Updates to SharePoint security, administration, and migration
Published May 21 2019 09:09 AM 76.4K Views
Microsoft

Bill Baer

Senior Product Manager

@williambaer

 

In Microsoft 365, we take security and compliance seriously, helping you manage security concerns in an ever-evolving technology world that’s constantly under threat.

 

Today at the SharePoint Conference we demonstrated that commitment with innovation to help you protect your identities and your information.

 

Jump to section:

Security and compliance updates

SharePoint admin center updates

SharePoint Migration Tool Updates

 

Security and Compliance News

Multi-geo capabilities for SharePoint and Office 365 Groups (available now)

Multi-geo capabilities for SharePoint and Office 365 are designed to meet even the most complex data residency requirements. Today we announced multi-geo capabilities for SharePoint and Office 365 Groups are generally available, which means you can get started right away.

These new multi-geo capabilities allow you to store your SharePoint and Office 365 Groups mailbox/sites data in one or more worldwide locations to satisfy data sovereignty requirements specific to those locations.

 

MultiGeo_1.png

 

In addition to announcing that SharePoint and Office 365 Groups multi-geo capabilities are generally available, we’re reducing the licensing requirement to 500 users for multi-geo support effective June 1st2019, so that mid-size organizations can benefit from the world class security and compliance capabilities in Microsoft 365.

 

Learn more about Multi-Geo capabilities in Office 365 and see it in action on Microsoft Mechanics.

 

 

Sensitivity Labels for SharePoint Sites (private preview)

Across your organization, you probably have different types of content that require different security controls to comply with industry regulations and internal policies. 

 

SiteLabels_1.png

 

Using Sensitivity Labels you can now apply consistent security and access policies to SharePoint sites based on the sensitivity of the site. You can create sensitivity labels and associate them with policies in the Microsoft 365 Security and Compliance Center. You can then apply these labels to files, emails, groups, sites and teams to automatically enforce consistent policies across your content.

SharePoint now supports Sensitivity labels with Protection (private preview)

Security shouldn’t get in the way of collaboration…. Balancing the needs of people with those of IT ensures an organization can meet strict security requirements without sacrificing productivity.  Microsoft Information Protection has been allowing you to label and protect sensitive documents. Starting now, we are adding support such that Office files protected with Sensitivity Labels in Microsoft 365 share the same collaborative capabilities in SharePoint and OneDrive as files that are not protected with Sensitivity Labels.

 

With this preview, we are enabling these features: 

  • SharePoint Online service supports Azure Information Protection encryption on document upload, understands label policies applied to the document, and applies label permissions to document open when the document is in SharePoint or OneDrive.
  • When the document is downloaded from SharePoint or OneDrive, the document is protected by the label, so the protection continues to travel with the document.
  • Users can now open, edit and co-author a protected document in Office Online if the label policy allows. 
  • Office 365 eDiscovery supports full text search of protected documents. Data Loss Prevention (DLP) policies can now work with the contents of these documents (such as credit card numbers within documents).

NOTE Search and other collaborative features do not work in this preview.  

 

ProtectedFiles_1.png

 

External access expiration (preview Q3 CY19)

Partners, suppliers, collaborators – we all need to work across boundaries when it comes to completing tasks, but we need to do so securely and with confidence.  With tenant-scoped external sharing expiration a tenant administrator can specify how long external users can have access to sites and their content that is shared with them.  Once the maximum configured period of time for external sharing links has been met as set by the tenant administration, the external user will no longer have access to the site or content unless their access is extended by the site owner or a new sharing invitation is sent.

 

ExternalExpiration_1.png

 

 

DLP restricted access (private preview)

To comply with business standards and industry regulations, you need to protect sensitive information and prevent its inadvertent disclosure. Recognizing that need, we’re introducing new security control that blocks external sharing of files uploaded to OneDrive and SharePoint until a DLP scan has been completed to prevent overexposure of sensitive information and compliance with the sharing and sensitivity policies set by the tenant administrator.

 

DLP restricted sharing (private preview Q3 CY19)

Your organizations want to allow easy sharing with anonymous links, however, at the same time once a file is scanned by DLP (Data Loss Prevention) and flagged as sensitive then it is critical to block any anonymous access and sharing for that file. This new DLP condition allows you to achieve this need.

 

DLPSharingBlock_1.png

 

 

OneDrive restricted user access (private preview)

When working with partners and collaborators, it often becomes necessary to invite them into your corporate intranet to collaborate in Teams, Yammer, and other apps across Microsoft 365.  Restricted user access for OneDrive allows you to invite external collaborators to your intranet to access documents, conversations, and more; however, prevents those users from creating OneDrive sites or accessing content stored on individual users OneDrive sites.

