SharePoint Security: The Best Practices Guide for 2022

SharePoint Security: The Best Practices Guide for 2022

For the past few years, the issue of security has been a major concern  — not only for organizations —  but also for individuals.

In fact, it has now become an important practice that everyone has now known better to adopt — especially if you have diverse SharePoint sites tailored to meet different purposes.

Each site is built to consciously fulfill that need for security. You don’t want to be part of a system that is prone to hack or can have its content easily saturated to the public.

In this article, you will learn about making and maintaining the best practices for security as you use Microsoft SharePoint.

Let’s get started.

How to better secure your SharePoint site

While some common practices for security are known such as locking your computer while you’re away, being wary of suspicious emails, and using secure wifi connections, there are those that may seem peculiar to you.

Read on as we discuss these practices:

1. Beware of the new “Share” permission feature

One of the newly introduced functions of SharePoint Online is its ability to share almost anything with a single link.

Users belonging to any particular site can decide to share media contents, files, and even lists and libraries.

Users can share SharePoint files to others with a single link

The only limitations to this are the permission levels of the user. Furthermore, sharing can also be done externally, that is, to those not belonging to the organization.

While sharing allows the interdisciplinary collaboration of members on a project, this function comes with potential risks and must be used with extreme caution.

Anyone who wants to share anything must be well aware of the contents they share and the possible security risks that these shared contents can pose to the organization.

2. Make use of Groups for user management

SharePoint allows collaborators to be grouped and to work in these groups. These groups allow users belonging to it to be assigned different tasks and have common privileges.

This makes grouping users one of the best practices in SharePoint security as this not only classifies members under one umbrella but this makes managing permissions more efficient too.

Control how things in this site can be shared and how request access works

One key thing to note with Groups is that changes made to the Groups permissions affect all users.

This means that if you need to change the permission level, you can tweak the group permission settings instead of diving down on each user’s accounts.

Since you can easily move one member from one group to another, this method of managing security is more efficient and manageable.

3. Avoid document or item level permissions

Contrary to managing group-level permissions, some users manage permissions at a lower level (like for each document or each item instead).

Yes, it’s quite easy to set permissions at the file level. Unfortunately, there are numerous potential problems that might arise from this approach.

Send link and manage access of individual files

For one, it will be close to impossible to monitor all shared items or documents, especially when you have so many sites to manage.

As you know already, SharePoint actively relies on the use of permission inheritance, and setting permission at low levels breaks this functionality.

In addition, you will not get a single list of all those individual accounts that you shared a file or two, which makes management and maintenance non-existent.

4. Get one administrator per site or site group

Like we discussed earlier, groups can be created, and administrators can be chosen for each group to oversee everything that goes on in their group.

Choosing administrators is a good security practice. But a better one is to keep only one administrator per site or site group.

Site admins have full control of the site and access to everything in it. They also have additional permissions, such as managing search and the recycle bin and enabling or disabling features.

This makes sure that the administrator is solely responsible for everything that goes on in the group.

Since there’s only one administrator, he or she will be held accountable for every sharing that goes on in the group.

The administrator has a higher privilege than the others and can set permission on what contents to share and what to keep private, which is why it’s important that you trust him or her.

5. Take advantage of Microsoft’s security features

Microsoft has some built-in security features that can help you improve the security of your account.

These features are also incorporated into the SharePoint system because of the increase in the number of people who now largely depend on it based on its flexibility.

Among these features, two are widely known and used — encryption and virus detection.


The Microsoft environment offers many levels of protection including — access security, data security, application security, physical data center security, and network security.

The encryption is largely divided into two phases, in-transit encryption and at rest encryption.

In transit

There are two cases in which data enters and leaves the data centers.

  • Movement of data between data centers: Data can be moved between data centers and the major reason this occurs is to enable disaster recovery for geo-replication. The encryption occurs when this data is being transmitted using a private network. Data transferred can include blob storage deltas and transaction logs
  • Server and client communication: Communications across the Internet generally are made using SSL/TLS connections. These SSL connections are secured using 2048-bit keys.

At rest

For the encryption of data at rest, there are two components involved — encrypting customer content with per-file encryption and the BitLocker disk-level encryption.

Both forms of encryption are available on the SharePoint online platform.

  • BitLocker encryption: This type of encryption encrypts all data in the storage.
  • Per-file encryption: As the name implies, this one encrypts each file with unique encryption. The encryption also goes further by encrypting every update that occurs on the file and the keys to every encryption that occurs are stored in a location separate from the encrypted content.

This encrypted content is usually stored across multiple containers within the data centers, with each container having its unique credential. The credentials, just like the encryption, are also stored in a different location.

Each encryption is made using a Federal Information Processing Standard (FIPS) 140-2 standard which is the Advanced Encryption Standard (AES) with 256-bit keys.

Virus detection

The detection of viruses is another feature that occurs on SharePoint Online. The feature checks every content that is within a site.

It’s usually automated and uses a highly sophisticated anti-virus engine to scan for malware and viruses.

The engine warns users of a site if it attempts to save any infected file to their local device, or do something shady on it.

Although the virus detection feature is good, it is often limited.

For instance, it does not check files that are larger than 25MB. It’s often a good idea to have a separate anti-virus detection software that can check larger files and can work offline.

