Updates to SharePoint security, administration, and migration

May 21, 2019
The original article is published on the Microsoft Tech Community SharePoint Blog.

Bill Baer

Senior Product Manager

@williambaer

 

In Microsoft 365, we take security and compliance seriously, helping you manage security concerns in an ever-evolving technology world that’s constantly under threat.

 

Today at the SharePoint Conference we demonstrated that commitment with innovation to help you protect your identities and your information.

 

Jump to section:

Security and compliance updates

SharePoint admin center updates

SharePoint Migration Tool Updates

 

Security and Compliance News

Multi-geo capabilities for SharePoint and Office 365 Groups (available now)

Multi-geo capabilities for SharePoint and Office 365 are designed to meet even the most complex data residency requirements. Today we announced multi-geo capabilities for SharePoint and Office 365 Groups are generally available, which means you can get started right away.

These new multi-geo capabilities allow you to store your SharePoint and Office 365 Groups mailbox/sites data in one or more worldwide locations to satisfy data sovereignty requirements specific to those locations.

 

MultiGeo_1.png

 

In addition to announcing that SharePoint and Office 365 Groups multi-geo capabilities are generally available, we’re reducing the licensing requirement to 500 users for multi-geo support effective June 1st2019, so that mid-size organizations can benefit from the world class security and compliance capabilities in Microsoft 365.

 

Learn more about Multi-Geo capabilities in Office 365 and see it in action on Microsoft Mechanics.

 

 

Sensitivity Labels for SharePoint Sites (private preview)

Across your organization, you probably have different types of content that require different security controls to comply with industry regulations and internal policies. 

 

SiteLabels_1.png

 

Using Sensitivity Labels you can now apply consistent security and access policies to SharePoint sites based on the sensitivity of the site. You can create sensitivity labels and associate them with policies in the Microsoft 365 Security and Compliance Center. You can then apply these labels to files, emails, groups, sites and teams to automatically enforce consistent policies across your content.

If you’re interested in participating in our private preview program let us know here.

 

SharePoint now supports Sensitivity labels with Protection (private preview)

SharePoint now supports Sensitivity labels with Protection (private preview)

Security shouldn’t get in the way of collaboration…. Balancing the needs of people with those of IT ensures an organization can meet strict security requirements without sacrificing productivity.  Microsoft Information Protection has been allowing you to label and protect sensitive documents. Starting now, we are adding support such that Office files protected with Sensitivity Labels in Microsoft 365 share the same collaborative capabilities in SharePoint and OneDrive as files that are not protected with Sensitivity Labels.

 

With this preview, we are enabling these features: 

  • SharePoint Online service supports Azure Information Protection encryption on document upload, understands label policies applied to the document, and applies label permissions to document open when the document is in SharePoint or OneDrive.
  • When the document is downloaded from SharePoint or OneDrive, the document is protected by the label, so the protection continues to travel with the document.
  • Users can now open, edit and co-author a protected document in Office Online if the label policy allows. 
  • Office 365 eDiscovery supports full text search of protected documents. Data Loss Prevention (DLP) policies can now work with the contents of these documents (such as credit card numbers within documents).

NOTE Search and other collaborative features do not work in this preview.  

 

ProtectedFiles_1.png

 

External access expiration (preview Q3 CY19)

Partners, suppliers, collaborators – we all need to work across boundaries when it comes to completing tasks, but we need to do so securely and with confidence.  With tenant-scoped external sharing expiration a tenant administrator can specify how long external users can have access to sites and their content that is shared with them.  Once the maximum configured period of time for external sharing links has been met as set by the tenant administration, the external user will no longer have access to the site or content unless their access is extended by the site owner or a new sharing invitation is sent.

 

ExternalExpiration_1.png

 

 

DLP restricted access (private preview)

To comply with business standards and industry regulations, you need to protect sensitive information and prevent its inadvertent disclosure. Recognizing that need, we’re introducing new security control that blocks external sharing of files uploaded to OneDrive and SharePoint until a DLP scan has been completed to prevent overexposure of sensitive information and compliance with the sharing and sensitivity policies set by the tenant administrator.

 

DLP restricted sharing (private preview Q3 CY19)

Your organizations want to allow easy sharing with anonymous links, however, at the same time once a file is scanned by DLP (Data Loss Prevention) and flagged as sensitive then it is critical to block any anonymous access and sharing for that file. This new DLP condition allows you to achieve this need.

 

DLPSharingBlock_1.png

 

 

OneDrive restricted user access (private preview)

When working with partners and collaborators, it often becomes necessary to invite them into your corporate intranet to collaborate in Teams, Yammer, and other apps across Microsoft 365.  Restricted user access for OneDrive allows you to invite external collaborators to your intranet to access documents, conversations, and more; however, prevents those users from creating OneDrive sites or accessing content stored on individual users OneDrive sites.

 

Want an early start with these new and upcoming security and compliance capabilities?

Nominate your business for our private previews at https://aka.ms/spc19SecurityPreviews.

SharePoint Admin Center Improvements

What's coming in this release? 

