –> 00:09:31,920
and ticket closed as a security risk.
239
00:09:31,920 –> 00:09:35,040
Permissions without the panic, the admin-safe oboe model.
240
00:09:35,040 –> 00:09:36,080
Here’s what most people miss.
241
00:09:36,080 –> 00:09:39,760
The permission you ask for decides whether security blesses you or baryzeo.
242
00:09:39,760 –> 00:09:41,680
Application permissions feel powerful.
243
00:09:41,680 –> 00:09:42,320
Sites.
244
00:09:42,320 –> 00:09:43,680
Read all sites.
245
00:09:43,680 –> 00:09:46,640
Read, write, all queue, the cape and theme music.
246
00:09:46,640 –> 00:09:48,720
The truth, that’s tenant wide god mode.
247
00:09:48,720 –> 00:09:49,920
You submit that request.
248
00:09:49,920 –> 00:09:52,640
Your admin sees unbounded access to every site
249
00:09:52,640 –> 00:09:55,120
and you get a polite no with a site of site eye.
250
00:09:55,120 –> 00:09:58,480
Enter delegated permissions with the on behalf of flow.
251
00:09:58,480 –> 00:10:00,880
The app doesn’t act as an all-seeing service.
252
00:10:00,880 –> 00:10:02,960
It acts as the user who clicked.
253
00:10:02,960 –> 00:10:05,280
If the user can open the file, the function can move it.
254
00:10:05,280 –> 00:10:06,720
If they can’t, it can’t.
255
00:10:06,720 –> 00:10:09,040
Lease privilege, predictable boundaries, clean audit.
256
00:10:09,040 –> 00:10:11,040
It’s not just safer, it’s politically acceptable.
257
00:10:11,040 –> 00:10:13,280
Your approver isn’t endorsing a super user,
258
00:10:13,280 –> 00:10:15,360
just authorizing a well-behaved courier.
259
00:10:15,360 –> 00:10:18,160
Okay, so basically the sequence is boring and beautiful.
260
00:10:18,160 –> 00:10:21,840
Step one, SPFX acquires a user access token
261
00:10:21,840 –> 00:10:23,440
through the page context.
262
00:10:23,440 –> 00:10:26,640
Standard, Microsoft identity flow, nothing exotic.
263
00:10:26,640 –> 00:10:29,600
Step two, the SPFX command sends the file reference
264
00:10:29,600 –> 00:10:31,360
plus that token to you as your function.
265
00:10:32,000 –> 00:10:35,200
Step three, the function performs an on behalf of token exchange,
266
00:10:35,200 –> 00:10:37,600
converting the user token into a downstream token
267
00:10:37,600 –> 00:10:40,000
scoped for SharePoint Graph or Rest.
268
00:10:40,000 –> 00:10:42,000
Step four, with that delegated token,
269
00:10:42,000 –> 00:10:44,800
the function copies server to server verifies the hash,
270
00:10:44,800 –> 00:10:48,000
writes the ledger row, and only then deletes the original.
271
00:10:48,000 –> 00:10:50,560
No elevation, no secrets pass to the browser,
272
00:10:50,560 –> 00:10:52,640
no mystery demons roaming your tenant.
273
00:10:52,640 –> 00:10:55,680
The counter-intuitive part is how this reduces admin friction.
274
00:10:55,680 –> 00:10:58,320
You expose a custom API scope from your function app,
275
00:10:58,320 –> 00:11:01,440
something like user impersonation for your move endpoint.
276
00:11:01,440 –> 00:11:03,600
In the SPFX package, you declare that scope.
277
00:11:03,600 –> 00:11:08,000
In SharePoint admin, API access shows one tidy request.
278
00:11:08,000 –> 00:11:10,640
This solution wants to call this API with this scope.
279
00:11:10,640 –> 00:11:12,560
Approved ones, the consent is scoped,
280
00:11:12,560 –> 00:11:13,840
auditable and reversible.
281
00:11:13,840 –> 00:11:16,000
Compare that to please-approved sites, read right,
282
00:11:16,000 –> 00:11:18,240
all for our entire tenant.
