Microsoft Syntex SharePoint Advanced Management Setup
SharePoint administrators will administer Microsoft Syntex SharePoint Advanced Management from the SharePoint Admin Centre. It should be noted that this is a Microsoft 365 add-on. While features are administered by SharePoint administrators, some of the features can be utilized by site owners. The suite of tools available through Microsoft Syntex SharePoint Advanced Management Setup will not only help enhance secured collaboration in Microsoft 356 but will help manage and govern SharePoint and OneDrive compliance.
Microsoft Syntex SharePoint Advanced Management Setup provides advanced policies for access, ensuring secure content collaboration and advanced lifecycle management of site content.
Site Access Restriction for SharePoint Sites: Access to SharePoint sites can be restricted to users in a specific group with the application of a site access restriction policy. Users who are not part of the specified group will not have site access or access to the site content, even if they previously had permission to access or have a shared link. Site access restriction policies can be applied to Teams-connected, Microsoft 365 group-connected, and non-group-connected sites. Users will see files in the search results only if they have permission to the file. If they do not have permission (if they are not part of the specified group), they will not be able to access the file.
Restrict OneDrive Access to a Security Group: OneDrive access can be limited to members of specific security groups if they are the only ones to have access to the OneDrive content. For licensed OneDrive users outside of these security groups, access to shared OneDrive content or their own OneDrive will be denied. Applying a OneDrive restriction policy can prevent oversharing of OneDrive content.
Data Access Governance Reports for SharePoint Sites: as data and content continue to grow, the Data Access Governance Reports provide data to help admins discover which sites and, more importantly, what sensitive content is being overly shared. Utilizing this report, admins can assess, review, and apply compliance policies that provide appropriate security.
Conditional Access Policy for OneDrive and SharePoint Sites: Greater and more stringent access policies can be applied when users access SharePoint sites with Microsoft Entra authentication context. Applied directly to sites or enlisting sensitivity labels, authentication contexts connect Microsoft Entra Conditional Access policies to labeled sites. Note: this capability cannot be applied at the root site in SharePoint.
Secure SharePoint Document Libraries: A default label for document libraries can be configured but only if sensitivity labels are enabled for SharePoint. Once enabled, any new files that are uploaded to the library will have this label applied on the condition they do not already have a sensitivity label. For existing files that are edited in the library and do not have a sensitivity label, the default label of the document library will be applied. For documents that already have been assigned a sensitivity label, they will have a lower priority.
A default label provides a baseline level of security and protection and without content inspection, the default label is automatically assigned. There is a difference between this feature’s default label and the default label in label policies:
Default Sensitivity Label for a Document Library: Overrides lower priority labels but manual override can be applied. This is location-based labeling and applies only to SharePoint.
Default Sensitivity Label From a Policy: A policy sensitivity label never overrides existing labels. This policy applies to all locations and is not location-based.
This brings us to the question: Will an existing label be overridden? This is best answered in the following table:
Summary of Outcomes
Existing Label
Override with Library Default Label
Manually applied, any priority
No
Automatically applied, lower priority
Yes
Automatically applied, higher priority
No
Default label from policy, lower priority
Yes
Default label from policy, higher priority
No
Advanced Sites Content: Lifecycle Management
Advanced Lifecycle Management for site content includes:
Block Download Policy – SharePoint Sites and OneDrive: Users who try to download files from their SharePoint sites and OneDrive can be blocked from doing so. Once the Block Download Policy is applied, users will only have access to browse their files and they will not be able to download, print, or sync files. Files that can be blocked include recordings from Teams meetings. If a user tries to download a file, a message at the top of the site will state “Your organization doesn’t allow you to download, print, or sync from this site. For help, contact your IT department.” It should be noted that this policy can be achieved without using the Microsoft Entra Conditional Access policies.
Recent SharePoint Admin Actions: The Recent Site Related Actions panel will provide the most recent site-related actions made in the SharePoint admin centre in the last 30 days. This report can be either viewed or exported and will provide site property change information including site creation, site name, site deletion, sharing of settings, site URL, and storage quota. Note that organizational-level changes and changes made by other administrators will not appear on the panel.
Manage Site Lifecycle Policies: From the SharePoint Admin center, inactive sites can be managed across the admin’s tenant. With an inactive site policy, the detection of inactive sites is automated. When an inactive site is detected, an email notification is sent to the site owner, and the site owner can then confirm if a site is active or inactive.
A simulation policy can be converted to an active policy. An active policy runs every month and generates a report. It will send email notifications to inactive site owners to have them confirm the status of the site. Site owners can confirm the site is active by the Certify Site button in the mail and by doing so, the site will remain confirmed for one year. If the policy fails for any month, it will run again the following month as scheduled.
Create Change History Reports: Review SharePoint site property changes that have been made within the last 180 days with the Create Change History Report. Five reports can be generated for a given date range and filters can be applied for sites and users. Accessed from the SharePoint admin centre, this report can be downloaded or exported as a .cvs file.
Microsoft Syntex SharePoint Advanced Management Setup adds several more layers of security through sensitivity labels and policies addressing site and OneDrive restrictions, sensitive content access, blocking downloads, and group security. As an add-on, this suite of powerful features and tools provides seamless end-to-end compliance and security for additional content security and prevention of data loss.