Blog Post

Microsoft SharePoint Blog
8 MIN READ

What’s new and what’s coming w/ SharePoint & OneDrive Security, Compliance, & Administration – Oct

wbaer's avatar
wbaer
Icon for Microsoft rankMicrosoft
Oct 16, 2018

What’s new and what’s coming with SharePoint & OneDrive Security, Compliance, and Administration – October 2018 Edition

 

In today’s complex and regulated environment, businesses need to focus on building more secure solutions that deliver value to their customers, partners, and shareholders—both in the cloud and on-premises.

 

Microsoft has been building enterprise software for decades and running some of the largest online services in the world. We draw from this experience to keep making SharePoint and OneDrive more secure for users, by implementing and continuously improving security-aware software development, operational management, and threat-mitigation practices that are essential to the strong protection of your services and data.

 

SharePoint and OneDrive are uniquely positioned to help you address these evolving security challenges. To begin with, Microsoft has continued to evolve with new standards and regulations. This has been a guiding principle as we think about security for SharePoint and OneDrive. Right alongside that principle is this one: There is no security without usability. If security gets in the way of productivity, users will find a different, less secure way to do their work.

 

At Microsoft Ignite 2018 we announced many of the new capabilities that are available now and coming soon to Office 365.

 

NOTE This is the first of regular monthly updates for what’s new and what’s coming with security, compliance, and administration in SharePoint and OneDrive.

 

Unified Labels

Unified labels in Microsoft 365 provide you a more integrate and consistent approach when creating labels and configuring and applying policies to protect and govern information across devices, applications, cloud, and on-premises locations. Unified labels provide a single location to create and configure data sensitivity labels for both Azure Information Protection and Office 365, so you can set up protection and retention labels and policies in the same place.

 

 

 

 

Unified labels in Microsoft 365 are available now.

 

SharePoint site classification labels

Across your organization, you probably have different types of content that require different security requirements to comply with industry regulations and internal policies. 

 

Using Microsoft Information protection labels you can now apply consistent security and access policies to SharePoint Sites based on the sensitivity of the site. You can create sensitivity labels and associate them with policies in the new Microsoft 365 Security and Compliance Center. You can then apply these labels to files, emails, groups, Sites and Teams to automatically enforce consistent policies across your content.

 

 

 

 

SharePoint site classification labels will begin rolling out to Targeted Release in Q1 CY2019.

 

Automation application of retention labels

Data is your company’s most important asset, with the automatic application of retention labels you can ensure your most important assets are compliant to meet your corporate or regulatory requirements.  These retention labels can be created by importing the content types that you already use in SharePoint to help streamline the application of retention policies across all your content in SharePoint.

 

 

 

 

Content type to label support will begin rolling out in November 2018.

 

Label analytics

Information is growing at exponential rates and we’re making it easier for you to stay informed on how retention and sensitivity labels are being used to classify, retain, and protect your organization’s content in the cloud.

 

Using label analytics you can now get insights into how content is being labeled, including which labels are used most, and what emails and files they’re being applied to and also explore user activity to identify who’s been applying labels, investigate unusual trends, and more.

 

 

 

 

Label analytics will begin rolling out in Q4 2018.

 

File plans

Office 365 already provides data governance labels to establish rules for records management and retention.  Later this year we’ll be augmenting those with hierarchical file plans, allowing you to manage a range of retention labels with identifiers, departments, categories, statutory references and more.  File plans can be exported from Office 365 for easy editing in Excel, and then reimported to update label rules.

 

 

 

 

Files plans will begin to be available in Q4 2018.

 

Files Restore for SharePoint and Microsoft Teams

Data loss is non-negotiable, today we announced Files Restore for SharePoint and Microsoft Teams.

Files Restore is now available for SharePoint document libraries, protecting your shared files in SharePoint, Teams, Outlook groups, and Yammer groups connected to Office 365 groups and uses the same recovery capabilities that protect your personal files in OneDrive for Business.

 

Files Restore is a complete self-service recovery solution that allows site administrators restore document libraries from any point in time during the last 30 days and rewind changes using activity data to find the exact moment to revert to.

 

Files Restore for SharePoint and Microsoft Teams will begin rolling out to Targeted Release in December 2018.

 

Multi-geo capabilities for SharePoint (Selective Preview)

Multi-geo capabilities with SharePoint support your global data residency needs by storing SharePoint data in more than one selected Office 365 data center regions or countries. Microsoft commits to provide in-geo data residency, business continuity and disaster recovery for your core customer data at rest.

 

With multi-geo capabilities for SharePoint you can have a single Office 365 tenant that can span across multiple geos and enable a unified communication and collaboration experience across your global organization. You can migrate various on-premises satellites data silos into a single Office 365 tenant and at the same time meet your data residency needs. Your users are now connected to the people and content that matter most, regardless of where they work.

 

For IT, you can use powerful Office 365 admin tools to easily create and manage satellite sites and if needed move user data between geos to meet your data residency business needs. Get reports on where each user’s data is stored and audit trail of activities of all users in your global enterprise. Tailor sharing, security, and compliance policies separately for each geo—all from a familiar admin experience.

