How to Protect Confidential Content on SharePoint Online

How to Protect Confidential Content on SharePoint Online

Leave a Comment / SharePoint / By / / 4 minutes of reading

Last Updated on October 20, 2023

Worried about your confidential documents in SharePoint Online?

In this article, let’s discuss the methods you can use to protect your confidential content in SharePoint and gain peace of mind.

Let’s get started

Methods to protect confidential content on SharePoint Online

There are a lot of security risks in SharePoint like:

  • External users
  • Third-party apps
  • Information leakage
  • Data management

Fortunately, there are ways to mitigate these risks.

1. Create a data classification scheme

The first step is to have some sort of identification scheme to have a clear definition of what passes as confidential.

Naturally, you need to know what it is you need to protect before you can take action.

There are different ways you can do this. Here are some guide questions that might help:

  • What information do you deem sensitive?
  • Where can you find that information?
  • Who can access that information? (Or what kind of users can access that information)
  • How do you use sensitive information or data?
  • What level of protection do those data need?

Regular users must also be able to understand the scheme so that they can easily tell apart when there’s stray confidential content roaming around.

Remember that users are important in this approach despite the fact that they might not see any confidential documents at all.

Note: For more best practices, check out this guide: SharePoint Security: The Best Practices Guide for 2022.

2. Configure user access/permissions

In SharePoint Online, there is a built-in feature that allows you to control which users have access to specific sites and content.

There are three default permission groups in SharePoint:

  • Site visitors
  • Site members
  • Site owners

Each user automatically falls into one of these groups, with visitors having the least permission access.

In cases when you need to give special privileges to certain users, the better approach is to make use of groups instead.

Control how things in this site can be shared and how request access works

Basically, I recommend creating new Microsoft 365 groups with selected users and changing the permissions of those groups.

Instead of changing a user’s permissions, all you have to do is remove that user from a group and enroll him in another one.

By the way, this is also an approach I recommended in my best practices guide for SharePoint Online security.

Related: Types of Groups in Microsoft 365: Comparing Groups

3. Train employees about confidentiality

It’s important that you educate your users about the importance of confidentiality.

This is where item #1 of this list plays an important role. You need to have a clear idea of what sensitive data is and teach it to your employees.

Related: How to Create Sensitivity Labels in Microsoft 365

You can take the time to teach your end users regarding:

  • What to do when they see confidential documents
  • Who to notify of such an incident
  • Other relevant apps like OneDrive, Microsoft Teams, Office 365 apps, etc.
  • Other best practices to observe when it comes to SharePoint and security

4. Delegate an internal information technology resource

Lastly, I suggest you use an internal IT resource to help you in maintaining confidential content in Sharepoint Online.

Your information tech personnel will then be in charge of the following:

  • Create and maintain a list of sites with confidential content in SharePoint
  • Performing regular security audits of sites that may contain confidential content (it’s ideal if these audits are scheduled)
  • Create alerts/notifications in cases when there is a breach or leak (shared with others) of confidential content

Sign up for exclusive updates, tips, and strategies

    Protect sensitive information in your organization

    All the methods I mentioned above work when you use them together.

    If you’re willing to shell out extra cash, you can get a higher license with Azure Rights Management to use Information Rights Management (IRM).

    IRM is a paid feature where you create policies to protect sensitive content in SharePoint and in the Microsoft ecosystem from unauthorized users.

    How it works:

    • Prevents users from saving or printing copies of a file
    • Policies apply at the list and library level
    • No need to install anything — simply activate the service

    The encryption specifically applies to the following file types:

    • PDF
    • Microsoft Office apps 1997-2003 file formats
    • Office Open XML formats for Microsoft Office apps
    • XML Paper Specification (XPS) format

    Unfortunately, you need an extra license to use it:

    • Microsoft 365 F3/E3/A3/G3/E5/A5/G5 and Microsoft Business Premium
    • Office 365 A1/E3/A3/G3/E5/A5/G5
    • Azure Information Protection Plan 1 when added to the following plans: Exchange Online Kiosk, Exchange Online Plan 1, Exchange Online Plan 2, Office 365 F3, Microsoft 365 Business Basic, Microsoft 365 Business Standard, or Office 365 Enterprise E1

    What are you currently doing to protect confidential content on SharePoint Online? Share your thoughts below.

    For business inquiries, kindly send a message to me using this form here and I’ll get back to you as soon as possible.

    About Ryan Clark

    As the Modern Workplace Architect at Mr. SharePoint, I help companies of all sizes better leverage Modern Workplace and Digital Process Automation investments. I am also a Microsoft Most Valuable Professional (MVP) for SharePoint and Microsoft 365.

    View all posts by Ryan Clark | Website

    Subscribe
    Notify of
    guest
    0 Comments
    Oldest
    Newest Most Voted
    Inline Feedbacks
    View all comments
    0
    Would love your thoughts, please comment.x
    ()
    x
    Scroll to Top