283
00:11:18,240 –> 00:11:21,200
One earns a same day green check,
284
00:11:21,200 –> 00:11:23,600
the other earns a risk review and a calendar invite.
285
00:11:23,600 –> 00:11:26,240
Governance wins by default in this model.
286
00:11:26,240 –> 00:11:28,160
Every action inherits user permissions.
287
00:11:28,160 –> 00:11:29,760
The “who did what” is your user,
288
00:11:29,760 –> 00:11:32,400
not a service principle with cartoonishly large rights.
289
00:11:32,400 –> 00:11:35,760
Your logs show user you moved document D at time T from library L
290
00:11:35,760 –> 00:11:37,680
to block container C hash H.
291
00:11:37,680 –> 00:11:40,800
That’s a chain of custody lawyers can read without a decoder ring.
292
00:11:40,800 –> 00:11:43,600
And when compliance asks whether items under retention
293
00:11:43,600 –> 00:11:46,080
or e-discovery hold or protected, you say yes.
294
00:11:46,080 –> 00:11:49,200
Because the function checks for holds with the same delegated token
295
00:11:49,200 –> 00:11:51,040
and refuses to move held items.
296
00:11:51,040 –> 00:11:53,920
It logs the refusal, least privilege meets least surprise.
297
00:11:53,920 –> 00:11:56,480
But won’t delegated tokens limit automation?
298
00:11:56,480 –> 00:11:59,120
Only if your plan was to ignore access boundaries.
299
00:11:59,120 –> 00:12:03,680
Batch moves still work because the function processes item lists the user selected.
300
00:12:03,680 –> 00:12:07,360
Service scale happens in the cloud layer parallel copy operations with back off
301
00:12:07,360 –> 00:12:09,760
while the permission boundary stays human sized.
302
00:12:09,760 –> 00:12:11,440
And yes, admins retain control.
303
00:12:11,440 –> 00:12:14,480
If a scope misbehaves, they revoke it in the admin center.
304
00:12:14,480 –> 00:12:16,160
If a site should never be touched,
305
00:12:16,160 –> 00:12:18,400
its permissions block the move by design.
306
00:12:18,400 –> 00:12:21,920
Everything clicked when I realized the OBO model isn’t a concession.
307
00:12:21,920 –> 00:12:23,440
It’s the enabler.
308
00:12:23,440 –> 00:12:25,280
It gets your approved, keeps you compliant
309
00:12:25,280 –> 00:12:27,840
and gives you clean forensics when something needs to be put back.
310
00:12:27,840 –> 00:12:30,800
You’re not asking for trust, you’re proving restrained.
311
00:12:30,800 –> 00:12:34,560
And that astonishingly is what gets security to say yes without a committee.
312
00:12:34,560 –> 00:12:40,080
The playbook, identify, offload, restore, without breaking work.
313
00:12:40,080 –> 00:12:43,280
Okay, so basically you need three gears that mesh cleanly.
314
00:12:43,280 –> 00:12:46,000
Identify candidates with rules,
315
00:12:46,000 –> 00:12:49,360
users respect, offload with verification and receipts,
316
00:12:49,360 –> 00:12:51,840
and restore so effortlessly that nobody panics.
317
00:12:51,840 –> 00:12:55,280
Do this and the warehouse becomes normal, not scary.
318
00:12:55,280 –> 00:12:59,600
Identification first, stop guessing, score, use rules that expose intent,
319
00:12:59,600 –> 00:13:01,760
not just size, duplicates.
320
00:13:01,760 –> 00:13:04,480
Compute a content hash on the latest version per file
321
00:13:04,480 –> 00:13:08,560
and flag siblings across folders or sites with matching hashes in similar titles.
322
00:13:08,560 –> 00:13:10,160
Your final V2 clones.
323
00:13:10,160 –> 00:13:13,840
Obsolid drafts, files with no edits in 120 plus days,
324
00:13:13,840 –> 00:13:16,480
older than the canonical sibling by created date
325
00:13:16,480 –> 00:13:18,480
and never referenced in links or news.
