Security at the Site-Collection Level in SharePoint Online

Balancing security and usability are core to ensuring people can collaborate effectively without interrupting the necessary flow of information across organizations.  With SharePoint Online we’ve been at work developing security and sharing controls that are scoped at the site collection level.  This allows Tenant administrators to configure more restrictive controls at the site collection level, than those that are configured at the Tenant level providing a balance between the need to protect corporate information and the requirement to collaborate effectively across and outside of the corporate boundary.

Topics: SharePoint, SharePoint security, sharepoint online, security, SharePoint Online Management Shell, Site Collection

SharePoint Search: Kick in the Turbocharger

Finding information in your SharePoint environment can be a challenge.

If you use SharePoint for document management, the chances are that you have thousands (and maybe even tens of thousands) of files stored on your intranet. In theory, this kind of system is terrific, because it gives everyone in your organization equal access to any files they might need to do their jobs. With so many files to sort through, though, navigating to the right document at the right time can be mission impossible. Only by ramping up the power and usability of the SharePoint search function can you improve navigation, discoverability, and overall efficiency.

Topics: SharePoint, SharePoint search, metadata, Managed Properties, SharePoint Document Management

PowerApps, Flow and Managed Metadata fields–part 1

One (current) issue affecting both PowerApps and Flow is that neither support Managed Metadata Columns properly. I have a method to get around this issue, but it will take more than one post to explain. Lately I have refrained from writing epic multi-part posts because things change quickly. In fact this issue will likely go away by the end of 2017.

Topics: SharePoint, Azure, PowerApps, Flow, Active Directory, WebServices, Apps Model

Top Three Ways To Use SharePoint To Gain A Competitive Advantage

Ever wonder if, and how, consulting companies use their own products, methodologies and services? When working with other software companies, we often see that even though they work with a product, sometimes they don’t use it within their own company.

Topics: SharePoint

Ben Curry and Scott Edwards to Lead Governance and Security Talks at SPTechCon in DC

Scott Edwards and Ben Curry were chosen to present during five different sessions alongside 27 other industry leaders at SPTechCon (Nov 12-15) in Washington D.C. 

Topics: SharePoint, SharePoint security, SharePoint governance

SharePoint Search: Amp up the Power

If you use SharePoint as a document management solution, then you probably rely on SharePoint search to discover or locate specific files. In a site or library that houses thousands or even tens of thousands of documents, you should be able to use keywords and metadata terms to find the one document you require. Otherwise, your search can easily turn into a hunt for a needle in a haystack.

Topics: SharePoint, SharePoint search, content management, Content Types

Simple (but effective) dashboards in SharePoint

One of the more common requests I get about putting SharePoint to good use is how to build a hyper-responsive, beautifully designed, amazingly cogent dashboard displaying all the key performance indicators (KPIs), report updates, big data analyses, and business intelligence of the day.

Topics: SharePoint, Dashboards, Data, Report, Reporting, Excel

How Microsoft Teams is Altering Collaboration Strategies

Having worked with different collaboration technologies since the late 1990’s, I’ve been able to work with many of the leading solutions available on the market — from traditional intranets and social collaboration tools, into the more complex (and expensive) product life-cycle management (PLM), product data management (PDM), and supply chain collaboration platforms. What attracted me to the SharePoint space back in 2004 was its potential for extensibility, which led me to working for Microsoft and then some of the leading ISVs within the SharePoint community. Throughout all of this, one of the major issues has remained end user adoption of the technology. Even the most advanced, feature-rich solution that seem to check off all of your corporate requirements can still have adoption issues.

Topics: SharePoint, Microsoft, collaboration, Teams, KanBo

Blog Site Or Publishing Site: When To Use One Over The Other?

Another common question we always get from SharePoint administrators is on the choice between a Blog Site and a Publishing Site: “Should I go for the first or the later?”

Topics: SharePoint, Blog, SharePoint Admin, SharePoint Administrator, Publishing Site, Blog Site

IT or Business? Who should manage SharePoint site security?

One of the decisions you have to make once you create an Intranet portal in SharePoint is who will manage SharePoint site security. I have recently published a similar post on pros and cons of AD groups vs. SharePoint groups. However, that was more of a technical decision. Today, I want to concentrate more on the governance aspect of the same topic. Would you let IT control the access or let Business users own the security aspect and be able to add users to their sites themselves?


In order to help us make the right decision, let me explain the 2 most common security models for SharePoint Intranets:

1. Role-based model
2. Site-based model

Let’s get to know both little better and then take a look at pros and cons for each.

Role-based model

Role-based security model is based on the notion that you have access to the sites that are driven by your role within the organization. In simple terms that would mean that you will be part of certain security groups in Active Directory or SharePoint that would make you belong to a certain department, subset of users, etc. Below are the examples of such security groups:

  • Accounting Members
  • Finance Members
  • HR Members
  • IT Members
  • Executives

In SharePoint that means that you would use a combination of those predefined groups on every SharePoint site and assign corresponding permissions (based on objective of the site). For example, on Finance site, Finance Members would get Contribute access, Executive members could get Read Only, while IT members would get Full Control.

Because these groups are unique and centralized, they are controlled by a small group of users, usually an IT department

Site-based model

In contrast, Site-based security model relies solely on the objective of the site. In other words, this group relies on the 3 default SharePoint security groups created for each site:

  • [Site name] Members
  • [Site name] Owners
  • [Site name] Visitors

Depending on the permissions users need to have, each user is added to one of those default groups, thus getting corresponding access. Each group is unique to the site, thus making it easier to add/remove users, without impacting other sites in the Intranet Portal.

The access and group membership in this case is typically controlled by the Site Owner (usually Business), and not IT.

Topics: SharePoint, SharePoint security