 

To learn more about Multi-Geo Capabilities in Office 365 see https://products.office.com/en-us/business/multi-geo-capabilities.

 

 

 

 

Multi-Geo capabilities with SharePoint Online will be available in Q1 CY 2019 .

 

External sharing integration with Azure AD B2B 

Last year at Ignite we introduced a new external sharing experience where recipients could access the shared content in a secure way by entering a one-time passcode sent to their email address without the need of creating or remembering passwords. This year, we're taking it a step further by integrating the one-time passcode sign-in experience with the Azure AD B2B platform. This enables external users to exist in your Azure AD directory as Guests which can be managed in the way you are already familiar with. This integration also brings the one-time passcode experience when sharing SharePoint sites and lists with external user.

 

SharePoint admin center updates

At Microsoft Ignite, in addition to our security and compliance news, we announced several exciting new features coming to the new SharePoint admin center. 

 

Make the new admin center your default admin center…

The new SharePoint admin experience provides a completely revamped SharePoint admin center that draws heavily on our modern principles… an administrative console designed to help IT achieve more, so their users can achieve more. If you’ve enjoyed using the new SharePoint admin center up until today, you now have the option to make the new SharePoint admin center your default experience while still being able to go back to the classic admin center if you need to. 

 

Improved management experience for group-connected sites

Office 365 Groups is a service that works with the Office 365 tools you use already so you can collaborate with your teammates when writing documents, creating spreadsheets, working on project plans, scheduling meetings, or sending email. Now we’re making it easier to manage group-connected sites by allowing SharePoint administrators manage ownership, change sharing settings, and delete and restore sites.  

 

 

 

 

Simplified hub site creation and association

Sites and data grow as your organization grows. With SharePoint hub sites, you can bring flexible, dynamic building blocks to your organization’s intranet – connecting collaboration and communication.  Now in the SharePoint admin center, you can manage existing hub sites in addition to creating hub sites and associating existing sites with a hub site.  These capabilities also extend to multi-geo scenarios. 

 

 

 

 

Quickly customize and control the site creation experience

Creating sites is one of the most common tasks an administrator performs in many SharePoint environments, and we’ve made it easier to customize and control how sites are created.

New site creation options allow you to create sites on behalf of users and configure common settings such as language, time zone, and storage limit and for classic and communication sites you can now also specify their managed path.

 

In addition to these site creation controls, you now can specify global settings that apply to all site when they're created too such as the time zone and site creation path and for organizations who want to control the site creation experience, you can enable or disable self-service site creation.

 

 

Improved site management experience 

In response to your feedback, we’ve added more management controls across site management and storage, including a simplified view of your tenant-level storage usage and limit and the ability to switch to manual site storage management.

 

Additionally, in many cases you may want or need more than one or two administrators for a site collection.  In response to your feedback, we’ve now enabled the use of security groups as a site collection administrator in SharePoint Online.

 

Finally, we’re making it simpler to execute site actions by moving many of the common actions to the command bar rather than the site information panel.  

 

 

 

 

 

Keep your information secure with improved access control and policies options 

The freedom to work fluidly, independent of location has become an expectation as has the freedom to access email and documents from anywhere on any device—and that experience is expected to be seamless.  However, data loss is non-negotiable, and overexposure to information can have lasting legal and compliance implications.  IT needs to make sure that corporate data is secure while enabling users to stay productive in today’s mobile-first world, where the threat landscape is increasingly complex and sophisticated.

 

New updates to the SharePoint admin center include a consolidated view of access control policies to help safeguard your information.   On the new access control page, you can configure policies for unmanaged or non-compliant devices, configure the idle-session sign-out experience for users, as well as configure location policies to restrict or allow access to SharePoint Online from known IP ranges

 

 

 

 

 

SharePoint admin center improvements will begin rolling out to Target Release in October 2018.

 

Learn more about how we secure your data with SharePoint and OneDrive in Office 365 and how customers are achieving success at https://aka.ms/SharePoint-Security.

 

And listen to the recent The Intrazone podcast all about the SharePoint admin experience in Office 365, "Cloud admins are human, too" episode #16 with Ben Stegink (SharePoint consultant at Intelligink), myself, Chris McNulty (SharePoint PMM / Microsoft) and Mark Kashman (SharePoint PMM / Microsoft).

 

 

Updated Nov 05, 2018
Version 6.0
  • So when will we have a proper integration between AIP and SPO? At this point anything is better than the 10 years old IRM feature...

  •  wbaer Thanks for the updates above. You and the team have been / are busy. Good to see the progress with the shift in emphasis for SharePoint.

    In terms of File Restore, will the two limitations of the OneDrive experience also apply to the SharePoint experience? That is, for OneDrive Files Restore:

    • Only basic file and folder activities are restored - e.g., create, delete, rename, update, move and copy. Sharing and permissions settings are not restored or reverted. These must be applied again.
    • Files Restore relies on the Recycle Bin as its source of recoverable files and folders. Any files or folders that have been removed from the Recycle Bin - for example, by the user permanently deleting these items - are unrecoverable.

     Or is there a different answer for SharePoint?

  • wbaer Also on Files Restore, SharePoint differs from OneDrive in that it also offers lists and list items. Does the team have a sense of how to support lists from a restore perspective too?