SharePoint governance starts with a 600-page document. At our 30-person company, we need a 40-person SharePoint Governance committee, and nobody can determine why a housekeeper has access to the governance document.
Have you heard this type of statement? We most certainly have. In this session, Toni will bust myths like these by providing a workable approach to SharePoint governance in small and large enterprises. We will talk about setting policies as well as what makes sense and what doesn’t. We will break down the governance plan and examine its pieces. Most importantly, we will talk about implementing these policies based on real-life use cases, where no one reads 600-page documents.
Session highlights:
- Developing a workable governance plan
- Setting realistic governance policies
- Automatizing policies implementation
How to Troubleshoot Apps for the Modern Connected Worker
SharePoint Governance: stories, myths, legends and real life
1. SharePoint Governance: stories, myths,
legends and real life
Toni Frankola
@tonifrankola
SharePoint MVP
Acceleratio Ltd,. Croatia
2.
3. Grant, add
Delete, remove
Clone, transfer
Generate entire SharePoint
documentation, check the
custom solutions, save farm
deployment.
Analyze and manage
permissions live: clone,
transfer, create groups, add
or remove users.
Monitor farm health, track
changes and compare.
Report on site contents and
audit farm setup.
One solution for all your SharePoint troubles…
Farm Assessment Permissions Farm Audit
Save time! Single console!
Validate!
4. Explore and compare
SharePoint Online
permissions.
Review all your Office 365
tenants, licenses and
subscriptions.
Track changes
and monitor users
Exchange Online data.
Groups
Users
Administrators
One tool for entire Office 365…
Tenant Overview Permissions Reports
Review all! Save time! Examine!
Compare
5. The size of digital universe
4 ZB
2013
44 ZB
2020
6.
7. OneDrive storage plans change in pursuit of
productivity and collaboration
…a small number of users backed
up numerous PCs and stored
entire movie collections and DVR
recordings. In some instances, this
exceeded 75 TB per user or
14,000 times the average.
8. The goals for this session
• Demystify SharePoint Governance
• Rules for governance plan
• Forming a governance team
• Creating a sample governance plan
• Policy / Responsibility / Process
• 4 examples of processes for implementing policies
9. FACT: NOBODY REALLY LIKES GOVERNANCE
• Time consuming
• Costly
• Outcome is difficult to measure
10. Why don’t we do SharePoint governance?
• SharePoint Governance is only important for large deployments.
• SharePoint Governance is a book. A big book.
• We don’t have people for real governance board.
• Governance is nothing more than consultancy hours
11. What is SharePoint Governance?
Governance is the set of policies, roles,
responsibilities, and processes that control how
an organization's business divisions and IT teams
work together to achieve its goals.
(Microsoft)
12.
13. IT Management, 2
Information management, 4
Security management, 3
Application management, 5
0
1
2
3
4
5
6
Low Medium High
GOVERNANCEEFFORT Governance effort per SharePoint maturity
14. Typicalamountofgovernance
Proportion of site types in a typical environment
Central published site (Intranet
home page)
Departmental site
Group and team sites
Projects and workspaces
Personal sites (My Sites)
Governance and Site Types
15. SPGovernance A. IT Governance (S+S)
A1. Security, infra, and web app policies
A2. Data protection (backup + rec)
A3. Site policies
A4. Quotas
A5. Asset classification
B. Information management (content)
B1. Architecture
B2. Access
B3. Management tools
C. Application management (Custom
Solutions)
C1. Customization policy
C2. Branding
C3. Custom Solutions / Apps
17. A1. Security, infra, and web app policies
• How is the system and infrastructure maintained?
• Hardware, Software, Updates, Services Running
• Who has access at what levels?
• Privileged Access
• Permissions
(a topic for a dedicated conference)
18. A1-A. Deployment governance
• Track installations
Use AD.
• Block installations
SP, SPD, InfoPath
• Keep current with software updates
Keep your servers current. Test and install recommended software updates.
