Are your powers users confident about the security of their content in Teams? A constant point of contention for power users are uninvited guests or unfamiliar users found within an Office 365 group, team, or site the power user owns. This persistent issue negatively impacts adoption and needs to be addressed. Surprisingly enough, SharePoint admins usually wind up being one of the root causes. Let’s investigate why.
Currently, in SharePoint Online, support staff with the SharePoint Administrator role must grant themselves Owner rights before they can access a site, team, or modify group membership. Admins that perform this action show up on the modern permissions display panel and in the O365 group causing concern amongst the site owners who quickly feel that they have no control over the access of their content.
So what are these admins up to?
Most SharePoint setups today use this method to perform system maintenance. In some cases, support may be performing a change request or resolving an issue.
6 Steps To Secure Access
These headaches can be alleviated by one Office 365 Group, a few updates, and a little scripting. Just follow the below steps:
- In the Office 365 Admin Center, create a “SharePoint Administrators” Office 365 Group and add all your SharePoint Support staff to it as “members” (Owner rights don’t seem to be as effective in this scenario).
- Request temporary Global or User Management Administrator rights.
- Run a PowerShell script to add “yourself” as an owner to all group connected SharePoint sites (Requires Global or User Management Administrator rights).
- Add “yourself” as an owner to all other Team and Communication sites (not group connected) via the SharePoint Admin Center: https://[TenantName]-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/siteManagement
- Run another PowerShell script to add the “SharePoint Administrators” Office 365 Group to the “Site Collection Administrators” section of all sites.
- Run a final PowerShell script to remove your personal account’s access from the sites and the Office 365 Groups minus the “SharePoint Administrators” Office 365 Group.
That’s it! Your support staff now have Full Control access to all sites so that they can perform their daily duties without:
- Disrupting the end-users by showing up in the Owners section and/or Office 365 Group.
- Needing to add and remove themselves to make SharePoint changes.
Likewise, you can and should use this same process in tangent with a “SharePoint Service Accounts” Office 365 Group. Otherwise, whenever your Flow or analysis service account or job needs to access something, it will take additional steps to manually grant it access.
The Final Touch
Make adding these groups part of your manual and/or automated site creation process.
Interested in diving deeper on secure internal and external collaboration? Reach out to our team here to set up a free consultation call.
Today marks the end of the road for 2 old friends at Microsoft, Windows Vista and Exchange 2007. Both have reached end of support with Microsoft and you should be off of them long before now.
For those of you that may be unaware, Microsoft defines “end of support” as: End of support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance. This is the time to make sure you have the latest available update or service pack installed. Without Microsoft support, you will no longer receive security updates that can help protect your PC from harmful viruses, spyware, and other malicious software that can steal your personal information. For more information go to Microsoft Support Lifecycle.
For the last 4 years, I have been very happy with my Linksys Wi-Fi enabled router at home. But when the kids knocked it off the shelf, I was suddenly in the market for a new router. This prompted me to dive deeply into the Wi-Fi world, which has changed drastically in the last few years. Many of our smaller clients would use these home routers for their Wi-Fi needs and they worked pretty well. If you had to do some serious data crunching though, you always plugged in.
Well, things have changed now. Wi-Fi networks, though not as fast as wired, have substantially decreased the gap. Without breaking the bank you can have multiple Wi-Fi hotspots, all using the same SSID (the name you connect to) and will happily pass you from one access point to the next as you travel from your office to the conference room. Now you can securely wander the office with great speeds without having to cross your fingers each time you give a presentation. (more…)
In the current economy, many businesses across the globe are seeking alternatives to costly data backup methods. A popular solution to costly backup methods is cloud backup, which works well as a strategy for business continuity planning and disaster recovery. Data backup and storage in the cloud means that the cloud service provider takes responsibility for costly backup hardware and redundancy methods. The company seeking cloud storage pays a monthly subscription fee, which is based on the amount of backup and storage which is required.
In order to successfully backup and store data in the cloud, you must choose a reliable provider that has a track record for using multiple backup servers, advanced security, and immediate access and recovery in the event of a disaster. A lot of companies prefer to pursue the best of both worlds by combining the speed of local backup with the security of cloud backup. This concept is known as hybrid backup and is more cost effective than tape methods and other offsite storage methods.
The security of today’s information systems go far beyond the general protection measures that were once considered to provide ample security against intrusion.For many companies that are implementing new technologies one of the top priorities during the planning phase is security. There are many different aspects that define the overall security of a company’s infrastructure, one of which is patch management.
Server and network availability is an essential aspect of maintaining business productivity and continuity. IT administrators face many challenges and responsibilities when it comes to maintaining the network and keeping downtime at a minimum. Depending upon the size of the organization there are many components to keep track of such as device management, updates, patching, new application configurations, compliance requirements, and issues that arise as the result of human error or environmental factors. So, what are some of the challenges that IT administrators face and what are some of the ways you can overcome these issues?
Regulatory compliance can take on different definitions according to the industry in which you are applying the policies. Since compliance means incorporating standards that conform to specific requirements, regulatory compliance is the regulations a company must follow to meet specific requirements.
When you apply regulatory compliance to IT, the regulations apply to two different aspects of company operations which include the internal requirements for IT and compliance standards that are set forth by external entities. Both types of regulatory compliance affect IT company operations and can potentially restrict (more…)
For companies that are currently utilizing a Blackberry server many are considering switching to Active Sync with the greater demand for iPhones and Android platforms. What exactly does this mean for your business? Many employees have had a great interest in purchasing an alternative platform to Blackberry so let’s take look at how you can also integrate Active Sync into your environment and the advantages/disadvantages you will need to consider.
One of the biggest advantages to Active Sync is the change in infrastructure that would take place in your environment. Less hardware is actually required to run Active Sync, instead of maintaining a stand-alone server as is required for a Blackberry server, you run Active Sync from your Exchange server.
Active Sync allows you to (more…)
I have a lot of passwords. In fact I have 194 of them. But remembering 194 of something is tough, and we typically don’t make our passwords something that can be remembered easily. One way we try to make this easier is to use the same password for multiple accounts. But this is not secure. If someone hacks your Facebook account, they now have the password to your email account, and probably your bank account too.
So how about making a list of all your passwords? Maybe a post-it note on your monitor, or on a piece of paper that you hide under your keyboard. This sounds pretty clever but (more…)
Network monitoring is an essential responsibility for businesses of all sizes. Medium-sized and large companies typically have a network monitoring system in place either onsite or offsite in the cloud but what about small businesses? This is exactly what hackers are asking when they are seeking to breach a network.
In the last few years small businesses have become (more…)