326
00:13:18,480 –> 00:13:22,560
Often archive folders, anything named archive old,
327
00:13:22,560 –> 00:13:26,080
bark or this with last modified older than your policy threshold.
328
00:13:26,080 –> 00:13:30,640
At one human signal, owner confirmation required if the candidate was modified
329
00:13:30,640 –> 00:13:34,320
in the last 45 days, fear fades when people feel consulted.
330
00:13:34,320 –> 00:13:36,720
Scoring candidates keeps politics calm.
331
00:13:36,720 –> 00:13:38,160
Start with attributes.
332
00:13:38,160 –> 00:13:41,360
Version age, older versions beyond your automatic window,
333
00:13:41,360 –> 00:13:44,880
last access, nobody opened it in 90, 1080 days,
334
00:13:44,880 –> 00:13:48,000
edit frequency, bursts of edits followed by silence,
335
00:13:48,000 –> 00:13:51,280
and duplication weight, hash match and title similarity.
336
00:13:51,280 –> 00:13:55,040
Assign points, set a threshold, and mark items recommended versus
337
00:13:55,040 –> 00:13:56,400
requires owner okay.
338
00:13:56,400 –> 00:13:59,200
Nobody argues with a meter.
339
00:13:59,200 –> 00:14:00,560
Now the offload policy.
340
00:14:00,560 –> 00:14:02,480
In modern libraries, user select items,
341
00:14:02,480 –> 00:14:05,920
hit the SPFX move to blob and your Azure function takes over.
342
00:14:05,920 –> 00:14:07,600
Move semantics are not hope.
343
00:14:07,600 –> 00:14:09,040
There are four step ritual.
344
00:14:09,040 –> 00:14:13,200
Copy to blob, verify hash, log to table, then delete the source.
345
00:14:13,200 –> 00:14:16,080
If any step fails, you abort and leave the file in place.
346
00:14:16,080 –> 00:14:19,200
After a successful delete, SharePoints Recycle Ben Safety Window
347
00:14:19,200 –> 00:14:21,280
gives you a grace period for oops moments.
348
00:14:21,280 –> 00:14:24,240
That’s your parachute, not your plan, make it fast and quiet.
349
00:14:24,240 –> 00:14:28,480
Bad references from the client, the function fans out up to your safe parallel limit,
350
00:14:28,480 –> 00:14:31,360
respects throttling and retreats, identitently.
351
00:14:31,360 –> 00:14:33,360
Large files write server to server paths,
352
00:14:33,360 –> 00:14:37,600
your user’s laptop never sees payload for access tiers default to hot for 60 days.
353
00:14:37,600 –> 00:14:39,840
If nobody restores, auto tier to cool.
354
00:14:39,840 –> 00:14:42,560
Archive only after legal blesses the deep freeze.
355
00:14:42,560 –> 00:14:46,400
And yes, write the receipt every time original URL drive item ID,
356
00:14:46,400 –> 00:14:50,720
ETUG, hash, size, initiator, timestamps, blob, UI and current tier.
357
00:14:50,720 –> 00:14:53,200
Receipts prevent arguments.
358
00:14:53,200 –> 00:14:54,320
Exceptions matter.
359
00:14:54,320 –> 00:14:57,200
If an item sits on a retention policy or e-discovery hold,
360
00:14:57,200 –> 00:14:58,640
the function refuses to move it.
361
00:14:58,640 –> 00:14:59,440
Full stop.
362
00:14:59,440 –> 00:15:02,080
It writes a refused due to hold ledger entry,
363
00:15:02,080 –> 00:15:04,240
so auditors cannot solemnly.
364
00:15:04,240 –> 00:15:06,640
If a library participates in a record center pattern
365
00:15:06,640 –> 00:15:10,480
or has a sensitivity label that forbids relocation and force that in code,
366
00:15:10,480 –> 00:15:13,040
the average user shouldn’t be able to outclick compliance.
367
00:15:13,040 –> 00:15:14,000
This is not optional.
368
00:15:14,000 –> 00:15:17,520
It’s the price of approval. Restore semantics are your trust engine.
