Blog - Rencore

SharePoint and OneDrive governance

Written by Jasper Oosterveld | Oct 4, 2022 2:00:01 PM

As mapped out in the first blog post in this two-part series, SharePoint and OneDrive are your go-to Microsoft services when storing and sharing data. However, there’s a lot to look out for when administrating these services. From protecting your data to preventing clutter as well as unauthorized access, you need to have a solid governance strategy that is able to face all challenges in your M365 environment.

We are going to cover the following governance topics:

  • Templates
  • Naming convention
  • Expiration policy
  • Guest review
  • Privacy
  • Site sharing
  • SharePoint Site Theme
  • SharePoint Hub Site
  • Creation process
  • Back-up & restore

There are differences between the governance of SharePoint Team Sites and Communication Sites. That’s because SharePoint Team Sites manage their membership with Microsoft 365 Groups. Providing the management of a centralized membership and integration with other Microsoft 365 services such as Microsoft Teams and Planner.

SharePoint Communication Sites don’t have a Microsoft 365 Group. The membership (groups or people) is only applicable to SharePoint and managed with Azure Active Directory.

The following table shows the corresponding governance topics per SharePoint site and OneDrive.

 


Let’s take a closer look at each topic.

Templates

You need to define the use case of your SharePoint sites. For example:

  • Departments
  • Projects
  • Processes

These are divided into public or private. The public sites are connected to SharePoint Communication Sites and part of an Intranet Portal. The private sites are connected to SharePoint Team Sites, with or without Microsoft Teams and part of your collaboration process. Have you defined your templates? Continue and decide your template requirements for the underlying governance templates.

Naming convention

Each SharePoint site, after you create one, gets a unique URL. This URL is automatically created and determined by the name of your site. We advise to take hold of this process and define your own naming convention per template. For example:
Template:

  • Project

URL:

  • https://m365x11686931.sharepoint.com/teams/prj-private-Mark8

This makes the maintenance for IT easier and the purpose, of the template, for business users clearer.

The following resource contains more information about this topic:

Expiration policy

Sites don’t need to live on forever. After certain periods, they served their purpose. That’s why it is important to manage inactive teams by defining an expiration policy. This can be done manually within the SharePoint Administration Center, expiration policy with Azure AD or with external tools. We advise to check your expiration requirements with your security officer and archive expert due to certain regulations requiring documents to be saved or deleted after a certain timeframe.
The following resource contains more information about this topic:

Guest review

Guests, people without a license from your Microsoft 365 tenant, don’t need to have unlimited access to your sites. We recommend implementing a guest review process. This allows owners to decide if a guest needs to maintain access or the guest can be removed. You can use Azure Access Reviews, manual reviews in Azure AD or use an external tool.
The following resource contains more information about this topic:

Privacy

The privacy of your SharePoint Team Site is either public (accessible for all employees) or private (invited by the owners). We advise to set department template on private and allow employees to decide for themselves for the other templates through your creation process. The following resource contains more information about this topic:

Site sharing

Per template, the decision must be made who can share the site and its content:

 


We advise to use the second option; this keeps the control around inviting guests with the owners.
The following resource contains more information:

SharePoint Site Theme

Each SharePoint Site contains a default look & feel. This is applied with a SharePoint Site Theme. You must decide if you want to use the default, one of the out-of-the-box themes, or create your own.

The following resources contain more information:

Hub Sites

After you deployed many SharePoint sites, it’s almost impossible to manually manage certain features (for example: navigation) and integrate content. By using SharePoint Hub Sites you receive the following features:

  • Discover related content such as news and other site activities
  • Apply common navigation, branding, and site structure across associated sites
  • Search across all associated sites

We advise to deploy a Hub Site structure for the public Communication sites from your Intranet Portal.
The following resources contain more information:

Creation process

Once you defined your template and all related requirements, it is time to define the creation process. Can all business users create a SharePoint site? A selection? Or only IT? There is no right or wrong. This really depends on your requirements. That said, looking at our experience we often see a controlled process with the use of a provisioning solution. You can create your own or use an external tool.
The following resources contain more information:

Back-up & restore

Microsoft provides a recycle bin to recover deleted sites and items. We advise you view these features and match these to your organizations requirements around back-up & restore. Do you require additional features? You need to investigate external tools.

The following resources contain more information:

SharePoint & OneDrive Governance Challenges

We discussed the relevant governance topics for SharePoint & OneDrive. Before we round up, we discuss the biggest challenge, in context of this article, around the governance of SharePoint & OneDrive.

Each organization, especially after the COVID-19 pandemic, requires sharing or collaboration with guests. This is a hard requirement of business users to be able to do their work. The challenges arise around managing and monitoring guest access. The last thing a company wants is a data leak because a guest had access to sensitive content. Before you enable external sharing, you must discuss the security requirements around this following topic. Ask yourself: How can our business users share content with guests?

This is related to the following settings in the SharePoint Administration Center:

 


The setting new and existing guests empowers your business users, but existing guests maintains more control with IT. We lean towards the first but understand some organizations must do the latter. We advise to apply the following external sharing settings:

 

To learn more about governance in SharePoint, OneDrive, and other Microsoft 365 services, I recommend reading the following free whitepaper “Complete visibility across Microsoft 365“. It offers best practices to centralize and automate your governance approach in order to maintain control over multiple Microsoft 365 services.