Blogs about: Microsoft Teams, backgrounds, Intune, OneDrive, Exchange, Azure AD, Windows 10, Security, Tenant, Exchange, best-practice, tips and & tricks

Governance for SharePoint Online

This page has been automatically translated with machine translation.

As with OneDrive for business , it is recommended that you SharePoint properly set up. This is to ensure stability, but also consistency and security. SharePoint Online often contains organizational data, which is why a good setup / governance is important.

Sharepoint Online is the core of information and files in Office 365. This is seamlessly connected to Teams, OneDrive, Delve.

What is Governance?

Governance Brings people, processes, technologies & policies together.

People Processes
technologies rules / Policy

Why Governance for SharePoint

To properly set up the 13 pillars below, it is necessary that proposed framework will be described around these themes. Rest assured, you really don't need to have them all ready.

Accountability Example: Who gets to upload documents? Who has the responsibility to keep content up to date?
Quality Make content of appropriate quality. Keep updating static pages to make sure everyone always gets the latest updates. SharePoint version control -> final documents. no duplicate documents.
Safety Rights and structure is important. Who has access to what data? Who is allowed to update data? Group management, Active-directory groups, etc..
Restrictions Inheritance in sites. The agreement to allow it or not.
Searchability Is all content searchable by everyone? Information-architecture or the information architecture helps make sure you can get this right.
Suitable content What is appropriate content for SharePoint. SharePoint is often an ultimate environment for documents and data. So not everything belongs around this environment. By defining policies and a framework, you can ensure that users respect the rules and will not upload useless information or inappropriate documents. Example: personal data, customer data.
Creation of sites When do we create a new site. Who gets to create it. How does one create a new site.
LifeCycle ManagementContent goes through 3 phases: initial phase -> Creation -> Lifetime so final documents.
Group Management What groups will you use to map users and groups. Dynamic groups, Azure AD groups, on-premises Active-directory groups?
Storage Size of sites & proposed framework around quota. LifeCycle / Archiving of data. Who is responsible. What tools will you use to extract data from SharePoint to preserve it for long term.
Compliance Records management or compliance is the most important setup in SharePoint. Legislation has much impact on this setup. Retention. Rention & Data Loss Prevention. Example: 7 year retention of data.
Training Provide training so that everyone in your organization understands how they can or should work with SharePoint . a user-friendly end-user one-pager, for example?

How to start SharePoint Governance ?

Start small. Start small,.

  • Avoid regulating everything. Govern everything is not possible.
  • Don't think the plan will come naturally. Put time and energy into clear understandable documentation.
  • Don't make policies of things you can't enforce. Don't mix the human aspect with the policy/policy. Otherwise, you will stand still.
  • Grow systematically toward a better version of the governance model.
  • Policies carry the current culture of the organization. if there is now a lot of chaos and no rules. Then it is strange that you will institute many rules in your SharePoint organization. Your organization is not ready to handle this maturity. (Culture, people,....)
  • Create a governance board. To add rules in subsequent versions. Don't put everything on the board. (Governance board has nothing to do with SharePoint Governance but can be a helpful way to grab questions from all over and give heard with timing & budget)
  • Help people offer basic solutions/training so they become pro-SharePoint .
  • DOING. Most important point. You can spend hours days dreaming and/or talking about Governance. Put it on paper. Because without getting it clearly down on paper, you haven't figured out for yourself how you will do it. DO how you think you will do it.

What not to do

Some tips from practice.

  • Don't just involve IT. Bring your entire organizational representatives to the table. HR, IT, Management, department heads.
  • Allign governance plans with your organization's major groups. Not with everyone.
  • A governance board creates a frame. But does not resolve the content. Don't think that if the point is on the board that it will happen by itself.
  • Don't abort shadow-it, third-party or file server use if there is no alternative. People need tools. If SharePoint can't help them the problem is not in the fileserver or SharePoint.
  • Make time. Not hours, but days. lots of days. If you don't make time to write out a clear policy. Then you don't have a solid policy. That can also be a choice. then express it very clearly.
  • Don't expect everyone to understand the need. Don't try to convince everyone in words. DO!

Key features of SharePoint

SharePoint SynchronizationConnectivity with mobile devices
Web browser support Office Client connection
Team SitesSharePoint look and feel
Modern attachmentsStandard Web-parts
Real-time collaborationDocuments drag and drop in SPO
SharePoint file restoreTrash
Data loss prevention (DLP)Web Analytics
ThemesRights Management
Site template / provisioningMy duties
eDiscoveryProject summary
Auditing & reportingEncryption of data / AIP
Encryption keys (proprietary)Customer Lockbox
SharePoint Hybrid

SharePoint basic furnishing

The following built-in options can bring a framework of the menu you can choose from. Don't stare blindly at turning everything on or off. Default = good. Adjust the technology based on your needs.

