Customer success story: Managing SharePoint Online permissions

Sharepoint Image Featured 25

STIHL needed to migrate 12 TB of content to SharePoint Online. Here’s how ShareGate did it without a hitch, while also helping manage SharePoint permissions.

When STIHL approached end of life for its SharePoint 2013 installation, the company had a decision to make: implement an updated on-premises version of SharePoint, or make a big change by migrating to the cloud and SharePoint Online. 

STIHL isn’t the first company that’s been faced with this dilemma, and they won’t be the last. There are pros and cons to each decision. While the benefits of cloud compared to on-premises are evident, the migration process is enough to scare anyone off. It’s certainly not for the faint of heart.

Luckily, STIHL was already using ShareGate for ongoing SharePoint permissions management and reporting, so it was a no-brainer to mobilize our solution for this massive migration.


The challenge: Migrating SharePoint permissions and ongoing permissions and content management

Migrating SharePoint permissions and data structures

Once STIHL decided to take the plunge and migrate over to the cloud, reality set in. With over 40 global subsidiaries and thousands of users, migration was going to be a massive undertaking.

Constanze Pretzler, Senior Inhouse Consultant for Digital Collaboration at STIHL, was a member of the team in charge of managing permissions and data structures. “It was way too much for us to do manually,” she said of the migration. 

“We had about 12 terabytes of content in SharePoint 2013,” she explained, which is one of the reasons why finding a reliable solution to assist with the move and the continuous management of content and permissions was crucial. 

“Data loss was one concern, but it was even more important that permissions migrate accurately,” she continued. “Our worst-case scenario was outsiders getting hold of our content. That would be a total disaster.” 

You can take your learning further by embracing SharePoint permissions best practices and use one of two ways to manage user and group permissions.

Ongoing user permissions and content management

STIHL knew that they needed assistance with the migration, but they weren’t originally set on which direction they would go. Initially, they considered using the Microsoft 365 migration tool.

Upon further investigation, it became clear that they would not get the individualized support they needed. Constanze explained: “If you had a special need, there was no chance of assistance.”

After considering other tools, STIHL consulted with industry contacts for counsel. They advised that many tools don’t offer the flexibility STIHL needed. One contact even explained that they had needed to switch from their initial tool selection to ShareGate mid-migration. This is a huge pain and a situation any company would want to avoid.

Coincidentally, STIHL was already using ShareGate for permissions reports, standardized reporting, and performing copies inside SharePoint 2013. They much preferred ShareGate reports to the PowerShell scripting monthly reports they had previously been using. STIHL had also used ShareGate for smaller migrations and were impressed with the depth and flexibility of support available.

Once the pieces came together, it became clear that ShareGate offered exactly what they were looking for when it came to their large migration. The fact that ShareGate offered ongoing reliable SharePoint content and permissions management was icing on the cake. STIHL continues to use ShareGate to manage permissions as well as copy and move large amounts of content in between larger migrations.


Auditing SharePoint permissions is key to success

Constanze knew that such a massive migration would be a high-stakes operation. While information loss is always a concern, accurate permissions migration was top-of-mind for Constanze. ShareGate’s Permissions matrix report offered exactly what she needed.

Thanks to ShareGate’s total transparency, Constanze and her team had peace of mind throughout the migration process.

“We had total visibility on what was going on,” she explained, “so any mistake could not go undiscovered. Our users were very eager to know if their content and permissions had been copied, and we were able to prove that everything had transferred correctly.” 

The users’ eagerness was satisfied, not simply because of their ease of visibility but also because the results were impeccable. They got to see firsthand that permissions were perfectly copied, which reduced stress and work for the IT admins (always appreciated). The mass check-in feature was also incredibly useful.

Constanze and her team use ShareGate’s Permissions matrix report, which helps users keep track of their content permissions and inheritance.

“We offer the permission matrix report as a service to help site owners get a full overview,” she explained. “The requests are mainly about broken permission inheritance and keeping track of complicated permissions.” 


The smoothest SharePoint 2013 to SharePoint Online migration

  • Quick and painless migration—Constanze was thrilled with ShareGate’s ease-of-use right out of the box, which contributed to the speed of setup and migration. “We migrated 40 sites a weekend and ran three weekends a month,” she said. 
  • Precision and accuracy—While speed is crucial for efficiency, it means nothing if the job is not done well. With ShareGate, you can have your cake and eat it too. 

    “We moved over 1,500 site collections with several broken inheritances and uncountable SharePoint groups and users nested,” Constanze said. “Getting 100% reliability was the biggest benefit we could ask for.” They ultimately migrated 1,500 site collections with 100% of permissions copied accurately.
  • Customer support—Although STIHL’s migration went off without a hitch, even the most flawless executions need support. Constanze and her team were blown away by the support they received during the migration and beyond: “The quality and response time of the support team is really awesome. If they need to follow up later to give you a complete answer, you always get status updates.” 