 

Want an early start with these new and upcoming security and compliance capabilities?

Nominate your business for our private previews at https://aka.ms/spc19SecurityPreviews.

SharePoint Admin Center Improvements

What's coming in this release? 

The new SharePoint admin experience provides a completely revamped SharePoint admin center that draws heavily on our modern principles… an administrative console designed to help IT achieve more, so their users can achieve more. If you’ve enjoyed using the new SharePoint admin center up until today, the new SharePoint admin center will become the default experience for administering SharePoint Online. While we believe the simplicity and control available in the new SharePoint admin center provides the best management experience with SharePoint, we recognize that some customers may have process or requirements developed around the classic SharePoint admin experience.  With that said, we'll continue to offer the ability to revert to the classic experience as needed. 

 

The SharePoint Online Admin Center is evolving, and in the upcoming release we will introduce significant improvements in management, including configuration of sharing, sites, and more.

 

Consolidated Views (available soon)

Now in the new SharePoint admin center experience you can manage both settings related to modern SharePoint experiences in addition to access to classic features which means you no longer need to work across two discrete admin experiences to manage settings across modern and classic settings.

 

ConsolidatedViews_1.png

 

 

Bulk Actions (available soon)

Additional improvements to the new SharePoint admin center experience provides support for performing bulk actions against a collection of site.  These actions in this release include updating the site’s sharing configuration, performing hub site association, in addition to deleting sites.

 

BulkActions_1.png

 

 

Site rename (available soon)

Site rename has been one of the most popular requests via UserVoice– now in the SharePoint admin center you can rename site Urls.  So for example, if you have a site https://contoso.sharepoint.com/sites/Develpment, using the SharePoint admin center you can rename the site Url to correct the incorrect spelling of “Development”.

 

SiteRename_1.png

 

 

These changes are opaque, meaning that access requests to the old Url are redirected – so users will not need to have to update their links. 

 

Improved Sharing Controls (available soon)

Improvements to the sharing controls in the SharePoint admin center provide both simplicity and flexibility to ensure the right people have access to the right information, at the right time.

 

SharingControls_1.png

 

 

SharePoint Site Swap (Coming Soon)

In addition to these improvements to the SharePoint admin center, we’re also introducing new Windows PowerShell cmdlet (invoke-spositeswap) that allows you to replace the root site within a tenant, e.g. https://contoso.sharepoint.comwith an existing site, such as https://contoso.sharepoint.com/sites/<site>.

 

SharePoint Migration Tool Improvements

Designed to be used for migrations ranging from the smallest set of files to a large scale enterprise migration, the SharePoint Migration Tool will let you bring your information to the cloud and take advantage of the latest collaboration, intelligence, and security solutions with Office 365.

 

Over the past several months we’ve been continually working to add features to the SharePoint Migration Tool to help you accelerate your journey to Microsoft 365, from support for metadata service migrations, to incremental improvements to the user experience – the SharePoint Migration Tool is designed to support migrations of all sizes. We’re adding some exciting new improvements to help you on your journey to the cloud announced at the SharePoint Conference.

 

SharePoint Server 2013 Site Migration (available now)

Earlier this year we announced support for SharePoint Server 2013 full site migrations as preview.  We’re pleased to announce that today, these capabilities are now generally available. Site migration support provides a comprehensive solution for migrating your SharePoint Server 2013 sites and their settings and content to include:

  • Document lists and libraries
  • SharePoint list templates (see supported list here)
  • "Out of the Box" SharePoint sites - sites that do not use any coding or 3rd party tools **
  • Navigation and icons
  • Site description
  • SharePoint web parts (see supported list here)
  • Pages, including any pages in site asset library
  • Managed metadata, including content types and term stores. Migration of global term store requires Global Tenant Admin permissions.

 

 

 

 

Language Improvements

The SharePoint Migration Tool has now been localized across 11 language including English.  New language support includes:

  1. Chinese (Simplified and Traditional)
  2. French
  3. German
  4. Italian
  5. Japanese
  6. Korean
  7. Portuguese
  8. Russian
  9. SpanishSPMT_1.png

     

SharePoint Server 2010 Migration Support (Preview)

October marked the beginning of the 24-month countdown before SharePoint Server 2010 reaches end of extended support.  It’s not too late to start planning an upgrade or migration to the latest version of SharePoint whether your plans are on-premises, in the cloud, or somewhere in between. Now when using the SharePoint Migration Tool you can start migrating your content from SharePoint Server 2010 to Office 365.

