Governance for SharePoint Online

Governance for SharePoint Online

This page has been automatically translated by machine translation.

Just as with OneDrive for Business , it is recommended that you SharePoint properly configured. This is to ensure stability, but also consistency and security. SharePoint Online often contains organisational data, which is why a good setup / governance is important.

Sharepoint Online is the core of information and files in Office 365. This is seamlessly connected with Teams, OneDrive, Delve.

What is Governance?

Governance brings people, processes, technologies & policies together.

People Processes
technologies rules/ Policy

Why Governance for SharePoint

In order to properly set up the 13 pillars below, it is necessary to describe proposed frameworkaround these themes. Rest assured, you don't need to have them all ready.

Accountability Example: Who is allowed to upload documents? Who has the responsibility to keep the content up to date?
Quality Make the content of the right quality. Keep updating static pages to ensure that everyone always gets the latest updates. SharePoint version control -> final documents. no duplicate documents.
Safety Rights and structure are important. Who has access to what data? Who is allowed to update data? Group-management, Active-directory groups etc..
Restrictions Inheritance in sites. The agreement to allow it or not.
Searchability Is all content searchable for everyone? Information-architecture helps to ensure that you can organise this properly.
Suitable content What is suitable content for SharePoint. SharePoint is often an ultimate environment for documents and data. Not everything belongs in this environment. By defining policies and a framework, you can ensure that users respect the rules and will not upload useless information or inappropriate documents. Example: personal data, customer data...
Creation of sites When will we make a new site? Who can create it. How to make a new site.
LifeCycle ManagementContent goes through 3 phases: Initial phase -> Creation -> Lifetime so final documents.
Group management Which groups will you use to map users and groups. Dynamic groups, Azure AD groups, on-premises Active-directory groups?
Storage Size of sites & proposed frameworkaround quotas. LifeCycle / Archiving of data. Who is responsible. Which tools will you use to extract data from SharePoint for long-term archiving.
Compliance Records management or compliance is the most important arrangement in SharePoint. Legislation has a great impact on these arrangements. Retention. Rention & Data Loss Prevention. Example: 7 years data retention.
Training Provide training so that everyone in your organisation understands how they can or should work with SharePoint . A user-friendly end-user one-pager, for example?

How to start SharePoint Governance ?

Start small. Start small...

  • Avoid regulating everything. Govern everything is not possible.
  • Don't think that the plan will come naturally. Put time and energy into clearly understandable documentation.
  • Do not make policies of things you cannot enforce. Do not mix the human aspect with the policy/policy. Otherwise you will stand still.
  • Grow systematically towards a better version of the governance model.
  • Policies carry the current culture of the organisation. if there is a lot of chaos and no rules. Then it is strange that you will have a lot of rules in your SharePoint organisation. Your organisation is not ready to handle this maturity. (Culture, people,....)
  • Create a governance board. To add rulesin the next versions. Do not put everything on the agenda. (Governance board has nothing to do with SharePoint Governance but can be a helpful way to take questions from all over the place and give them a hearing with timing & budget)
  • Help people to offer basic solutions / training so that they become pro-SharePoint .
  • DO. The most important point. You can dream and/or talk for hours about Governance. Put it on paper. Because without putting it clearly down on paper, you haven't decided how you're going to do it. What you have decided is how you think you will do it.

What not to do

Some tips from practice.

  • Don't just involve IT. Bring your entire organisation's representatives to the table. HR, IT, Management, department heads.
  • Allign governance plans with the major groups of your organisation. Not with everyone.
  • A governance board makes a frame. But it does not solve the content. Don't think that if the point is on the board that it will happen by itself.
  • Don't cut off shadow-it, third-party or file server use if there is no alternative. People need tools. If SharePoint cannot help them, the problem is not in the file server or SharePoint.
  • Make time. Not hours, but days. Many days. If you don't make time to write a clear policy. Then you don't have a solid policy. That can also be a choice. speak out very clearly.
  • Do not expect everyone to understand the need. Do not try to convince everyone in words. DO IT!

Key features of SharePoint

SharePoint SynchronisationConnectivity with mobile devices
Web browser support Office Client connection
Team SitesSharePoint look & feel
Modern attachmentsStandard web parts
Real-time cooperationDocument drag & drop in SPO
SharePoint file restoreRecycle bin
Data loss prevention (DLP)Web Analytics
ThemesRights management
Site template / provisioningMy tasks
eDiscoveryProject summary
Auditing & reportingEncryption of data / AIP
Encryption keys (proprietary)Customer Lockbox
SharePoint Hybrid

SharePoint basic design

The following built-in options can bring a framework of the menu you can choose from. Don't be blinded by the need to turn everything on or off. Standard = good. Adjust the technology according to your needs.

