Microsoft Ignite October 2022 Part 1: Security and Compliance Across SharePoint, OneDrive, and Teams

Around the world, we hear how corporations fall prey to cyber predators. Cybersecurity has never been more important than now with the hybrid conditions for work. The challenge has been to ensure the cybersecurity of data and content for staff who work remotely on their systems and Wi-Fi network in conjunction with staff who work on-site. With so many possibilities of threat entries, cybersecurity has reached Zero Trust as the standard and norm. Microsoft is committed to enabling its customers to diligently, smoothly, and easily as possible manage content, people, and context across SharePoint, OneDrive, and Teams.

Microsoft announced at Ignite today, six new security and management capabilities including:

1. Advanced access policies for secure collaboration
2. Security controls to safeguard content
3. Comprehensive compliance
4. Migration enhancement
5. Advanced sites lifecycle management
6. Organization lifecycle management

In this article, we will review Advanced Access Policies for Secure Collaboration and we will review the remaining in the next article, Part 2: Security and Compliance Across SharePoint, OneDrive, and Teams.

Advanced Access Policies for Secure Collaboration

Advanced access policies for secure collaboration are currently available as either private preview, general availability, or premium feature and span across SharePoint sites, OneDrive, and Teams.

Restricted Access Control (RAC) Policy for SharePoint Sites: Private Preview

Unauthorized access to content can occur when content is overshared by users. Users commonly share content with good intent, but they are unknowingly and mistakenly, sharing with a broad audience, resulting in unauthorized access to content by the broader audience. Oversharing has always been an issue, but with hybrid work environments, this has bubbled to the surface with an expansion of oversharing and unauthorized access to content.

With the RAC Policy for SharePoint Sites, administrators can now restrict access to SharePoint Sites, instantly restricting access to content to a confined set of users, regardless of how widespread the content has been shared or where inheritance was broken at the content level.

This advanced policy, RAC Policy v1 (Private Preview), allows administrators to restrict Microsoft 365 Groups-connected sites to having the same membership as the parent Microsoft 365 Group, even if the site or content was shared outside of that group membership. Microsoft announced that this policy will be extended to all SharePoint Site templates by configuring the RAC policy with a security group.

Restricted Access Control (RAC) Policy for OneDrive in Your Organization: General Availability

Announced at Ignite this week, the Restricted Access Control Policy for OneDrive is generally available. Similar to oversharing of SharePoint sites with external users, OneDrive content is also overshared.

By creating security groups in Azure Active Directory that contains all the organization’s employees and then configuring the Limit OneDrive Access to those groups in the SharePoint Admin centre, only those groups granted access will now have access. By restricting access to all OneDrives in your organization to a determined set of users such as only employees, your organization’s content is secure from being accessed by externals who should not have access in the first place.

Conditional Access Policies for SharePoint Sites, OneDrives, and Teams: General Availability

There is flexibility with the Conditional Access Policies for SharePoint Sites, OneDrives, and Teams by allowing admins to determine whether the content is classified as business strategic or general training content. Both types of content will require different levels of security whereby classified business strategic content is accessible only when certain conditions are met, and general training content should be easily accessible. The conditional access requirements should match the security posture of these sites.

This can be achieved by utilizing SharePoint Online PowerShell to set the appropriate access policy for a site. This will dictate the conditions that are required to access the specified site. For example, a site containing business strategic information can have the condition of multi-factor authentication (MFA) to be met in order for a user to access this site. Additionally, these policies can be associated with sensitivity labels, if deployed, by labeling the teams or sites appropriately. The key benefit of this policy is that it allows the admin to have users go through additional credentialing only when they are accessing critical sites or teams that contain business strategic content.

Access policies are just one of the methods that are being applied for cybersecurity by Microsoft. As Microsoft moves closer to Zero Trust, increasing security controls, safeguards, malicious malware protection, and lifecycle management are all integral parts of this advancement. In our next installment, Part 2: Security and Compliance Across SharePoint, OneDrive, and Teams, we will examine these closer in detail.