Blog

Copilot Readiness Part 3: SharePoint Governance

How to approach to security and control

In brief

  • Copilot benefits from good information management governance
  • Sites/Teams: Group related content into a logical structure
  • Security: Think “Just Enough Access” and ideally set it at site level

In this article and our video, Preparing for Microsoft Copilot Part 3, we dive in to naming documents consistently and how that can automated, versioning as wells as Tagging documents in SharePoint and Teams.

Also in this series:

Understanding the requirement:

Microsoft 365 Copilot:

  • Only searches for information from the user’s tenant
  • This includes all data they have been granted access to
  • Does not include content from other tenants where the user has (guest) access
  • Does respect the end-user’s security/access permissions

How to Implement this:

1. Keep Security Simple:

  • As a rule, we try and set read and contribute permissions at a Site Level, occasionally at a Document Library and Folder level and very rarely at a file name.

 

2. Track Movers

  • It’s too easy for a mover to gain new permissions for their new role and not lose the assigned permissions for their previous role. As part of your movers process, be proactive to review existing permissions – consider dynamic membership groups.

Learn More on Access Management:

Understanding the requirement:

Microsoft 365 Copilot works best when related data is grouped together logically, that permissions reflect “Just Enough Access” and when data is no longer needed it is removed from scope of active users either through archiving or deletion.

How to Implement this:

1. Define your Information Architecture Principles

a. What needs to be true for us to create a new Hubs/Site/Team?
b. What are our standards for site /team structures?
c. What roles do metadata, labels and tags play?
d. What are our security principles (data boundaries, external users)
e. What’s our position on extending functionality (eSignatures, Document Generation, Workflow, Apps)

We recommend that end-user site requests should be triaged to establish if a new site is needed and if so, what does it look like. The answers to these questions which will help:

 

2. Plan the Site Life-Cycle Process

a. What is the purpose of your site? (Filling, Collaboration or Publishing?)
b. Who needs access to it (owners, contributors, visitors/viewers)
c. How long will you need it for / how will we know we can close it?
d. What should happen to the assets created?

The goal of site and team management is to give users a better experience, so it’s clear where work gets done. As one client said to us, “A place for everything, and everything in its place”.

 

Learn More on Site and Team Management:

Whilst retention labels control how long to keep data for, and what happens at the end of that period. Sensitivity labels, part of Microsoft Purview Information Protection, control how a document, SharePoint Site or Microsoft Team is protected from a security perspective.

An example from a Copilot perspective, you could set a sensitivity label on a Microsoft Team, to ensure that it is set to private instead of public, meaning that only Team Members will be able to access the content, as opposed to everyone in the business.

A few examples where you can use a sensitivity labels:

  • For a Microsoft Team to restrict who can have access to it
  • For a press release to restrict access before an embargo is lifted
  • To ensure that the current price list for sales staff can't be opened after a specified date

Learn More on Sensitivity Labels:

Based on our experience, the approach to security "Just Enough Access" and Site/Team Management have always been best practice when managing a SharePoint / Teams environment.

Starting with information architecture principles and planning the site life-cycle with a supporting security model creates the right user experience, in Microsoft 365 Copilot is a crucial approach, allowing users to access only the data in their tenant while keeping security straightforward by setting permissions primarily at the site level.

Additionally, effective "Site and Team Management" is all about crafting information architecture principles and planning the site life-cycle process logically. This experience-driven perspective emphasizes the importance of creating a user-friendly and organized environment.

 

Read Part Four on Technical Prerequisites

Author

Rupert Squires

Client Director

2 mins read

View our other blog posts

Click through to see our other blog posts.

Copilot Readiness Part 5: Microsoft 365 Copilot – Licensing

Copilot Readiness Part 5: Microsoft 365 Copilot – Licensing

Microsoft 365 Copilot is an additional purchase as it is not included in any of Microsoft’s licence suites, including the “Hero SKU” Microsoft 365 E5. So, to take advantage of the new AI capabilities offered by Microsoft, you will need to budget for additional investment.

Copilot Readiness Part 4: Microsoft 365 Copilot – Technical Prerequisites

Copilot Readiness Part 4: Microsoft 365 Copilot – Technical Prerequisites

In this article we explore which managing Redundant, Obsolete, and Trivial data in SharePoint and Teams—a part of our Microsoft 365 Copilot series. Based on Microsoft best practices, our guidance bridges the gap from ‘what’ to ‘how’, providing practical insights based on experience.

Copilot Readiness Part 3: SharePoint Governance

Copilot Readiness Part 3: SharePoint Governance

Based on our experience, the approach to security “Just Enough Access” and
Site/Team Management have always been best practice when managing a
SharePoint / Teams environment.

Ask how we can help you:

• First steps in helping your business do this?
• Taking a step back and building your strategy?
• Stuck in the mud and needs help getting out?

Whatever the question, you can expect a response within a business day.

Start your journey to stress-free document management right now