There is a lot of content and information out there, especially as SharePoint’s audience grows with Office 365. One thing that keeps coming is how do we manage the SharePoint security within or implement it, where do we begin?
The thing is, we can come about this topic from many different angles. When I say SharePoint security, what does that mean? Is the Servers and networking security, Active Directory and operating system security, IIS or SharePoint security itself in site collection and sites? And yes, I could say you need SharePoint security tool to get it done. But regardless of what it is and how you choose to put it in to place and enforce, you need to understand what it is you are securing… in this case we’re talking SharePoint.
I have written a few posts now on different different topics, but there are enough posts now that I thought it would help if I put them together in one place for you to find.
The SharePoint basics before security
Don’t worry I won’t try to explain SharePoint to you in a paragraph, but I have put a collection of posts together to help you get started.
Learning SharePoint basics and more – This article put many blogs, videos, infographics, webinars and guides together on SharePoint, but organized by topic.
That is what I give everyone starting with SharePoint and looking for some extra learning material. Whether it’s about the basics, Search, Branding or Governance, you’ll likely find something to get started there.
Does it have anything to do with SharePoint security? Not directly of course, but if you don’t understand why everyone can see something in Search results or why the Product Catalog items are showing up to people that do not have access to a list, well it won’t be much help.
There are no shortcuts, I do hope that it may help you get on a good start.
A few SharePoint security lessons learned and told
If you are sitting down and have a good hour to listen to two geeks talk about SharePoint security and their lessons learned, you’re in for a treat. It’s a video recording of a webinar given by both Antonio Maio, MVP and expert in security at Protiviti and I multiple times.
The sessions covers SharePoint security objects, but also tells some of the amazing stories we’ve come across… not all always the good kind.
Shorter video on security permissions and some tips
I know, a whole hour could be a little too long sometimes. Thankfully, I’ve also recorded an episode of Between Two Farms on security permissions. There I talk about some of the misconceptions people have around permissions.
For example, did you know that since SharePoint 2013 the Members Group assigned to Sites automatically was granted Edit rights instead of just Contribute?
Valuable resources from Microsoft and more to help you protect SharePoint
The worst feeling when working with software is knowing that you’ve made a mistake that may have potentially breached your platform. Well, though it was on Office 365 this SharePoint security breach was an eye opener. Always be careful to whom you grant access to things and make sure they know how to use this new power.
Infographics are great to share with someone, those that are not yet convinced for example. We took one of the official lists from Microsoft and made sure you could see it visually in a security infographic.
In fact, the Office 365 Trust Center is a great place for you to start learning more about the overall protection layer put into place by Microsoft.
Hopefully, this set of links can get you started in the right direction. As I said, there are many layers to SharePoint security and they are all just as important. You can have the most secure platform out there, but if I can hack my way in to your environment’s network and create a user I may effectively by pass much of your security. In fact, one of my fellow MVP and friend Liam Cleary’s most popular session is “Think you can hack SharePoint”.
If you get a change to attend it and you are in charge of SharePoint overall or just the security with it, I strongly recommend you take a look at it as well.
Benjamin Niaulin's Blog 