O365 Tidbit – Governance guidance for O365


Hello All,

With new features being introduced to O365 and the growing foot print you have in O365 it is very important to consider Governance to insure that you maintain a manageable presence for your sanity and your end-users sanity.  I’m going to walk thru some of the things you should be considering when you look at Governance, the points I have reviewed below are not meant to be complete or in-depth, the subject of governance is long and exhaustive and you could easily say never ending.  It is an effort that as an IT group you should be modifying and reviewing on a regular basis as new features are introduced or your company changes the way it works in this Digital Transformation. Now let’s get on with the show. Governance is … The SharePoint Governance Plan is a guidebook outlining the administration, maintenance, and support of Corporation’s SharePoint environments. It identifies lines of ownership for both business and technical teams, defining who is responsible for what areas of the system. Furthermore it establishes rules for appropriate usage of the SharePoint environments. This is the Microsoft definition and a great way to kick off from, what you should take away from this is that this document needs to describe how your enterprise (You and your end-users) will configure and use SharePoint.  This includes what can and can’t be done, how to do things, and what can people expect when they do things.  Don’t forget about the governance committee… From a governance standpoint I would say this team is the most important piece to the success of your farm they will build, promote, and support the Governance document.  This team should be comprised of several people, their role in this virtual team should be to steer how SharePoint is consumed in the enterprise.  Suggest list for people in this Virtual Team would be:

  1. Senior Management – They are there to lend weight and enforce the decisions
  2. HR Manager – Make sure you comply with rules and regulations
  3. IT Group – Ensure that decisions are within technical capabilities
  4. Business Units – The voice of the people, they know what they are doing with technology or would like to do with it.

For more information on the governance committee please review this blog What topics are we trying to cover…

  1. Site Template Specs

Need to think about when a new site is created in SharePoint Online, a site template (to base the site on) is first selected. Site templates contain lists, libraries, pages, and other elements or features that support the needs of an organization. Site templates are often customized so that site collection/site starting points contain necessary branding, layouts and site elements.  Will you be doing any of this customization for your org?

  1. Site Organizational Patterns

This topic focuses on how site collections are provisioned within logical groupings (and relative to one another) against the two available managed paths on the organizational web app, including discussion of flat vs. hierarchical structures. This significantly impacts navigation, administration/management, security, functionality/usability and ultimately, adoption.

  1. New Site Collection Criteria

The creation of top-level sites (site collections) and sub-sites (and the templates used) within the logical architecture presented in the previous module allows for different levels of control over the features and settings for sites. 

  1. Localization Spec, MUI and Variations

SharePoint site provisioning involves the ability to specify default language and time-zone settings. Additional UI language options can be added later by the SCA, which allows users in those sites to switch from the default language framework. For publishing sites, a "Variations" feature allows for the creation of a source site that can publish content to multiple, language-specific repositories for translation. 

  1. Storage and Server Resources

When signing up for SharePoint for Office 365, the tenant will be allocated a quantity of storage space and resources that's based on the number of users. Site collections use what they need from this central pool as they need it. However, storage space and resources can be fine-tuned and manually allocated to each site collection.

  1. Site IA, Navigation and Site Design

Within a given site collection or site, SharePoint includes many features that help support the implementation of well-designed "site information architecture" or "Site IA". Here, by "site information architecture", we mean: 

  • The selection and arrangement/layout of site and page elements, typically defined within the selected OOTB site template (or custom template, if allowed)
  • The relationship of different sites and sub-sites to one another within a hierarchy
  • Navigation between and within sites and pages within them
  • Underlying structural components enabling site and site element functionality

  A closely related (and downstream) topic (but not technically-"Site IA", to be exact) is that of "Site Design", which includes the following with respect to SharePoint, typically based on an organization's UI/UX standards (e.g. style guides) and specific site design work:  ·       Overall look and feel   ·       Branding, themes, fonts, colors, logos, images specific to different site types and page elements  ·       Design, arrangement and integration of site elements within the Site IA  Collectively, site IA and design involve contributions/inputs from information architects, solution architects, designers, and developers, though some sites (e.g. portals) may require more input from these roles than other site types. 

  1. Site Collection Security, including Groups and Permissions

SharePoint Online has its own separate security model and security groups, designed specifically to secure sites, lists, and items in SharePoint Online. The person who signs up for Office 365 automatically becomes a global admin and is the default SharePoint Online admin, though a second SharePoint Online administrator is typically designated as well.  Either way, this role configures the overall environment using the SharePoint Admin Center and owns "Site Collection Security": creation of, access to, and control of site collections, sites and the elements (lists, libraries, etc.) within them either manually, through Powershell scripts, or otherwise automation.  Note: other Office 365 admin roles (password admin, billing admin, and user management admin) do not play a part in the SharePoint Online security model. 

  1. Information Rights Management (IRM)

At a high level, IRM helps to enforce corporate policies that govern the use and dissemination of content within your organization by limiting the actions that users can take on files that have been downloaded from lists or libraries. IRM encrypts the downloaded files and limits the set of users and programs that are allowed to decrypt these files. IRM can also limit the rights of the users who are allowed to read files, so that they cannot take actions such as print copies of the files or copy text from them. You can use IRM on lists or libraries to limit the dissemination of sensitive content. For example, if you are creating a document library to share information about upcoming products with selected marketing representatives, you can use IRM to prevent these individuals from sharing this content with other employees in the company. On a site, you apply IRM to an entire list or library, rather than to individual files. This makes it easier to ensure a consistent level of protection for an entire set of documents or files. IRM can thus help your organization to enforce corporate policies that govern the use and dissemination of confidential or proprietary information. When Information Rights Management (IRM) is applied to a site list or library by a site owner, supported files in that library or list (attachments only) carry the protection where-ever they go and are protected (encrypted so that only authorized people can perform certain specified actions on download). 

  1. External Sharing Controls

Organizations that perform work that involves sharing documents or collaborating directly with vendors, clients, or customers (who do not have licenses for your O365 subscription) may want to use the "External Sharing" features of SharePoint Online.

  1. Information and Device Accessibility/Mobility

Technically, information stored in a customer's instance of SharePoint Online (i.e. a "tenant") can be made accessible for viewing and sharing from a variety of network conditions, devices, operating systems, web browsers, and Office client applications available on same, and Microsoft is continually releasing updates to improve cross-platform (and otherwise) availability. 

  1. Data Loss Prevention (DLP) and eDiscovery

Data Loss Prevention (DLP) and eDiscovery are used to secure and investigate enterprise information such as email (Exchange), documents/content (SharePoint/SPO/OD4B) and messaging/communications (Skype for Business).  This may be for legal, compliance and/or information protection (i.e. IP protection) purposes.

  1. Audit Logging and Reporting

Knowing who has done what with which information (and when) is critical for many business requirements, such as those related to compliance, investigating the actions of a disgruntled employee, and/or identifying which administrator performed a certain action (in a multiple administrator scenario). 

  1. Site Lifecycle Management – Non personal sites

Site lifecycle management (SLM) ensures that there is a way to manage the demand for/provisioning and configuration of; ongoing management and monitoring of; and disposition/retiring/archiving of non-personal site collections/sites.

  1. List and Libraries

SharePoint "Lists and Libraries" represent the primary site elements into/from which information is stored/accessed in SharePoint, and as such, managed control of the fairly large number of list/library settings here can have a significant impact over site level, and - by extension - overall SharePoint governance

The discussion around SharePoint Governance is long and exhaustive with many different thoughts and instructions, remember it needs to work for your enterprise and your end users at the end of the day, so do what is right for the enterprise and right for your end users.

Pax

Comments (0)

Skip to main content