369
00:15:17,520 –> 00:15:21,680
One click in your web part or a command on the item card triggers a symmetrical process.
370
00:15:21,680 –> 00:15:24,480
Fetch from blob, validate hash,
371
00:15:24,480 –> 00:15:29,280
recreate in SharePoint with original metadata, name, content type,
372
00:15:29,280 –> 00:15:33,760
created modified stamps where supported, author editor when permissible,
373
00:15:33,760 –> 00:15:36,400
and reapply permissions mapped from the ledger.
374
00:15:36,400 –> 00:15:38,880
Write a restore row with who, when and where.
375
00:15:38,880 –> 00:15:41,440
If a file already exists at that path, you choose.
376
00:15:41,440 –> 00:15:44,960
Suffix the name with a timestamp or require an override confirmation.
377
00:15:44,960 –> 00:15:46,480
Predictability beats cleverness.
378
00:15:46,480 –> 00:15:49,360
Owner experience is where this lives or dies.
379
00:15:49,360 –> 00:15:51,200
They need a dry run report first.
380
00:15:51,200 –> 00:15:55,280
Read only, no changes, that lists candidates by score with reasons.
381
00:15:55,280 –> 00:15:59,120
Hashtublikets final V2, no opens in 180 days,
382
00:15:59,120 –> 00:16:01,280
older than canonical by nine months.
383
00:16:01,280 –> 00:16:03,680
Provide a one click approved deny per batch.
384
00:16:03,680 –> 00:16:06,080
Show the restore SLA prominently.
385
00:16:06,080 –> 00:16:08,480
Self-service restore in under one minute.
386
00:16:08,480 –> 00:16:11,360
People tolerate quarantine when reversal is obvious.
387
00:16:11,360 –> 00:16:13,120
Governance wants transparency.
388
00:16:13,120 –> 00:16:14,720
Send weekly summaries.
389
00:16:14,720 –> 00:16:15,680
Items moved.
390
00:16:15,680 –> 00:16:16,880
Items refused.
391
00:16:16,880 –> 00:16:19,360
Top libraries by offload volume restores requested,
392
00:16:19,360 –> 00:16:21,760
average restore time and tier transitions.
393
00:16:21,760 –> 00:16:26,240
If restores spike in a library, your identification threshold is too aggressive.
394
00:16:26,240 –> 00:16:27,040
Dial it back.
395
00:16:27,040 –> 00:16:28,400
This isn’t a morality play.
396
00:16:28,400 –> 00:16:29,520
It’s a feedback loop.
397
00:16:29,520 –> 00:16:30,160
Tune it.
398
00:16:30,160 –> 00:16:31,920
One micro story to make it stick.
399
00:16:31,920 –> 00:16:35,200
We ran this pattern on a project library drowning in finals.
400
00:16:35,200 –> 00:16:38,240
After the first pass, search precision jumped.
401
00:16:38,240 –> 00:16:40,000
Not because we got better at search,
402
00:16:40,000 –> 00:16:43,440
but because we removed four local likes that rhymed with the query.
403
00:16:43,440 –> 00:16:46,320
The canonical dog floated to the top like it always should have.
404
00:16:46,320 –> 00:16:48,320
Copilot stopped citing a quarter-all draft.
405
00:16:48,320 –> 00:16:50,000
Everyone claimed we made search smarter.
406
00:16:50,000 –> 00:16:50,640
We didn’t.
407
00:16:50,640 –> 00:16:52,160
We made the haystack smaller.
408
00:16:52,160 –> 00:16:54,160
So the playbook is simple and strict.
409
00:16:54,160 –> 00:16:55,280
Detect with signals.
410
00:16:55,280 –> 00:16:56,160
Move with receipts.
411
00:16:56,160 –> 00:16:57,280
Restore without drama.
412
00:16:57,280 –> 00:16:59,200
Quarantine isn’t deletion.
413
00:16:59,200 –> 00:17:00,240
It’s discipline.
414
00:17:00,240 –> 00:17:02,400
And discipline is what makes downtown livable again.
415
00:17:02,400 –> 00:17:04,080
The payoff.
