welcome to XRM blog

Keep in touch with latest CRM/ERP articles

To remain competitive your organisation must be efficient across the business process spectrum. To do so you need to take sound decisions based on a balance between the cost and risk. To do so you will be heavily dependent on your content management in itself needs...


SharePoint Security - Part 1.

By Shreshth Gupta on 3/16/2021


The advanced digital era that we have entered in is full of possibilities and ideas, the ideas that seemed impossible in the past have already implemented or are in making. With each passing year of these technical advancement the world has became more connected with help of various technologies, let it be the invention of telegraph or the internet. This connectivity has given us a chance to stay up to date with all the ideas and change happening all around us and allows us to share the ideas we have that can shape the future. This sharing of ideas and staying up to date id s all done in form of exchange of data.

Today one of the most precious things in this world is data, which can be used to shape the future. But as we know that there are malicious elements around us that are always on the move to get their reach to this data and use it for their own profit. To keep our precious data out the hands if such elements we need to implement higher level of security in everything.

SharePoint online is one such platform which can be used to keep, enhance and refine our data with people around the world. Other than being helpful in just sharing our data, SharePoint online is also one of the most secure platforms where we can manage and keep our data safe as per our requirements and our needs.


SharePoint Security Features

Here are a few key features that SharePoint have to offer to us to use for making our data much secure and enhance our experience of using the SharePoint.


Tenant level security

The tenant in Office 365 directs toward the full Office 365 suite attached to any domain. When Office 365 is set up, it creates a tenant to store all the data for Office 365 including things like SharePoint, OneDrive, etc. This allows all the data related to your organization to sit in a single environment and can be moved around within the tenant with ease.

This is the reason that the tenant level security settings be the first place before we go deeper into SharePoint for applying security measures. There are a few tenant settings which we can simply investigate and configure that will allow us to improve the level of the access that the users have, or you want to provide. Sharing settings are very important and If left to default, they can lead to data breaches.


Sharing settings

To access the Sharing settings (tenant level), navigate to the SharePoint Admin center, under Policies, select Sharing.

There are four different levels Sharing available in the sharing settings.

-        Anyone

-        New and existing guests

-        Existing guests

-        Only people in your organization

By default, the Sharing settings are set to “Anyone” which allows users that belong to your organization and out of your organization to access the data without authentication. This should never be set for sharing settings as it makes your data vulnerable to attacks related to data theft.

To increase the security of your data from theft we can use the settings “Only people in your organization” this will allow users of your organization to access the data you have and no one else can get access to it even if they have a sharing link to your data.


SharePoint also offers a few more options to help securing data a bit more if required.

Limit external sharing by domain: With this you can Allow or Block specific domains. A common scenario would be collaborating with specific customers or partners. This setting is available at the tenant level, as well as at the site level.

Allow only users in specific Security Groups to share externally: If selected, members of the security group(s) will be the only ones capable of sharing externally.

Guests must sign in using the same account to which sharing invitations are sent: This adds an extra layer of security to make sure that the user accessing the file(s) is the one you expect to. Selecting this option is highly recommended when possible.

People who use a verification code must reauthenticate after this many days [number of days]: New method where guests will authenticate using a one-time passcode for the number of days you configured.


Site level security

Now as we have seen the tenant level security settings, we can now dive down a level deeper in the SharePoint environment and can configure the security at the site level. Here are a few key features that SharePoint have to offer to us at the site level to use for making our data much secure and enhance our experience of using the SharePoint.


SharePoint Groups

When we create a site in SharePoint it automatically creates few permissions group for us to use to manage the access to the site and its data. These Permissions groups have different level of permissions related to them, which can be utilized to limit the access to the site and limit the interaction of the users with the site and the data present in it.

The default SharePoint permissions group created by SharePoint are as follows:

-        Owners

-        Members

-        Visitors

Each of these group has a permission level assigned to it. We can utilize these groups and permissions according to our needs, but SharePoint also offers us the option to create our own permissions group and manipulate them according to our needs and requirements.


SharePoint Permissions levels

The SharePoint Permissions levels and SharePoint Permissions groups goes together hand in hand. We can create multiple permissions groups in SharePoint but if we are not able to manipulate the properties, i.e. the level of access provided by any group, it does not solves our issue of higher security.  So, to resolve this issue SharePoint allows us to create our own permissions level where we can set the level of access, we want the users to have and then associate those groups with the Permissions group of our choice and can take benefit of it to increase the security of our data within the SharePoint environment.


Useful unique Permissions levels

Other than just the default Read, edit, view, etc. there are some of the permissions levels that SharePoint have to offer that can be used to enhance or refine the security according to our needs. Some of those permissions levels are as follows-

-        View Only: This enables a user to view application pages, it is also used for the Excel Services Viewers group.

-        Limited Access: This enables a user to access shared resources and any specific asset. This permissions level is designed to be combined with fine-grained permissions to enable users to access a specific list, document library, folder, list item, or document, without enabling them to access the whole site. Limited Access cannot be edited or deleted.

