welcome to XRM blog

Keep in touch with latest CRM/ERP articles

To remain competitive your organisation must be efficient across the business process spectrum. To do so you need to take sound decisions based on a balance between the cost and risk. To do so you will be heavily dependent on your content management in itself needs...

image
Blog

SharePoint Security - Part 1.

By Shreshth Gupta on 3/16/2021

Introduction

The advanced digital era that we have entered in is full of possibilities and ideas, the ideas that seemed impossible in the past have already implemented or are in making. With each passing year of these technical advancement the world has became more connected with help of various technologies, let it be the invention of telegraph or the internet. This connectivity has given us a chance to stay up to date with all the ideas and change happening all around us and allows us to share the ideas we have that can shape the future. This sharing of ideas and staying up to date id s all done in form of exchange of data.

Today one of the most precious things in this world is data, which can be used to shape the future. But as we know that there are malicious elements around us that are always on the move to get their reach to this data and use it for their own profit. To keep our precious data out the hands if such elements we need to implement higher level of security in everything.

SharePoint online is one such platform which can be used to keep, enhance and refine our data with people around the world. Other than being helpful in just sharing our data, SharePoint online is also one of the most secure platforms where we can manage and keep our data safe as per our requirements and our needs.

 

SharePoint Security Features

Here are a few key features that SharePoint have to offer to us to use for making our data much secure and enhance our experience of using the SharePoint.

 

Tenant level security

The tenant in Office 365 directs toward the full Office 365 suite attached to any domain. When Office 365 is set up, it creates a tenant to store all the data for Office 365 including things like SharePoint, OneDrive, etc. This allows all the data related to your organization to sit in a single environment and can be moved around within the tenant with ease.

This is the reason that the tenant level security settings be the first place before we go deeper into SharePoint for applying security measures. There are a few tenant settings which we can simply investigate and configure that will allow us to improve the level of the access that the users have, or you want to provide. Sharing settings are very important and If left to default, they can lead to data breaches.

 

Sharing settings

To access the Sharing settings (tenant level), navigate to the SharePoint Admin center, under Policies, select Sharing.

There are four different levels Sharing available in the sharing settings.

-        Anyone

-        New and existing guests

-        Existing guests

-        Only people in your organization

By default, the Sharing settings are set to “Anyone” which allows users that belong to your organization and out of your organization to access the data without authentication. This should never be set for sharing settings as it makes your data vulnerable to attacks related to data theft.

To increase the security of your data from theft we can use the settings “Only people in your organization” this will allow users of your organization to access the data you have and no one else can get access to it even if they have a sharing link to your data.

 

SharePoint also offers a few more options to help securing data a bit more if required.

Limit external sharing by domain: With this you can Allow or Block specific domains. A common scenario would be collaborating with specific customers or partners. This setting is available at the tenant level, as well as at the site level.

Allow only users in specific Security Groups to share externally: If selected, members of the security group(s) will be the only ones capable of sharing externally.

Guests must sign in using the same account to which sharing invitations are sent: This adds an extra layer of security to make sure that the user accessing the file(s) is the one you expect to. Selecting this option is highly recommended when possible.

People who use a verification code must reauthenticate after this many days [number of days]: New method where guests will authenticate using a one-time passcode for the number of days you configured.

 

Site level security

Now as we have seen the tenant level security settings, we can now dive down a level deeper in the SharePoint environment and can configure the security at the site level. Here are a few key features that SharePoint have to offer to us at the site level to use for making our data much secure and enhance our experience of using the SharePoint.

 

SharePoint Groups

When we create a site in SharePoint it automatically creates few permissions group for us to use to manage the access to the site and its data. These Permissions groups have different level of permissions related to them, which can be utilized to limit the access to the site and limit the interaction of the users with the site and the data present in it.

The default SharePoint permissions group created by SharePoint are as follows:

-        Owners

-        Members

-        Visitors

Each of these group has a permission level assigned to it. We can utilize these groups and permissions according to our needs, but SharePoint also offers us the option to create our own permissions group and manipulate them according to our needs and requirements.

 

SharePoint Permissions levels

The SharePoint Permissions levels and SharePoint Permissions groups goes together hand in hand. We can create multiple permissions groups in SharePoint but if we are not able to manipulate the properties, i.e. the level of access provided by any group, it does not solves our issue of higher security.  So, to resolve this issue SharePoint allows us to create our own permissions level where we can set the level of access, we want the users to have and then associate those groups with the Permissions group of our choice and can take benefit of it to increase the security of our data within the SharePoint environment.