• Site collection upgrades
Site collections can now be upgraded independently from the content databases.
19. A1-B Permissions
• Share with external users (who and what)
• SharePoint Groups (when and how many)
• AD groups
• Clean up and testing
20. A2. Data Protection
• Backup and restore
• Frequency
• Level
• Software boundaries and limits for SharePoint (2007/2010/2013)
Limit Maximum value Limit type Notes
Number of content databases 500 per farm Supported The maximum number of content
databases per farm is 500.
Content database size (general
usage scenarios)
200 GB per content
database
Supported The default file size is 50 MB, which can be
increased to a maximum of 2 GB.
Content database size (all usage
scenarios)
4 TB per content database Supported Content databases of up to 4 TB are
supported*
21. A3. Site policies
• Site Lifecycles
• Site Deletion
• Site Creation
• Management
22. A4. Quotas
• How much data can be stored in a site collection
• Maximum size of uploaded files
• Database growth predictions
24. C. Application management
(Custom Solutions)
Proces for piloting and testing solutions
Guidelines for packaging and deploying customizations
Guidelines for updating customizations
Approved tools for customizations
25. C2. Lifecycle management
Development Pre-production Production
Test new and updated
apps and solutions
Control source code
and use versioning
Keep environments in
sync to get best results
from testing
Sync Sync
28. “We just want to collaborate”
Creating SharePoint artifacts without a plan
(Infrastructure, Information Architecture)
No Enterprise Content Management
No permissions concept, archiving, no retention
SharePlosion
(can happen with relatively small amounts of content)
29. How did this happen?
Inadequate
infrastructure
No information
architecture
No security
concept
Wild
customizations
No proper
training
Governance hell
30. What is SharePoint Governance?
Governance is the set of policies, roles, responsibilities, and processes that control how an
organization's business divisions and IT teams work together to achieve its goals.
(Microsoft)
Policy Role / Responsibility Process
CDB cannot contain
more than 20 SCs
Farm Admin
Weekly: Create CDBs
/ Move SCs / Delete
SCs
31. Myth 2: The Governance Plan
The SharePoint Governance Plan is a guidebook outlining the
administration, maintenance, and support of X Corporation’s
SharePoint environments. It identifies lines of ownership for both
business and technical teams, defining who is responsible for what
areas of the system. Furthermore it establishes rules for appropriate
usage of the SharePoint environments.
Microsoft SharePoint Governance Template
Myth 2: The Governance Plan
32. Governance plan
• Small and concise
• Bullets, posters
• Wiki
Policy
Role /
Responsibility
Process
34. Your governance plan
Don’t try to cover everything.
Make sure that the Governance Body has authority to
decide and react quickly.
35. Myth 3: The Governance Body
We recommend that you create a team from various disciplines across
your organization to develop and maintain these policies. Include people
from as many roles as possible.
Microsoft Technet
42. Real world example
• Auto-provisioned from external system (CRM)
• 200-10000 documents (avg. 500)
• 24 Security Groups
• 4 groups with prepopulated membership (CRM)
• “Nested” through group owners
• Hierarchical permissions management
• “Managers” can break permission inheritance
• 60 Content types. CT Inheritance
• Records management (InPlace + DM)
• Site policies according to Project Lifecycle
RE FARM
45. IT/SP Management
Policy Role/Responsibility Process
Measure network
latency
Network latency
cannot be larger than X
Chief Network
Administrator, Mr. John
Smith
Tool X will be configured to
automatically measure network
latency in 10-days intervals. If
latency is larger than X...
SP Logs Hard drives
size
Drive partitions where
log drives are stored
cannot be used more
than 75%
Chief Network
Administrator, deputy Mr.
Adam Doe
SC will be configured to monitor
drives, and to archive logs...
SP Health check Regular SP Farm health
check
Chief Network
Administrator, Mr. John
Smith
Tool X will be used to...