416
00:17:04,080 –> 00:17:05,200
Search precision.
417
00:17:05,200 –> 00:17:06,480
Copilot quality.
418
00:17:06,480 –> 00:17:07,920
Compliance confidence.
419
00:17:07,920 –> 00:17:09,440
Here’s what most people miss.
420
00:17:09,440 –> 00:17:10,720
Cleaning isn’t cosmetic.
421
00:17:10,720 –> 00:17:12,000
It rewires signals.
422
00:17:12,000 –> 00:17:13,760
Remove local likes and your ranking features.
423
00:17:13,760 –> 00:17:15,120
Stop arguing with themselves.
424
00:17:15,120 –> 00:17:19,600
Title, body, clicks, backlinks, all consolidate on the canonical dog.
425
00:17:19,600 –> 00:17:22,800
Instead of being smeared across five cousins with final in their names.
426
00:17:22,800 –> 00:17:25,040
Precision goes up, noise goes down.
427
00:17:25,040 –> 00:17:26,640
Users stop scrolling with a sigh.
428
00:17:26,640 –> 00:17:28,080
Copilot writes the same index.
429
00:17:28,080 –> 00:17:30,720
So its IQ shockingly tracks your housekeeping.
430
00:17:30,720 –> 00:17:33,680
Give it a smaller cleaner corpus and it stops quoting a quarter-all draft
431
00:17:33,680 –> 00:17:35,120
that happened to rhyme with your prompt.
432
00:17:35,120 –> 00:17:35,920
The truth?
433
00:17:35,920 –> 00:17:37,280
You didn’t fix AI.
434
00:17:37,280 –> 00:17:38,480
You trimmed the haystack.
435
00:17:38,480 –> 00:17:41,280
The model finds the needle because you stopped feeding a tinsel.
436
00:17:41,280 –> 00:17:43,280
Compliance gets the adult treatment.
437
00:17:43,280 –> 00:17:44,960
Chain of custody isn’t a slogan.
438
00:17:44,960 –> 00:17:46,320
It’s a row in your ledger.
439
00:17:46,320 –> 00:17:47,360
Who moved what?
440
00:17:47,360 –> 00:17:47,760
When?
441
00:17:47,760 –> 00:17:48,320
From where?
442
00:17:48,320 –> 00:17:48,960
With which hash?
443
00:17:48,960 –> 00:17:49,600
To which tier?
444
00:17:49,600 –> 00:17:50,880
You can answer quickly.
445
00:17:50,880 –> 00:17:52,560
Which artifact did we rely on?
446
00:17:52,560 –> 00:17:53,760
And where did the others go?
447
00:17:53,760 –> 00:17:55,280
Retention and holds remain sacred
448
00:17:55,280 –> 00:17:57,120
because you never move held content.
449
00:17:57,120 –> 00:17:58,480
That’s defensibility.
450
00:17:58,480 –> 00:17:59,520
Legal doesn’t want heroics.
451
00:17:59,520 –> 00:18:01,040
They want receipts.
452
00:18:01,040 –> 00:18:02,880
Cost is the cameo, not the star.
453
00:18:02,880 –> 00:18:04,320
But the math is brutal.
454
00:18:04,320 –> 00:18:06,800
SharePoint extra storage is priced like airport water.
455
00:18:06,800 –> 00:18:08,000
Blobhott is wholesale.
456
00:18:08,000 –> 00:18:11,200
Cool and archive are bulk bins for infrequent restores.
457
00:18:11,200 –> 00:18:13,840
Egress is background noise compared to paying premium rent
458
00:18:13,840 –> 00:18:15,600
for content you don’t actively use.
459
00:18:15,600 –> 00:18:17,200
And because you tier by reality,
460
00:18:17,200 –> 00:18:19,440
hot for short grays, cool for the long tail,
461
00:18:19,440 –> 00:18:20,960
archive for deep cold,
462
00:18:20,960 –> 00:18:23,200
you pay for behavior, not superstition.
463
00:18:23,200 –> 00:18:25,600
KPI time because feelings are not metrics.