External sharing

  • Users can share with Anyone in the default settings. Inside but also outside the organization.
  • I believe in using the defaults but using Information Protection to label and classify the effective information. Why? Because you don't want users to have to distinguish between sensitive data or not.
  • Allow or block sharing with individuals in specific domains. This gives you room to block domains or partners you want to collaborate with, or don't want to collaborate with.
  • External users must accept sharing invitations with the account on which the invite was received. If you really want to be 100% sure that the recipient is the account on which the invite was received. Check this box!
  • Allowing remote users to further share your files or folders is on by default. It might be better to just turn this off. (OneDrive feature)
  • Don't allow sharing outside your organization? You can do this if it really needs to be completely locked down.
  • Allow sharing only with the external users who already appear in your organization's address list . Handy because then you can write a policy on how new guests will get permission to access your data.
  • Allow users to invite verified external users and share items with them.
  • Allow sharing with authenticated external users and use of links for anonymous access.
External sharing slides onedrive sharepoint setup

Who can share with users outside your organization?

  • Allow only users in selected security groups to share with authenticated remote users
  • Allow only users in selected security groups to share with authenticated external users and use anonymous links

Standard clutch type

  • Direct - specific persons
  • Internal - only individuals in the organization
  • Anonymous access - anyone with the link
External Sharing SharePoint Governance
SharePoint Management Center
  • In addition to the SharePoint configuration, you can also customize the OneDrive sharing capability.
  • It's pretty logical that you will keep the 2 platforms short together. That's why Microsoft also put the 2 platforms together in the console.
  • You can do this through OneDrive's Admin Console.
Syncing OneDrive

Access Management

For unmanaged devices

  • Full access - best practice - by default. But not the most secure solution.
  • Allow limited web access.
  • Block access. When you want to allow only trusted devices.
Unmanaged devices

Logging out non-active session

  • Automatically unsubscribe inactive users.
Access Management SharePoint

Network location

  • Only allow access from certain IP address ranges. You can activate this when you know all IPs and no one from home should be able to access the SharePoint environment.
Network location governance SharePoint
  • Apps that do not use modern authentication
  • Device restrictions cannot be enforced with some third-party apps and previous versions of Office. Use this setting to block all access from these apps.
Access Management SharePoint

Device Access

  • Allow access only from certain IP address locations.
  • Mobile Application management.

You can start with the MAM (Mobile Application Management) approach by configuring your OneDrive/SharePoint specifically. However, we recommend bringing this into a broader framework and for all Microsoft 365 Apps.

Also: Outlook, Word, Excel, PowerPoint, Teams,...

Mobile Application Management OneDrive

Site storage limits

  • Manually for each site.
  • Fully automatic is recommended.
Storage limit SharePoint

SharePoint Notifications

  • This is on by default.
Notifications SharePoint

Creating Sites

  • Allow users to create sites from the SharePoint home page and from OneDrive. This is on by default.
Creating Sites SharePoint

Management Center

  • If you still want to make technical adjustments in the 'former' SharePoint for the Modern UI , it is best to switch back to the classic SharePoint management center
Standard Management Center SharePoint

More features

SharePoint more functions
  • Term Archive: Create and manage term sets to help users enter data consistently.
  • User Profiles: Add and remove administrators for a user's OneDrive, disable OneDrive creation for some users and more.
  • Search: Helping users find what they are looking for. Learn more
  • Apps: Configure settings for the SharePoint store, monitor app usage, manage app licenses, and more.
  • BCS: Manage connections to data sources such as Azure SQL databases or WCF Web services.
  • Secure store: You can create and set the credentials for target applications used for BCS connections.
  • Record management: Manage records on a record center site that acts as an archive.
  • InfoPath: Enable browser-based InfoPath forms.
  • Hybrid dialer: Use this wizard to automate some of the steps for setting up a hybrid environment.
  • Page for classic site collection: display the list of classic site collections in alphabetical order by URL.

How can you make your SharePoint design succeed?

  • Users in your organization often don't understand when drastic changes happen on the SharePoint environment. Try to communicate well internally in the organization. But also with external parties using your SharePoint environment.
  • If you would choose not to share with outsiders communicate the new standard within the organization. And check how many links are currently open to the outside via Cloud App Security. Or through the Security-center or third-party tooling.
  • Think carefully about the impact on your environment when parts or other hugely used features will be disabled.
  • It is better not to limit too many technical possibilities around document collaboration. Users will otherwise start processing organizational data outside your SharePoint environment and you really don't want that.
  • Writing out written policies, agreement frameworks, presentations, governance document(s) takes a lot of time and takes a lot of energy. Don't go into meetings to talk before you have thought about it yourself. Write out 10 concrete proposals. on the 4 pillars: People - processes - technologies - rules. Present the proposals, knock off, communicate and set up. Ask for feedback.

About the author

Tagged: , , , , , , , , , Microsoft , , , , , , , ,
0 0 vote
Article review
Please let us know if there are

Inline feedbacks
See all comments
Would love to know your thoughts, please leave a comment.x