 

It’s hard to believe it’s been over 9 years since we announced SharePoint Server 2010 at our first SharePoint Conference outside of Seattle, SharePoint Conference 2009 held in Las Vegas, Nevada on October 20th, 2009 at the Mandalay Bay with the keynote delivered by Steve Ballmer. 

Get started with the SharePoint Migration Tool now at https://aka.ms/SPMT.

Getting started…

Innovation in the cloud drives tremendous business value, and it delivers new capabilities to the IT professionals who work tirelessly to support, configure, administer, and secure their organizations' content and services.  Office 365 empowers you to support sophisticated requirements for security and compliance, to manage day-to-day operations, and to maximize the value of Office 365 to people in your organization.   

 

Learn more about how we secure your data with SharePoint and OneDrive in Microsoft 365 and how customers are achieving success at https://aka.ms/SharePoint-Security.

 

29 Comments
Brass Contributor

Are you able to clarify on your reference, under the Site Rename heading, to the UserVoice request regarding the change to the initial domain of an O365 tenant? What you described addresses URL adjustments further along in its path, not the root.

Site rename (available soon)

Site rename has been one of the most popular requests via UserVoice– now in the SharePoint admin center you can rename site Urls.  So for example, if you have a site https://contoso.sharepoint.com/sites/Develpment, using the SharePoint admin center you can rename the site Url to correct the incorrect spelling of “Development”.

The latest response from Matthew Carlson on the UserVoice request, on May 7, explicitly identified that work is being done to change the organization subdomain. He did end by noting the feature you mentioned above where renaming a site collection is part of that solution. It's a long time coming and I can appreciate the technical challenges surrounding it. Many of us are hopeful this will become a reality in the not-so-distant future.

 

This is looking like a big week and so happy it has made its return. Lots of exciting sessions outlined.

Copper Contributor

Where's the Sharepoint 2016 migration support?

NOTE Search and other collaborative features do not work in this preview.  

Come on... When will we finally get proper support for RMS/AIP in SharePoint?

Hi, the link for the preview invite seems to be broken. Really excited about these news.

Hi @Petr Vlk, found out the same issue. After fiddling around, it seems you can use the https://aka.ms/spc19SecurityPreviews link. Both are redirecting to the private preview sign-up form. Registered myself already! Regards Bram

Microsoft
 
Is the Sensitivity Labels for SharePoint sites (private preview) announced yesterday at SharePoint conference the same sensitivity label for SPo sites feature that was announced in Sept 2018 Ignite session BRK2100 - Best in class Security and Compliance with SharePoint and OneDrive    (23:40 – 24:30 mark) ? 
Deleted
Not applicable

Available Soon ???? Couldn't it be more specific?

Iron Contributor

I'd love to know if "SharePoint now supports Sensitivity labels with Protection" means that eventually the RMS-protected files will be possible to retrieve & edit by Microsoft Graph API (e.g. reading/editing rows in an encrypted Excel file sitting on SharePoint with Excel Graph API).

Copper Contributor

Not being able to convert a classic site to a modern site is the reason we still run classic sites to this day despite moving 100% of our environment to Office 365 five years ago.  Enabling modern pages on a classic site is incomplete.  We have painfully migrated some sites to modern, but our root home page for our tenant, the most popular page, remains an OLD classic SharePoint page.   Thus, modern sites are useless to us until we get our home page converted.  We are still waiting for the convert to communication site PS command that was announce last year.  This concept of swapping out the root site of a tenant is perfect!  However, "Coming Soon" means nothing to me and actually irritates me.  We've been in a coming soon state since Modern Pages was announced.  Until I can convert the root of my tenant, modern pages remains out of reach for us.  

Steel Contributor

I have a question regarding this announcement:-

SharePoint Site Swap (Coming Soon)

In addition to these improvements to the SharePoint admin center, we’re also introducing new Windows PowerShell cmdlet (invoke-spositeswap) that allows you to replace the root site within a tenant, e.g. https://contoso.sharepoint.comwith an existing site, such as https://contoso.sharepoint.com/sites/<site>.

 

so we still will not be able to convert our current classic ROOT team site which contain data and lists to be a communication site? as the announcement is saying that we can only swap existing site with the root, but in our case , we already have many lists and libraries on the root ,, so will we be able to convert the classic root site to be a communication modern site?

Copper Contributor

https://twitter.com/williambaer/status/1136721189177401344

 

"Root, e.g. <name>.sharepoint.com would constitute tenant rename which is on our roadmap. We’ll be sharing more at #MSIgnite on this scenario."

Iron Contributor

External access expiration (preview Q3 CY19)

Regrading this feature, I am assuming that this will be also available if you set the restriction level to "new and existing users" instead of "Anyone". I am also hoping that Microsoft Teams will also have this feature as we would like to open Teams and SharePoint to our B2B customers.

