There’s the governance plan, rules, processes to follow, and then comes the reality. Sometimes, you don’t have the time or the total control to ensure every action taken inside your SharePoint is compliant with the initial plan.
SharePoint Security might have different meanings depending on your business and your governance. For us SharePoint Security must answer these questions:
What are the activities and who takes them inside my SharePoint content?
Am I taking any risks by allowing the external sharing on Office 365?
Can I take actions to quickly correct security breaches?
There is no secret recipe to the best way to manage security. Actually there's not one, but multiple ways that can help you. These depend on your governance plan, the way you allow users to give permissions, if you use AD groups / SharePoint groups...
But sometimes, you’re stuck with how your SharePoint was originally built, so this is the time to make it right. With security management, you'll feel safe every day because you know exactly who has access to what, what content is where, and how to add/remove permissions.
Different SharePoint Security reports can be used to monitor your security, depending on the information you’re looking for.
The permission report is one of the reports that can answer the first question “Who has access to my site, through which permission and from where (an Active Directory group, a SharePoint group, an explicit permission)?"
There’s no such built-in report inside SharePoint. If you want to do so, you need to check every single object, and then check the permissions associated. And there’s no way to see who the user inside an Active Directory or SharePoint group is. You need a flexible report that allows you to search only at the Site Collection level, or to dip down to sites, libraries, folders and content.
I know your next question: "How can I find such a powerful report?" I can tell you the Sharegate team is working hard to release this powerful report really, really soon, so stay tuned! For the moment, you can check out Sharegate's Explorer.
The auditing report allows you to answer the following question: “Who's performing a specific activity inside your environment?” By activities, I mean open, download, read, delete or modify a document, or view/edit items in lists, or view/edit item properties.
Auditing is really useful for security if you need to track a user or an action that can break your security rules. For example, if a confidential document has been moved to another site that has external sharing allowed, you might want to track it and enforce your governance, training, or any resources you have to improve your security.
SharePoint out-of-the-box auditing reports can help you track this. Please note that auditing features must be enabled to use audit log reports. You can always use Sharegate to bulk activate the feature on multiple site collections and sites at the same time. If you need help on viewing audit log reports, please read this article on the Office blog.
Checking permission report
Checking permissions for a user or a group can be very useful, especially if you suspect a security breach or if you just want to copy permissions and verify access before. For this report, you need to be able to specify a specific user/group (or multiple users/groups), to target on which object you want to see the permission, for example the whole site collection or just a site, and then see the results.
Plus, if you use Sharegate to build this report, you can specify to see permissions only at the site/list or content level. You can also verify only Custom Permissions, or Explicit Permissions and limited access.
I like to check permissions on my external users, also when it’s time to copy permissions from one user to another it’s a step I always start with.
External Sharing report for O365
SharePoint Online has a great new feature with the external sharing. You can now allow users from outside your organization access to a site, a library or list, or a single document. However, this feature comes with great possible security breaches.
Your SharePoint security report for Office 365 external user must allow you to:
See on which Site Collection the external sharing is active
See the list of all authenticated users
See the list of all content with a Read/Write anonymous guest link
See the list of all content that is externally shared
Check permissions for an authenticated user
Lucky you, these reports can be generated with Sharegate. You can read The Definitive Guide to Office 365 External Sharing to see how to use them.
Build your own reports
As I said in the introduction, security rules and governance are related to your company and business rules. Because of this, I think it’s very important for you to be able to run your own reports based on your own rules. At Sharegate, we’ve pre-built security reports for you so you can have the bigger picture of the query engine abilities, but what I most like is to build my own report.
Here’s the list of security pre-built reports we've created for you:
Sites / Documents / Lists with custom permissions: These reports are very useful, especially when you want to verify where there's some broken inheritance. If your governance plan says you don’t allow to break inheritance besides site level, this is the good report to keep track and verify it.
Sites / Lists / List items / Documents with explicit permissions to users: These reports are very useful to verifying if a user has access to your SharePoint with explicit permissions. This means that the user isn't inside a SharePoint or an Active Directory group. You might have to specify in your governance plan that the user must have access through a SharePoint group. This is the good report to check it.
Reports for Office 365: External Users, Site Collections with external sharing, documents with anonymous guest links enabled
Did you know that you can save your own report and share it to the SharePoint Community? Just use the Import/Export feature on the report. With these reports, you have the bigger picture of your SharePoint security. It’s best to check them frequently or to set alarms if a rule is broken.
What reports do you use to be sure your SharePoint is Secure? Do you have suggestions to add to this list? What are the actions you’d like to take in a jiffy?