sharepoint audit scope/healthcheck

Question

what areas could/should be included in the scope of an audit/healthcheck (call it what you like) of a document management system like SharePoint, above and beyond the obvious, ensuring any confidential/sensitive documents are only accessible to authorised users/groups. We have a DMS based upon sharepoint that we have a few days to focus on from a risk/audit/compliance perspective, and trying to make sure we make best use of the time.&nbsp;&nbsp;

cian allner · Answer

Have you seen this resource, it's a good place to start:

Secure SharePoint Online sites and files

There also some great resources here around security, like Office 365 Information Protection for GDPR with guidance and recommendations, though it may not all be relevant.

Microsoft cloud IT architecture resources

CRIB111 This is predominantly for SharePoint Online, so it won't be as relevant if you are on SharePoint Server, though some of the concepts will still apply. In that case, start here perhaps - Configure audit settings for a site collection and View audit log reports. This seems to be a reasonable overview - SharePoint Audit Logs: A Key to Better SharePoint Management. Finally, this may help - Overview of security groups in SharePoint Server and some of the resources linked from there like Plan your permissions strategy.

Forum Discussion

sharepoint audit scope/healthcheck

1 Reply

Resources