The new SharePoint admin experience provides a completely revamped SharePoint admin center that draws heavily on our modern principles… an administrative console designed to help IT achieve more, so their users can achieve more. If you’ve enjoyed using the new SharePoint admin center up until today, the new SharePoint admin center will become the default experience for administering SharePoint Online. While we believe the simplicity and control available in the new SharePoint admin center provides the best management experience with SharePoint, we recognize that some customers may have process or requirements developed around the classic SharePoint admin experience.  With that said, we'll continue to offer the ability to revert to the classic experience as needed. 

 

The SharePoint Online Admin Center is evolving, and in the upcoming release we will introduce significant improvements in management, including configuration of sharing, sites, and more.

 

Consolidated Views (available soon)

Now in the new SharePoint admin center experience you can manage both settings related to modern SharePoint experiences in addition to access to classic features which means you no longer need to work across two discrete admin experiences to manage settings across modern and classic settings.

 

ConsolidatedViews_1.png

 

 

Bulk Actions (available soon)

Additional improvements to the new SharePoint admin center experience provides support for performing bulk actions against a collection of site.  These actions in this release include updating the site’s sharing configuration, performing hub site association, in addition to deleting sites.

 

BulkActions_1.png

 

 

Site rename (available soon)

Site rename has been one of the most popular requests via UserVoice– now in the SharePoint admin center you can rename site Urls.  So for example, if you have a site https://contoso.sharepoint.com/sites/Develpment, using the SharePoint admin center you can rename the site Url to correct the incorrect spelling of “Development”.

 

SiteRename_1.png

 

 

These changes are opaque, meaning that access requests to the old Url are redirected – so users will not need to have to update their links. 

 

Improved Sharing Controls (available soon)

Improvements to the sharing controls in the SharePoint admin center provide both simplicity and flexibility to ensure the right people have access to the right information, at the right time.

 

SharingControls_1.png

 

 

SharePoint Site Swap (Coming Soon)

In addition to these improvements to the SharePoint admin center, we’re also introducing new Windows PowerShell cmdlet (invoke-spositeswap) that allows you to replace the root site within a tenant, e.g. https://contoso.sharepoint.comwith an existing site, such as https://contoso.sharepoint.com/sites/<site>.

 

SharePoint Migration Tool Improvements

Designed to be used for migrations ranging from the smallest set of files to a large scale enterprise migration, the SharePoint Migration Tool will let you bring your information to the cloud and take advantage of the latest collaboration, intelligence, and security solutions with Office 365.

 

Over the past several months we’ve been continually working to add features to the SharePoint Migration Tool to help you accelerate your journey to Microsoft 365, from support for metadata service migrations, to incremental improvements to the user experience – the SharePoint Migration Tool is designed to support migrations of all sizes. We’re adding some exciting new improvements to help you on your journey to the cloud announced at the SharePoint Conference.

 

SharePoint Server 2013 Site Migration (available now)

Earlier this year we announced support for SharePoint Server 2013 full site migrations as preview.  We’re pleased to announce that today, these capabilities are now generally available. Site migration support provides a comprehensive solution for migrating your SharePoint Server 2013 sites and their settings and content to include:

  • Document lists and libraries
  • SharePoint list templates (see supported list here)
  • “Out of the Box” SharePoint sites – sites that do not use any coding or 3rd party tools **
  • Navigation and icons
  • Site description
  • SharePoint web parts (see supported list here)
  • Pages, including any pages in site asset library
  • Managed metadata, including content types and term stores. Migration of global term store requires Global Tenant Admin permissions.

 

 

 

 

Language Improvements

The SharePoint Migration Tool has now been localized across 11 language including English.  New language support includes:

  1. Chinese (Simplified and Traditional)
  2. French
  3. German
  4. Italian
  5. Japanese
  6. Korean
  7. Portuguese
  8. Russian
  9. SpanishSPMT_1.png

     

SharePoint Server 2010 Migration Support (Preview)

October marked the beginning of the 24-month countdown before SharePoint Server 2010 reaches end of extended support.  It’s not too late to start planning an upgrade or migration to the latest version of SharePoint whether your plans are on-premises, in the cloud, or somewhere in between. Now when using the SharePoint Migration Tool you can start migrating your content from SharePoint Server 2010 to Office 365.

 

It’s hard to believe it’s been over 9 years since we announced SharePoint Server 2010 at our first SharePoint Conference outside of Seattle, SharePoint Conference 2009 held in Las Vegas, Nevada on October 20th, 2009 at the Mandalay Bay with the keynote delivered by Steve Ballmer. 

Get started with the SharePoint Migration Tool now at https://aka.ms/SPMT.

Getting started…

Innovation in the cloud drives tremendous business value, and it delivers new capabilities to the IT professionals who work tirelessly to support, configure, administer, and secure their organizations' content and services.  Office 365 empowers you to support sophisticated requirements for security and compliance, to manage day-to-day operations, and to maximize the value of Office 365 to people in your organization.   

 

Learn more about how we secure your data with SharePoint and OneDrive in Microsoft 365 and how customers are achieving success at https://aka.ms/SharePoint-Security.

 

Discuss this article in the Microsoft Technical Community.