464
00:18:25,600 –> 00:18:29,200
Duplicate ratio falls as hash-matched siblings leave downtown.
465
00:18:29,200 –> 00:18:31,600
Version storage shrinks because you’re no longer hoarding clones
466
00:18:31,600 –> 00:18:32,960
on top of version history.
467
00:18:32,960 –> 00:18:35,200
Search click through on position one rises
468
00:18:35,200 –> 00:18:37,840
when the top result is actually the source of truth.
469
00:18:37,840 –> 00:18:39,440
Copilot answer consistency improves
470
00:18:39,440 –> 00:18:42,000
because fewer divergent drafts compete for context.
471
00:18:42,000 –> 00:18:43,600
Restore SLA stays sub-minute,
472
00:18:43,600 –> 00:18:45,360
which is exactly how you keep users calm.
473
00:18:45,360 –> 00:18:48,160
If restored spike, your scoring is too aggressive.
474
00:18:48,160 –> 00:18:50,000
Adjust thresholds, rerun the dry run,
475
00:18:50,000 –> 00:18:51,040
and try again.
476
00:18:51,040 –> 00:18:52,320
Feedback not faith.
477
00:18:52,320 –> 00:18:54,640
And yes, performance in practice mirrors the design.
478
00:18:54,640 –> 00:18:56,480
Server to server copy is steady.
479
00:18:56,480 –> 00:18:59,200
Parallelism keeps throughput high without melting throttles.
480
00:18:59,200 –> 00:19:00,560
The browser stays light.
481
00:19:00,560 –> 00:19:02,240
Your logs show exactly where time goes.
482
00:19:02,240 –> 00:19:04,320
In other words, the payoff is not theoretical.
483
00:19:04,320 –> 00:19:06,000
It’s operational, measurable,
484
00:19:06,000 –> 00:19:08,560
and most importantly obvious to the average user
485
00:19:08,560 –> 00:19:10,160
who just wants the right file to win.
486
00:19:10,160 –> 00:19:13,760
Minimum viable rollout, pilot to policy.
487
00:19:13,760 –> 00:19:15,280
Start small, loudly.
488
00:19:15,280 –> 00:19:18,960
Pick one high noise library with leaders who actually answer emails.
489
00:19:18,960 –> 00:19:20,400
Define success upfront.
490
00:19:20,400 –> 00:19:21,920
Fewer duplicates in results,
491
00:19:21,920 –> 00:19:23,600
hire click through on the canonical,
492
00:19:23,600 –> 00:19:25,840
copilot answer citing the right doc,
493
00:19:25,840 –> 00:19:27,440
zero incidents with held content,
494
00:19:27,440 –> 00:19:28,800
and sub-minute restores.
495
00:19:28,800 –> 00:19:30,640
If you can’t measure it, you can’t claim it.
496
00:19:30,640 –> 00:19:31,680
Guard rails first.
497
00:19:31,680 –> 00:19:35,120
Run a read-only dry run that scores candidates and explains why.
498
00:19:35,120 –> 00:19:36,960
Hashtublicate’s final V2.
499
00:19:36,960 –> 00:19:39,120
No opens in 180 days.
500
00:19:39,120 –> 00:19:41,040
Older than canonical by nine months.
501
00:19:41,040 –> 00:19:44,560
Require owner approval for anything touched in the last 45 days.
502
00:19:44,560 –> 00:19:47,280
Block items under retention or hold in code.
503
00:19:47,280 –> 00:19:49,840
Don’t trust humans to remember policy under pressure.
504
00:19:49,840 –> 00:19:53,520
Defaults that don’t start fights offload to hot for 60 days,
505
00:19:53,520 –> 00:19:55,360
auto-tier to cool after that,
506
00:19:55,360 –> 00:19:58,640
and keep archive as a legal approved path for deep cold.
507
00:19:58,640 –> 00:20:01,360
Publish the restore SLA in 14.font,
508
00:20:01,360 –> 00:20:03,360
self-service restore in under one minute.
509
00:20:03,360 –> 00:20:04,880
This is quarantine, not deletion.
