Microsoft SharePoint Premium is the evolution of the SharePoint platform, resulting from the integration of the product formerly known as Microsoft Syntex into the SharePoint fold. SharePoint Premium brings AI, automation, and added security to your content experiences, processing, and governance. This blog will delve into the governance features of SharePoint Premium that make it a standout choice for organizations.

Let’s start with putting the concept of governance into context, as it’s a “big word” in that it can have very broad meaning when applied across technology, data and information management domains. According to Wikipedia, Information Governance (IG):

“Incorporates information security and protection, compliance, data quality, data governance, electronic discovery, risk management, privacy, data storage and archiving, knowledge management, business operations and management, audit, analytics, IT management,” and more!

Governance addresses the key areas of:

• Risk versus value: Balancing compliance with rules and regulations with operational transparency and the ability to reduce costs or generate value.
• Supporting decision-making and accountability: IG requires the development of a framework to define and measure acceptable behaviors in the creation, use, storage and disposal of data and information.

SharePoint Premium (SPP) provides a lot of new features and functionality across three broad areas or categories of capability: content experiences, content processing and content governance. Let’s dive into the governance capabilities of SPP:

Content governance capabilities are a key element of SharePoint Premium. It actively addresses oversharing and content sprawl by managing the content lifecycle and controlling access with simple yet powerful tools. This ensures that your organization’s content is secure, compliant, and easily manageable.

• Data Access Governance: One of the key governance features of SharePoint Premium is ‘Data Access Governance’ (DAG). DAG generates reports that provide a high-level view of potentially overshared sites, filtered according to link-sharing policy, Teams-connected sites, privacy, sensitivity labels, and more. This feature extends controls for content and access governance to content owners and creators, providing a comprehensive overview of your organization’s data access. Managing potential sources of over-sharing is extremely useful in preparing your content for use with Microsoft Copilot AI assistants.

• Site Access Reviews: Another significant feature is the ‘Site Access Reviews.’ This capability allows IT organizations to check in with content owners for potentially at-risk content, asking them to review users’ access to content, take any required actions, and confirm when completed. By identifying and addressing at-risk content, SharePoint Premium helps maintain the integrity and security of your organization’s data. However, there are a lot more tools available to secure content once you have run your DAG reports and regularly scheduled site access reviews.

SharePoint Premium adds additional tools to your security tool belt, allowing you to increase layers of security and access controls to ensure your most sensitive content is securely protected against oversharing, exfiltration or unauthorized access, whether stored in SharePoint sites or OneDrive:

• Restrict SharePoint site access with Microsoft 365 groups and Entra security groups: Restrict the access of a SharePoint site and its content only to the members of Microsoft 365 group (for group-connected sites) or a security group (for non-group connected sites). Users who aren’t in these groups won’t have access to site content even if they previously had site access permissions or a file sharing link.

• Secure SharePoint document libraries by default sensitivity label: When SharePoint is enabled for sensitivity labels, you can configure a default label for document libraries. Then, any new files uploaded to that library or existing files edited in the library will have that label applied if they don’t already have a sensitivity label or they have a sensitivity label but with lower priority.

• Restrict OneDrive content level and service level access: You can limit access to shared content in a user’s OneDrive to people in a security group, or you can limit OneDrive access to members of a specific security group if you want to allow only certain users to have access. Even if other users outside of these security groups are licensed for OneDrive, they won’t have access to their own OneDrive or any shared OneDrive content.

• Conditional access policy for SharePoint sites and OneDrive: Enforce more stringent access conditions when users access SharePoint sites through Entra ID. Authentication contexts can be directly applied to sites or used with sensitivity labels to connect Microsoft Entra Conditional Access policies to labeled sites.

We are used to applying an information management lifecycle concept to the data and information assets themselves, but now you can apply the concept of a lifecycle to a SharePoint site using SharePoint Premium capabilities:

• Manage site lifecycle policies: Set up an inactive site policy to automatically detect inactive sites and send notifications to the owners via email. The owners can then confirm whether the site is still active, and of course if it’s not you can have discussions about archiving it or deleting it.

• Create change history reports: Create change history reports in the SharePoint admin center to review SharePoint site property changes made within the last 180 days, filtering by sites and users, then download the report as a .csv file to view the site property changes.

• Review your recent changes to SharePoint site properties: The recent actions panel lets you review and monitor the last 30 changes you’ve made to a SharePoint site’s properties such as renaming a site, deleting a site, changing storage quota within the last 30 days in the SharePoint admin center.

• Block download policy for SharePoint sites and OneDrive: You can block the download of files from SharePoint sites or OneDrive without using Microsoft Entra Conditional Access policies. Users will have browser-only access and will not be able to download, print, or sync files. They also won’t be able to access content through apps, including the Microsoft Office desktop apps.

As you have seen, SharePoint Premium’s governance features provide robust processes, security, and compliance for content management. By actively addressing oversharing, managing the content lifecycle, and controlling access with powerful tools, SharePoint Premium ensures that your organization’s content is secure, compliant, and easily manageable. With SharePoint Premium, you can maximize the value of your content while maintaining its security and structure.

But wait, there is more!

Hot off the presses from the M365 Community conference in Orlando, there is a slew of new content management and data access control capabilities, which you can read about in this Microsoft announcement blog post: Announcing SharePoint Advanced Management innovations for the AI and Copilot era.

By: Jed Cawthorne and Noorez Khamis