External sharing

  • Users can share with Anyone in the default settings. Inside but also outside the organisation.
  • I believe that the defaults should be used, but that the effective information should be labelled and classified using Information Protection. Why? Because you don't want users to have to distinguish between sensitive data or not.
  • Allow or block sharing with people in specific domains. This gives you the scope to block domains or partners with whom you want to collaborate, or do not want to collaborate.
  • External users must accept sharing invitations with the account that received the invitation. If you want to be 100% sure that the recipient is the account that received the invite. Check this box!
  • Allowing external users to further share your files or folders is on by default. It might be better to just turn this off. (OneDrive feature)
  • Don't allow sharing outside your organisation? This is what you can do if you really need to seal the deal.
  • Allow sharing only with the external users already present in your organisation's address list . Useful, because then you can write a policy on how new guests will be allowed to access your data.
  • Allow users to invite verified external users and share items with them.
  • Allowsharing with authenticated external users and use of links for anonymous access.
External sharing slides onedrive sharepoint setup

Who can share with users outside your organisation?

  • Allow only users in selected security groups to share with authenticated external users
  • Allow only users in selected security groups to share with authenticated external users and use anonymous links

Standard clutch type

  • Direct - specific persons
  • Internal - only persons in the organisation
  • Anonymous access - anyone with the link
External Sharing SharePoint Governance
SharePoint Management centre
  • Besides the SharePoint configuration you can also adjust the OneDrive sharing option.
  • It is quite logical that you will keep the 2 platforms close together. That's why Microsoft has also combined the 2 platforms in the console.
  • This can be done via the Admin Console of OneDrive.
OneDrive Sync

Access control

For unmanaged devices

  • Full access - best practice - by default. But not the most secure solution.
  • Allow limited web access.
  • Block access. If you only want to allow trusted devices.
Unmanaged devices

Quitting an inactive session

  • Automatically log off inactive users.
Access control SharePoint

Network location

  • Only allow access from certain IP address ranges. You can activate this if you know all IPs and nobody from home should be able to access the SharePoint environment.
Network location governance SharePoint
  • Apps that do not use modern authentication
  • Some third-party apps and previous versions of Office cannot enforce device restrictions. Use this setting to block all access from these apps.
Access control SharePoint

Device access

  • Allow access only from certain IP address locations.
  • Mobile Application Management.

You can start with the approach of MAM (Mobile Application Management) by configuring your OneDrive/SharePoint specifically. However, we recommend doing this in a broader context and for all Microsoft 365 Apps.

Also: Outlook, Word, Excel, PowerPoint, Teams,...

Mobile Application Management OneDrive

Storage limits for the site

  • Manually for each site.
  • Fully automatic is recommended.
Storage limit SharePoint

SharePoint Notifications

  • This is on by default.
Notifications SharePoint

Creating sites

  • Allow users to create sites from the SharePoint home page and from OneDrive. This is turned on by default.
Create sites SharePoint

Management centre

  • If you want to make any technical adjustments to the 'earlier' SharePoint for the Modern UI it is best to switch back to the classic SharePoint management centre
Standard Control Centre SharePoint

More functions

SharePoint more functions
  • Term Archive: Create and manage term sets to help users enter data consistently.
  • User profiles: Add and remove administrators for a user's OneDrive, disable the creation of OneDrive for some users and more.
  • Searching: Helping users find what they are looking for. Learn more
  • Apps: Configure settings for the SharePoint shop, monitor app usage, manage app licenses, and more.
  • BCS: Manage connections to data sources such as Azure SQL databases or WCF web services.
  • Secure store: You can create and set the credentials for target applications used for BCS connections.
  • Record management: Manage records on a record centre site that acts as an archive.
  • InfoPath: Enable browser-based InfoPath forms.
  • Hybrid selector: Use this wizard to automate some of the steps for setting up a hybrid environment.
  • Page for classic site collection: Display the list of classic site collections in alphabetical order by URL.

How can you make your SharePoint a success?

  • Users in your organisation often do not understand when drastic changes happen on the SharePoint environment. Try to communicate well internally in the organisation. But also with external parties who use your SharePoint environment.
  • If you choose not to share with outsiders , communicate the new standard within the organisation. And check how many links are currently open to the outside via Cloud App Security. Or via the Security centre or third-party tooling.
  • Think aboutthe impact on your environment when parts or other heavily used features are turned off.
  • It is better not to limit the technical possibilities of document collaboration too much . Otherwise users will start to process the organisation's data outside your SharePoint environment, and you really don't want that.
  • Writing policies, agreement frameworks, presentations, governance document(s) takes a lot of time and consumes a lot of energy. Do not go into a meeting to talk before you have thought about it yourself. Write out 10 concrete proposals. on the 4 pillars: People - processes - technologies - rules. Present the proposals, knock them down, communicate and set them up. Ask for feedback.
Jasper

Jasper

Welcome to 365tips.be. On this website you can read articles and experiences about Office 365 with focus on Microsoft Teams. Feel free to ask me a question and I will answer it in a blog post. Help others by giving feedback at the bottom of the articles. This blog is made in Dutch. The multilingual website is offered with best-effort machine translation.
0 0 votes
Product review
Subscribe
Please let us know if there are
guest
0 Reactions
Inline feedbacks
See all comments
0
Would love to know your thoughts, please leave a comment.x