510
00:20:04,880 –> 00:20:06,560
Say it again for the average user.
511
00:20:06,560 –> 00:20:08,240
Change management without theater.
512
00:20:08,240 –> 00:20:10,880
Announce the pilot, show the dry run report,
513
00:20:10,880 –> 00:20:13,280
and give owners a one-click approved deny per batch.
514
00:20:13,280 –> 00:20:15,840
Build a tiny web part that lists their offloaded items
515
00:20:15,840 –> 00:20:18,160
with restore buttons and reason codes.
516
00:20:18,160 –> 00:20:21,200
People relax when reversibility is one click away
517
00:20:21,200 –> 00:20:22,400
and receipts are visible.
518
00:20:22,400 –> 00:20:23,840
Automate the boring parts.
519
00:20:23,840 –> 00:20:25,520
Schedule scans weekly.
520
00:20:25,520 –> 00:20:28,160
Maintain exception lists for special libraries.
521
00:20:28,160 –> 00:20:30,320
Alert when restore requests spike
522
00:20:30,320 –> 00:20:33,200
or when a site’s duplicate ratio refuses to drop.
523
00:20:33,200 –> 00:20:36,000
Close the loop with a weekly summary to stay cold as,
524
00:20:36,000 –> 00:20:38,640
move count, refuse count, top offenders,
525
00:20:38,640 –> 00:20:40,800
average restore time and tier transitions.
526
00:20:40,800 –> 00:20:42,640
Green ticks make meetings shorter.
527
00:20:42,640 –> 00:20:44,000
Roll out with intent.
528
00:20:44,000 –> 00:20:45,520
After the pilot hits targets,
529
00:20:45,520 –> 00:20:47,760
promote the rule set to a policy template
530
00:20:47,760 –> 00:20:49,440
and apply it to the next two libraries
531
00:20:49,440 –> 00:20:50,960
with slightly different patterns,
532
00:20:50,960 –> 00:20:53,200
project sites and department archives.
533
00:20:53,200 –> 00:20:55,440
Itterate thresholds based on restore behavior.
534
00:20:55,440 –> 00:20:57,280
Only when three cohorts behave should you scale
535
00:20:57,280 –> 00:20:58,320
to a broader program.
536
00:20:58,320 –> 00:21:00,320
You’re proving restrained as much as results.
537
00:21:00,320 –> 00:21:02,240
Final step and shrine the OBIO model.
538
00:21:02,240 –> 00:21:04,480
Document the scopes, the consent process
539
00:21:04,480 –> 00:21:06,720
and the refusal paths for holes and labels.
540
00:21:06,720 –> 00:21:08,880
Put the no-god mode principle in writing.
541
00:21:08,880 –> 00:21:10,400
Security signs off ones.
542
00:21:10,400 –> 00:21:12,640
You avoid permissions cause play forever.
543
00:21:12,640 –> 00:21:14,800
Then and only then call it standard.
544
00:21:14,800 –> 00:21:18,240
Your docs need a diet, not a dumpster.
545
00:21:18,240 –> 00:21:19,360
Key takeaway.
546
00:21:19,360 –> 00:21:21,520
Cleaner SharePoint isn’t cosmetic.
547
00:21:21,520 –> 00:21:23,360
It upgrades search precision,
548
00:21:23,360 –> 00:21:24,560
steady scope pilot,
549
00:21:24,560 –> 00:21:26,720
and gives compliance receipts instead of excuses.
550
00:21:26,720 –> 00:21:30,240
If you want the exact SPFX+ azure function
551
00:21:30,240 –> 00:21:31,760
plus block plus table scaffolding
552
00:21:31,760 –> 00:21:33,680
and the delegated OBIO configuration,
553
00:21:33,680 –> 00:21:35,520
subscribe and catch the deep dive.
554
00:21:35,520 –> 00:21:38,720
We’ll ship the starter kit, rules and policy templates.
555
00:21:38,720 –> 00:21:39,920
Do the efficient thing now,
556
00:21:39,920 –> 00:21:42,400
subscribe, enable alerts and stop hoarding.