Copper Contributor

Hi Team

I am not able to see the updates listed out in the above section. The admin center view of my E5 tenant is not similar to the views listed out using screenshots. A couple of features like site renaming, sensitive label applications to the site which have a release date of June 2019 are still not visible. Am I missing out on pre-requisites for the same? Can some one guide me through?

Thanks

Brass Contributor

any timeline information when "Sensitivity labels with Protection" Preview Program will be launched?

Copper Contributor

I'm also curious when the sensitively labels with protection preview will be available. 

Iron Contributor

@Bill Baer Is there a timeline for implementing these features? Similar to @Shweta Tuli we don't have Sensitivity Labels for sites (nor the site url rename) on a E5 EMS+M Tenant.

It is important to be able to apply a Sensitivity label (or using Azure Information Protection in Cloud App Security) along with a Retention label. Currently they conflict - AzIP Classification does not apply to content that is labeled for retention. DLP applied with retention is not possible in our case, as the "top secret" sensitive info type is not available from the selection. 

We are trying to achieve this:

We have one site, where we need to store highly confidential information (all documents, regardless the info inside.) Users that have access to this content should not be able to print it. Other roles of users should only see that the document is there with its metadata, but not able to read the documents. The documents in this library have two content types that have different retention policies. SharePoint IRM does not work, as it is hard for people to preview the content. We are trying to achieve this with the new licensing provided from Microsoft.

Is there a How-to document that guides on a solution? @Vasil Michev any feedback will be appreciated. 

Thank you!

Svetlana

Copper Contributor

We need to be able to change our Tenant Name or use an alternate access mapping for our SharePoint/Power Apps sites to be consistent with our company branding.  When will this be available?  https://twitter.com/williambaer/status/1136721189177401344

 

Every month for the past year, I've been filling out this form and have received no response: https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR3mvZQT1De5Nthy3NUA-wYBUQzU...

 

I can appreciate the complexity, but when with Tenant Rename be a real possibility?  Here is the user voice page, with 4,000+ votes on this over the past several years:  https://sharepoint.uservoice.com/forums/329214-sites-and-collaboration/suggestions/13217277-enable-r...

 

Thank you!

I think that the rename still will not be full right now if you have some of these services connected.

Brass Contributor

Hi, any updates on Sensitivity labels? Have not found anything on the roadmap - https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=sensitivity#owRoadmapMain... 

Iron Contributor

@Bill Baer has there been any updates to this? Is it possible to add a subscription to the Private Preview at this stage?

Copper Contributor

@Bill Baer We need to be able to change our Tenant Name or use an alternate access mapping for our SharePoint/Power Apps sites to be consistent with our company branding.  When will this be available?  https://twitter.com/williambaer/status/1136721189177401344

Copper Contributor

@Bill Baer  When can we expect the real-time co-authoring support for documents protected with Information Rights (IRM) or Rights Management Service (RMS).

 

Currently, we cannot create or edit documents in an IRM-enabled library using Office Online. Instead, one person at a time can download and edit IRM-encrypted files using check-in and check-out to manage co-authoring , or authoring across multiple users.

Copper Contributor

It's almost the end of 2019 and we are still trying to find out the status of being able to rename a SharePoint site URL (name.sharepoint.com) or use an alternate access mapping (cname) for (name.sharepoint.com).  We've been checking the following sites each month, when is Microsoft going to fix this?

 

https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/10285887-make-is-possible...

https://sharepoint.uservoice.com/forums/329214-sites-and-collaboration/suggestions/13217277-enable-r...

 

Every month for the past year, I've been filling out this form and have received no response: https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR3mvZQT1De5Nthy3NUA-wYBUQzU...

 

Copper Contributor

Hello Microsoft, any update on this?  Thank you,

Brass Contributor

This article should definitely be updated. 

What's the status?

Copper Contributor

Any updates sharepoint migration security on this? Really need this!!!

Copper Contributor

Hello Microsoft, any update on when we will be able to rename a SharePoint site URL (name.sharepoint.com) or use an alternate access mapping (cname) for (name.sharepoint.com).  We've been checking the following sites each month, when is Microsoft going to fix this?

https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/10285887-make-is-possible...

https://sharepoint.uservoice.com/forums/329214-sites-and-collaboration/suggestions/13217277-enable-r...

Copper Contributor

Hello Microsoft, just checking if there has been any update on the renaming of the Office 365 tenant or SharePoint site.  Thank you.

Version history
Last update:
‎May 26 2019 06:09 AM
Updated by: