SharePoint & OneDrive. Providing a safe and secure environment for collaboration (part 1)
Microsoft SharePoint and OneDrive are used to support an extensive range of business scenarios including file sharing, collaboration, document management and many other activities for users across many organisations. These activities can involve users both within and outside of an organisation. Many organisations are unaware of the measures available to help ensure the environment remains safe and secure.
In part 1 of this blog, I cover a couple of the basic areas an organisation should consider for helping to make SharePoint and OneDrive a safe and secure environment in which to collaborate:
- Access Control
How do we control access to Microsoft SharePoint and OneDrive?
Thinking about Microsoft SharePoint and OneDrive in a safe and secure environment can sometimes start with needing to define how to grant and control access as a first step. Users within an organisation will probably want to access SharePoint or OneDrive on a variety of devices from different locations, however a starting point for most organisations is to enable a baseline level of security using ‘security defaults’.
What are ‘Security Defaults’?
Managing security can be difficult when common identity-related attacks are becoming more and more popular. These attacks include password spray, replay, and phishing.
Security defaults in Azure Active Directory (Azure AD) make it easier to be secure and help protect your organisation. Security defaults contain preconfigured security settings for common attacks and Microsoft is making them available to everyone. The goal is to ensure that all organisations have a basic level of security enabled at no extra cost.
You turn on security defaults in the Azure portal a shown below:
The organisation will typically need to consider under what conditions it will grant access. Will it grant access from unmanaged personal devices, for example? How can the organisation be sure that the user requesting access is the actual authorised user and not someone using that users stolen credentials?
Security Defaults implements Azure Multi Factor Authentication (MFA) as a baseline security measure.
The initial experience whenever a user attempts to access SharePoint or OneDrive using their credentials by entering their username and password is as follows:
After clicking the ‘Sign in’ button (with Security Defaults enabled), they are initially prompted to enter additional information to validate their identity as follows:
The first time a user logs in they are prompted to confirm how they will provide the additional security information as follows:
After clicking ‘Next’ the user is sent a one-time passcode (OTP) as follows:
Once the user has setup their additional security verification, they are then prompted to enter it each time they login as follows:
With Security Defaults enabled, Azure Multi Factor Authentication is enforced for all users within an organisations Office 365 tenant including Administrator roles (e.g. SharePoint Admin, Exchange Online Admin etc.). This should be considered as a standard approach for all SharePoint and OneDrive users to improve security when authenticating.
Azure Multi Factor Authentication is provided with all Office 365 subscriptions (E1 / E3 / E5) however more advanced features (including such capabilities as enabling it with conditional access to support different scenarios) are only available with upgraded licence options such as Azure AD P1 / P2 etc.
Click the link for more information about Features and licences for Azure Multi-Factor Authentication
How should you enable users to accept responsibility for using Microsoft SharePoint and OneDrive?
In part 2 of this blog I will cover the following key areas:
• Guest access reviews
• Web-only access
• Session timeout policies
• Sensitivity labels to protect sites and files
Want to know more?
Please feel free to use the form below to contact us if you wish to speak to one of our experts
We host regular events so please do check our schedule of current seminars, webinars and events. We also post regular blogs on the latest updates and expert advice on Microsoft 365, Cloud and Hybrid IT, User Adoption and the Power Platform, so please do follow us.