 

Useful unique Permissions levels

Other than just the default Read, edit, view, etc. there are some of the permissions levels that SharePoint have to offer that can be used to enhance or refine the security according to our needs. Some of those permissions levels are as follows-

-        View Only: This enables a user to view application pages, it is also used for the Excel Services Viewers group.

-        Limited Access: This enables a user to access shared resources and any specific asset. This permissions level is designed to be combined with fine-grained permissions to enable users to access a specific list, document library, folder, list item, or document, without enabling them to access the whole site. Limited Access cannot be edited or deleted.

-        Restricted Read: This permissions level will allow the users to view pages and documents, but they will not be able to download or edit any document. The only access the users with this permissions group will have are View Items, Open Items and View Pages which enhances our data’s security even more.

Best Practice: If necessary, create your own SharePoint group and permission level, and avoid modifying or deleting the built-in groups. For more information, please refer to the official Microsoft documentation about the Default SharePoint Groups.

 

Active Directory (AD) Groups

Unlike SharePoint groups the Active Directory Groups are available globally and are not limited to just on site, which allows us to manage the access of the users to the SharePoint environment at a higher level and not just at site level for better and efficient management.

However, it is entirely possible to create Microsoft 365 security groups directly in the admin center and add those to your SharePoint site as well!

Best Practice: Add security groups to your SharePoint groups for easy management. Although it's possible to add users individually to sites, it will be harder to manage down the line.

 

Breaking permission inheritance

There are times and requirements which would need the sharing of only one document library or just a single document to be shared with a user and not an entire site, for this we can break the permission inheritance of that document or the library and this way we can manage the access to data at finer levels.

 

Access Requests

The access request feature allows people to request access to content that they do not currently have permission to see. This feature has been around for a while now and the "Access denied" message with no possible interaction whatsoever is also due to this feature of SharePoint Online. Although there is more configuration to be done in SharePoint on-premises, everything is ready to go in SharePoint Online! We do not have to think about anything else than choosing who should receive those requests to access the resources we want them to have access to, we can also add a custom message for the requestor and review the pending requests and add or remove them as per our needs. If you approve the request, you can also specify the specific level of permission you would like to assign to a user.

 

So, till now we took a look into how SharePoint offers us the options for customizations to refine and enhance our security needs which we can bend to our will to maximize the security of our data, you can get a better understanding of these options in the article at Microsoft documentation using the link below,

https://docs.microsoft.com/en-us/microsoft-365/community/sharepoint-security-a-team-effort

In in the Part 2 of this blog we will see the other security features that SharePoint and Microsoft has to offer to improve the security of our valuable data.  

Blog Calendar
Blog Calendar List
2021 Jun  7  2
2021 May  10  2
2021 Apr  20  3
2021 Mar  27  5
2021 Feb  51  7
2021 Jan  58  9
2020 Dec  33  7
2020 Sep  33  3
2020 Aug  70  3
2020 Jul  56  1
2020 Jun  26  3
2020 Apr  14  3
2020 Mar  11  2
2020 Feb  23  5
2020 Jan  23  7
2019 Dec  15  4
2019 Nov  11  1
2019 Jan  33  3
2018 Dec  36  4
2018 Nov  66  3
2018 Oct  12  3
2018 Sep  349  11
2018 Aug  6  2
2018 Jun  11  1
2018 Jan  57  2
2017 Sep  563  5
2017 Aug  17  1
2017 Jul  17  2
2017 Jun  53  2
2017 May  21  1
2017 Apr  33  2
2017 Mar  119  4
2017 Feb  470  4
2016 Dec  183  3
2016 Nov  427  8
2016 Oct  254  10
2016 Sep  366  6
2016 Aug  39  1
2016 Jun  1790  6
2016 May  104  3
2016 Jan  71  2
2015 Dec  392  6
2015 Nov  4  1
2015 Oct  13  1
2015 Sep  1382  6
2015 Aug  13  1
2015 Jul  127  2
2015 Jun  10  1
2015 May  20  1
2015 Apr  28  3
2015 Mar  78  3
2015 Jan  5269  4
2014 Dec  17  1
2014 Nov  2229  4
2014 Oct  64  1
2014 Sep  106  2
2014 Aug  4716  1
2014 Jul  46  2
2014 Apr  2484  12
2014 Mar  291  19
2014 Feb  238  8
2014 Jan  1510  16
2013 Dec  21  2
2013 Nov  653  2
2013 Oct  252  3
2013 Sep  11  1
2013 Aug  38  3
2013 Jul  209  1
2013 Apr  50  6
2013 Mar  1927  10
2013 Feb  311  4
2013 Jan  270  2
2012 Nov  39  2
2012 Oct  460  10
Tag Cloud
Interested in our services? Still not sure about project details? get a quote