-        Restricted Read: This permissions level will allow the users to view pages and documents, but they will not be able to download or edit any document. The only access the users with this permissions group will have are View Items, Open Items and View Pages which enhances our data’s security even more.

Best Practice: If necessary, create your own SharePoint group and permission level, and avoid modifying or deleting the built-in groups. For more information, please refer to the official Microsoft documentation about the Default SharePoint Groups.


Active Directory (AD) Groups

Unlike SharePoint groups the Active Directory Groups are available globally and are not limited to just on site, which allows us to manage the access of the users to the SharePoint environment at a higher level and not just at site level for better and efficient management.

However, it is entirely possible to create Microsoft 365 security groups directly in the admin center and add those to your SharePoint site as well!

Best Practice: Add security groups to your SharePoint groups for easy management. Although it's possible to add users individually to sites, it will be harder to manage down the line.


Breaking permission inheritance

There are times and requirements which would need the sharing of only one document library or just a single document to be shared with a user and not an entire site, for this we can break the permission inheritance of that document or the library and this way we can manage the access to data at finer levels.


Access Requests

The access request feature allows people to request access to content that they do not currently have permission to see. This feature has been around for a while now and the "Access denied" message with no possible interaction whatsoever is also due to this feature of SharePoint Online. Although there is more configuration to be done in SharePoint on-premises, everything is ready to go in SharePoint Online! We do not have to think about anything else than choosing who should receive those requests to access the resources we want them to have access to, we can also add a custom message for the requestor and review the pending requests and add or remove them as per our needs. If you approve the request, you can also specify the specific level of permission you would like to assign to a user.


So, till now we took a look into how SharePoint offers us the options for customizations to refine and enhance our security needs which we can bend to our will to maximize the security of our data, you can get a better understanding of these options in the article at Microsoft documentation using the link below,


In in the Part 2 of this blog we will see the other security features that SharePoint and Microsoft has to offer to improve the security of our valuable data.  

Blog Calendar
Blog Calendar List
2024 Apr  18  4
2024 Mar  33  4
2024 Feb  28  3
2024 Jan  8  7
2023 Dec  14  6
2023 Nov  45  5
2023 Oct  118  12
2023 Sep  245  9
2023 Aug  63  7
2023 Jul  31  5
2023 Jun  20  4
2023 May  43  5
2023 Apr  35  5
2023 Mar  98  6
2023 Feb  111  5
2023 Jan  40  4
2022 Dec  94  7
2022 Nov  254  2
2022 Sep  13  1
2022 Aug  28  2
2022 Jun  7  2
2022 May  4  2
2022 Apr  6  2
2022 Mar  2  1
2022 Feb  2  1
2022 Jan  1  1
2021 Dec  4  1
2021 Nov  2  1
2021 Oct  2  1
2021 Sep  12  1
2021 Aug  38  5
2021 Jul  36  4
2021 Jun  1244  5
2021 May  31  3
2021 Apr  2036  3
2021 Mar  189  5
2021 Feb  2142  7
2021 Jan  3106  9
2020 Dec  446  7
2020 Sep  74  3
2020 Aug  685  3
2020 Jul  128  1
2020 Jun  75  3
2020 Apr  69  3
2020 Mar  13  2
2020 Feb  28  5
2020 Jan  34  7
2019 Dec  17  4
2019 Nov  30  1
2019 Jan  23  2
2018 Dec  69  4
2018 Nov  68  3
2018 Oct  18  3
2018 Sep  1152  11
2018 Aug  7  2
2018 Jun  14  1
2018 Jan  68  2
2017 Sep  585  5
2017 Aug  17  1
2017 Jul  17  2
2017 Jun  62  2
2017 May  21  1
2017 Apr  35  2
2017 Mar  135  4
2017 Feb  784  4
2016 Dec  204  3
2016 Nov  833  8
2016 Oct  307  10
2016 Sep  704  6
2016 Aug  39  1
2016 Jun  1876  6
2016 May  110  3
2016 Jan  71  2
2015 Dec  484  6
2015 Nov  4  1
2015 Oct  13  1
2015 Sep  1464  6
2015 Aug  14  1
2015 Jul  128  2
2015 Jun  11  1
2015 May  20  1
2015 Apr  30  3
2015 Mar  80  3
2015 Jan  5335  4
2014 Dec  17  1
2014 Nov  2257  4
2014 Oct  68  1
2014 Sep  107  2
2014 Aug  5280  1
2014 Jul  49  2
2014 Apr  2578  12
2014 Mar  301  17
2014 Feb  220  6
2014 Jan  1510  16
2013 Dec  21  2
2013 Nov  690  2
2013 Oct  256  3
2013 Sep  11  1
2013 Aug  40  3
2013 Jul  214  1
2013 Apr  57  6
2013 Mar  2292  10
2013 Feb  127  3
2013 Jan  343  2
2012 Nov  57  2
2012 Oct  499  10
Tag Cloud
Interested in our services? Still not sure about project details? get a quote