    She was also impressed with the proactive approach of ShareGate’s development team: “They always listen to us. Each product update often brings new functionality that we had just mentioned in conversation.” 

It’s no wonder why more organizations are making the switch to migrate SharePoint 2013 to SharePoint Online. ShareGate makes is easy and hassle-free.


Recommendations for managing SharePoint permissions

  • Follow the principle of least privilege—This means that users only have access and permission to functionality that directly applies to their job. Yes, it restricts access for internal and external users, but it’s logical. Why would a someone need access to functionality that has nothing to do with their role? This logical restriction helps to prevent accidental or intentional damage to your SharePoint and Microsoft 365 environment. The best way to implement this principle is by reviewing all user permissions regularly, and removing any unnecessary permissions.
  • Use SharePoint groups, which are collections of users who require the same permission level to perform their job functions—This makes IT admins’ lives easier—can’t complain there. Microsoft 365 global admins can create groups via the Microsoft 365 admin center, Planner, Exchange, and SharePoint, but not other locations such as Teams. It’s easier and more efficient to assign permission levels to SharePoint groups than to assign permission to each individual user. Plus, whenever you add a user to a SharePoint group, that user will automatically have all the same permissions as everyone else in that group. Think of all the tedious work you can avoid!
  • Regularly review and audit SharePoint permissions—Every IT admin knows that this is an essential part of keeping your SharePoint environment secure. The SharePoint audit and review process should be done at least once every six months. This will help you identify any problem areas as soon as possible, such as users with excessive permissions, any changes made to permissions without proper authorization, and any inactive accounts that still have access to SharePoint. SharePoint audit logs allow you to analyze the SharePoint files, lists, and folders in your cloud ecosystem and see how employees are using them. They’re a great way to gain wide visibility over your SharePoint environment. After the review, remove permissions that aren’t necessary and revoke access for inactive users. With SharePoint Online, you can audit the following activities:
    • File and page activities 
    • Sharing and access request activities 
    • Site administration activities
    • Directory administration activities 
    • Power BI activities
    • Microsoft Teams Healthcare activities 
    • Power Automate activities 
    • Synchronization activities
    • SharePoint list activities
    • Site permissions activities

What to look for in a SharePoint permissions management tool?

Granular SharePoint permissions control

With the help of a quality SharePoint permissions management solution, you should be able to simply and easily configure unique permissions for particular SharePoint sites, lists, libraries, folders, and even individual files. The more information, the better—the devil is in the details. A good solution should also allow you to define unique permissions and support role-based access control (RBAC).

Comprehensive SharePoint permissions reports

We all strive for the most accurate picture of SharePoint security when it comes to our environment. This is only possible with a permissions management tool for SharePoint that offers extensive reporting capabilities. For a comprehensive experience, this tool must include pre-built dashboards and reports that display the granted permissions to users, SharePoint groups, and sites as well as any modifications made to permissions. And the ability to schedule reports at a frequency that works for you to maximize regulatory compliance and records management.

SharePoint automation and scheduling reviews

Maintaining SharePoint security should always be one of your top priorities. With a solid SharePoint permissions management application that provides automation and scheduled reviews features, you can feel confident that you have security under control. You should be able to automate features such as the ability to assign permissions based on user attributes—think: job title, department, and location. You should also be able to set up scheduled checks of SharePoint user permissions so that you’re informed automatically when a permission changes or needs to be amended. It’s all about visibility and efficiency.


ShareGate gives you better full control to manage SharePoint permissions automatically

ShareGate’s Permission matrix report—our most popular report—is the starting point to preserve security during migrations for routine user access management in your SharePoint and Microsoft 365 environment.

With the results from our Permissions matrix report, you can see: 

  • All user and group permissions and each one’s permission level 
  • Objects that have inherited permissions 
  • Microsoft 365 external users (including pending invitations and anonymous guest links) 

With ShareGate’s permissions management tool, you can quickly check who can do what in your SharePoint and Microsoft Teams setups. Adjusting permissions settings is no sweat, making it easy to match governance principles and maintain the focus of your Microsoft 365 tenant.

The ability to automate changes everything. By automating guest access and external sharing reviews with owners, you’ll avoid the dreaded paper chase!

All the IT drudgery that comes with onboarding, offboarding and employee moves is suddenly no big deal. Whether you need to remove, add or copy permissions from one user to another, don’t worry—you can do it in moments. You can also always adjust permissions in bulk.

Check out STIHL’s success story and hear more from Constanze Pretzler, Senior Inhouse Consultant for Digital Collaboration, about her experience using ShareGate!

What did you think of this article?

Recommended by our team

Getting started is easy

Try ShareGate free for 15 days. No credit card required.

Hosts 1

LIVE VIRTUAL EVENT RISE UP: Ignite your M365 tenant migration playbook