MVP Take: Govern, manage and mitigate SharePoint application risks

Warning: Use of undefined constant icon - assumed 'icon' (this will throw an Error in a future version of PHP) in /usr/www/users/rencor/rencore/www/wp/wp-content/themes/rencore/functions.php on line 759

Warning: Use of undefined constant title - assumed 'title' (this will throw an Error in a future version of PHP) in /usr/www/users/rencor/rencore/www/wp/wp-content/themes/rencore/functions.php on line 763

Warning: Use of undefined constant icon - assumed 'icon' (this will throw an Error in a future version of PHP) in /usr/www/users/rencor/rencore/www/wp/wp-content/themes/rencore/functions.php on line 759

Warning: Use of undefined constant title - assumed 'title' (this will throw an Error in a future version of PHP) in /usr/www/users/rencor/rencore/www/wp/wp-content/themes/rencore/functions.php on line 763

Warning: Use of undefined constant icon - assumed 'icon' (this will throw an Error in a future version of PHP) in /usr/www/users/rencor/rencore/www/wp/wp-content/themes/rencore/functions.php on line 759

Warning: Use of undefined constant title - assumed 'title' (this will throw an Error in a future version of PHP) in /usr/www/users/rencor/rencore/www/wp/wp-content/themes/rencore/functions.php on line 763

We sat down with three of our Microsoft MVPs Tobias Zimmergren, Erwin van Hunen, and Waldek Mastykarz to talk SharePoint. What followed was an intriguing conversation which formed the basis for this MVP blog series special. In this weeks installment, Tobias and Waldek talk about governing, managing and mitigating SharePoint application risks.

Blog posts in this series:

MVP Take: Deprecating features in SharePoint – are you prepared?
MVP Take: How do organizations use and extend SharePoint?
MVP Take: What are the consequences of extending SharePoint?
MVP Take: Govern, manage and mitigate SharePoint application risks (this article)
MVP Take: Where are your SharePoint applications?
MVP Take: How do you consistently maintain SharePoint applications

Tobias Zimmergren is a 10 year Microsoft MVP and works as product Owner at Rencore. He plans, architects and develops software and distributed cloud systems.

Tobias: “You can mitigate SharePoint application risk in various ways, and a good application governance plan is really important and should consist of the following:

An inventory of how and where all applications are being used
How applications are being linked
An analysis of the contents of every single application
A tight grip on general practice

You should plan how you implement applications, train users, power users and citizen developers. I recently had a discussion with someone in the community about citizen development and the summary, after pointing out both advantages and disadvantages, was that citizen development isn’t a bad thing – it’s a very good thing because it can help you increase the return of investment (ROI) from your SharePoint. But a lot of time, you don’t know what’s being modified, what’s being changed, what scripts and third-party libraries are being used. This is where the risk comes in but being aware and mitigating these risks is the key to extending SharePoint safely.

So, your plan for mitigation should be the following:

Discover what is in your SharePoint environment
Plan for application governance
Plan for training

We have talked about our training – 15 years is a very long time. As a consultant, every day is training. It’s very important to understand the risk but also the possibilities you have going forward and extending SharePoint effectively and securely.”

Guiding hands will help you deploy SharePoint solutions to production safely.

Waldek Mastykarz is a 10 year Microsoft Office Development MVP and Product Owner at Rencore. He reinforces our product development and is also a member of the SharePoint PnP Core Team

Waldek: ” So, to summarize, you would train users to become more aware of the things that they are about to change so they can make a correct judgement on what to change – not just how to make a change.”

Tobias: “Yes. I would never say avoid extending SharePoint or don’t be a citizen developer. Most organizations are benefiting a lot from having people outside of IT who can quickly go in and change a list or add a web part. It needs to be this way because one of the great things about SharePoint is the extendable capabilities. It’s important to understand the consequences of a poorly governed SharePoint environment where users fail to comply with industry standards.”

Free Risk Assessment

Rencore’s Risk Assessment will help you discover application activity in your SharePoint environment and highlight the requirement’s needed for application longevity. Furthermore, it detects real production security issues and builds a risk report based on your data. Learn about quick wins for application security, governance and mitigation when extending SharePoint. Try our Risk Assessment for free today.

1,765

Cookie	Duration	Description
cf_use_ob	past	Cloudflare sets this cookie to improve page load times and to disallow any security restrictions based on the visitor's IP address.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

Cookie	Duration	Description
ai_session	30 minutes	This is a unique anonymous session identifier cookie set by Microsoft Application Insights software to gather statistical usage and telemetry data for apps built on the Azure cloud platform.
ai_user	1 year	A unique user identifier cookie, set by Microsoft Application Insights software, that enables counting of the number of users accessing the application over time.
AnalyticsSyncHistory	1 month	No description
browser_id	5 years	This cookie is used for identifying the visitor browser on re-visit to the website.
CLID	1 year	Clarity (MS)
CONSENT	16 years 2 months 24 days 16 hours	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
MicrosoftApplicationsTelemetryDeviceId	1 year	Microsoft sets this cookie to install a unique device ID that is used to track how users behave and interact with the Microsoft application on the device.
MS0	30 minutes	This cookie is set by Microsoft to identify a particular session.
MSFPC	1 year	This cookie is set by Microsoft to recognize unique web browsers that visit Microsoft sites. It is used for advertising, site analytics, and other operational purposes.
original_req_url	past	No description
Rencore Analytics	never	Analytics
visitorId	1 year	ZoomInfo sets this cookie to identify a user.
_cfuvid	session	No description
_clck	1 year	Clarity (MS)
_clsk	1 day	Microsoft Clarity - Analytics
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-77273030-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_ga_Z5LR216TRD	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_uetsid	1 day	This cookies are used to collect analytical information about how visitors use the website. This information is used to compile report and improve site.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
__hstc	1 year 24 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
li_gc	2 years	No description
li_sugr	3 months	LinkedIn InsightTag
muc_ads	2 years	Twitter set this cookie to collect visitor navigation data to optimise ad relevance.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
personalization_id	2 years	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
SRM_B	1 year 24 days	Microsoft Bing Ads
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_uetvid	1 year 24 days	Bing Ads

Spring-clean your Microsoft 365

The life-changing magic

of tidying up your tenant!

Spring-clean your Microsoft 365

The life-changing magic

of tidying up your tenant!

Microsoft 365 Governance made easy!

MVP Take: Govern, manage and mitigate SharePoint application risks

Free Risk Assessment

You pay for the whole M365 license – why not use it

Erwin van Hunen rejoins Rencore!

Rencore Governance monthly update: March 2023

Spring-clean your Microsoft 365

The life-changing magic

of tidying up your tenant!

Spring-clean your Microsoft 365

The life-changing magic

of tidying up your tenant!

Microsoft 365 Governance made easy!

BLOG

MVP Take: Govern, manage and mitigate SharePoint application risks

Free Risk Assessment

You may also like

You pay for the whole M365 license – why not use it

Erwin van Hunen rejoins Rencore!

Rencore Governance monthly update: March 2023