SP Best practices Regular SP Best
Practices monitoring
Chief Network
Administrator, Mr. John
Smith
A tool will be used to automatically
monitor SP Best Practices every
week and to report
47. Infrastructure / SharePoint
Policy Role/Responsibility Process
Best Practice SharePoint Logs have
to be stored on a
separate drive
Chief Network
Administrator, Mr. John
Smith
Best Practices check to determine if
Logs are in proper location
Best Practice Loopback Check
disabled
Chief Network
Administrator deputy Mr.
Adam Doe
Best Practices check to determine if
loopback check is configured
properly
48. SharePoint Best practices
• Microsoft TechNet
• PowerShell / Central Admin
• SPDocKit SharePoint Best Practices Portal
https://bp.spdockit.com
49.
50. Challenge 2: Dead content
• Documents not accessed
• Documents whose authors are not....
51. Information Management
Policy Role/Responsibility Process
Site structure Project sites can
contain only
predefined libraries
Chief Network
Administrator, Mr. John
Smith
Use SharePoint Manager, or
PowerShell script A, to identify
project sites with custom document
libraries
Dead content Dispose of the content
that is unused since 6
months
Chief Network
Administrator deputy Mr.
Adam Doe
Once a month use PowerShell to
locate content which is not used
since 6 months, and inform the
content owners...
Sites in retention Regular SP Farm health
check
Compliance officer, Ms
Anna Smith, Chief
Network Administrator...
PowerShell Script X will be executed
every Monday which finds the site
collections that...
Content types Content types are
provisioned only
through the CTH
Taxonomy officer, Ms
Jane Smith, Chief
Network Administrator...
PowerShell Script Y will be executed
every Monday which iterates the
site collections...
52. Challenge 3: Permission governance
• Reporting permissions for sites and users
• SharePoint Group and Permission level management
• Permission inheritance
53. Permissions and security
Policy Role/Responsibility Process
Item level permissions No item level
permissions are
enabled in the
“Reports” library
Chief Network
Administrator X,
Compliance Officer Y
Develop security event receiver that
prevents breaking permissions on
the item level in the document
library “Reports”
Auditors Every six months,
enable auditing
process on the
“Reports” library
Chief Network
Administrator X,
Compliance Officer Y
On demand, use code to create
Permission Level and SharePoint
Group for Auditors, so they can
access content in the “Reports”
library
External Users
(Microsoft Account)
External users are not
allowed in library
“Reports”
Chief Network
Administrator X,
Compliance Officer Y
PowerShell Script X will be executed
every day which finds and removes
external users...
Group Owners Project Managers SP
Group is owner of all
other SP Groups
Chief Network
Administrator X,
Compliance Officer Y
PowerShell Script Y will be executed
every Monday which iterates the
site collections...
55. Applications
Policy Role/Responsibility Process
Custom code policy
in portal site
In the portal site, only
apps are allowed
Chief Network
Administrator, Mr. John
Smith
No server side custom code is
allowed for deployment in the
portal web application. Every 7
days, PowerShell script A will
detect...
Server side code in
project sites
All server side code in
project sites must be
approved
Head of Development,
Ms Samantha Doe
Before installation of any server
side package SPCop / SPCAF will be
used for code quality check
.NET 3.5 workflows No .NET 3.5 workflows
allowed – only WM or
K2...
Head of Development,
Ms Samantha Doe
PowerShell Script Y, run once a day,
will be used to iterate site
collections and detect and
deactivate Workflows...
56. Code quality and tools
Coding conventions (your own or Microsoft’s)
StyleCop (stylecop.codeplex.com)
SharePoint server side code quality
SPDisposeCheck
SPCAF (www.spcaf.com)
57. Real world use case
• Infrastructure provisioning
• Content provisioning and management
• Responsibilities, roles and permissions
• ECM Policies (Records + Site Policies)
Governance Plan
(24 pages)
• Project Sponsor
• Project lead
• Enterprise Architect
• Software Architect
Governance Body
58. • Governance is necessary for small and large deployments
• Demystify governance, keep it straightforward
• Keep focus on implementation (processes)