6. Teach users about good security etiquettes

Apart from the added security features that SharePoint offers, users must also be aware of measures they have to personally take to avoid being a victim of security traps.

These common measures include:

  • Locking personal devices: With the increased involvement of personal devices in business transactions and organizational matters, it’s always a good idea to not only keep personal devices well but also lock them in case they get stolen or are temporarily accessed by foreign parties. Since SharePoint is a cloud-based feature, it can be easily accessed from any device. A step ahead is to keep these devices locked to prevent unauthorized access.
  • Logging off public devices: Yes, there are cases when our devices are out of reach or can’t be used due to one reason or the other. We usually resort to using public computers like hotels, business centers, and cybercafes. We must be careful, however, to make sure that we log off these devices as soon as we are done using them. This keeps the next user of that device from unexpected access to confidential individual and organizational matters.
  • Installing anti-virus software: Since SharePoint is largely operated online, there are possibilities of receiving files and contents that can be potentially harmful to our devices. Having a good anti-virus is a safe bet.
  • Using a strong password: Using a strong password is a must. A strong password often includes upper-case and lower-case letters, numbers, unique symbols, and is often of considerable length. It is also a good security practice not to use the same password across several platforms, and to also change your passwords after about 90 days.
  • Backing up important files: If your files are temporarily unavailable due to a virus attack, software update, or a hardware failure, a good security practice is to back up files that are important to you.

It’s also important to be more conscious and use more common sense. There are security breaches that can be safely avoided by simply using common sense.

For example, if someone sends you a text or an email using an unidentified address and asks you to go to a certain page and log in with your username and password, you can be sure this is phishing.

Sign up for exclusive updates, tips, and strategies

    SharePoint Security: Frequently Asked Questions

    Here are some questions you might be asking when it comes to SharePoint security:

    1. How secure is SharePoint?

    Microsoft SharePoint, coupled with Microsoft OneDrive, is protected with multiple layers of security, which makes SharePoint almost impenetrable to attack.

    SharePoint is stored in a Microsoft cloud-based storage, which is subject to different levels of protection including encryption, anti-virus, and anti-malware engines, 

    On the other hand, nothing is perfect. That is why you must consider applying the best practices you have read earlier.

    It’s always better to buff up security as much as possible and teach your users good security practices. Prevention is always better.

    2. How to manage permissions in SharePoint?

    Site admins can manage permissions to give people access or restrict a certain person from access to content.

    SharePoint works in an inheritance manner, that is, all sites inherit permission settings from the site that is directly above them in the hierarchy.

    Since groups are best used to manage permissions, here are the steps to create groups and to add users.

    First off, navigate to the site where you want to view or manage permissions.

    Once there, click on the gear icon on the upper-right side of the page to open the settings panel and click on “Site permissions”.

    Click the gear icon and select site permissions

    You will then need to go deeper. Click on the “Advanced permissions settings” link on the bottom part.

    Click on the advanced permission settings link

    The system will bring you to a classic-looking portal. On the ribbon above, click on the “Create Group” button.

    Click on the create group button on the ribbon

    This will open a page where you can create a group. Go through the fields and fill them out.

    SharePoint page where you can create a site group

    Now, on the bottom part, you will be able to specify the group permission to the site. You will see lots of choices there with a good explanation of what they do.

    Simply select the group permission you want to give and click on the “Create” button to finish it up.

    Select a group permission level first and click on the create button

    After that, the system will bring you to the group page, where you can add new members and even change the settings of that page.

    To add new members, click on the “New” button in the toolbar where you will be able to invite people to the group.

    Enter the names or email addresses of the users you want to invite and you can even include your own personal message.

    Then, click on the “Send” button.

    Click on the new button first, enter the names or email addresses, write a message, and click on the send button

    When the time comes when you need to add or remove users, simply go back to this page and repeat the steps here.

    This makes it easy to manage permissions on the site since all you have to do is add/remove a person in the group and that person’s permissions settings will change.

    3. Can you password protect your SharePoint site?

    Unfortunately, you can’t password protect a SharePoint site. You can only set restrictions to users accessing the site or break the permission inheritance.

    However, although you won’t be able to lock the site as a whole with a password, you can protect files on your sites with a password.

    To password-protect files, do this:

    Navigate to the site and the library where the file is stored. Once there, select the file and click on the share button of that file.

    Select the file first and click on the share button

    This will open the share window. The first thing to do then is to click on the link above the field where you can write the name, group, or email.

    Click on the link above the to field

    On the next page, make sure the link setting is set to “Anyone with the link”. Otherwise, the password option will not work.

    You will then find a “Set password” field below where you write a strong password for the file. Click on the “Apply” button to finish it up.

    Set a strong password for the file and click on the apply button

    After you share the link, those who don’t have the password will not be able to view the file. This is a good workaround to ensure your files are well-protected.

    4. How to make a SharePoint document private?

    Now, what if you don’t want to share your files or documents anymore? Fortunately, it’s quite easy to make your files or documents private again.

    Simply follow these steps:

    Navigate to the file first that you want to stop sharing. Select it and click on the info button on the command bar.

    Once the panel is open, click on the “Manage access” link.

    Open the information panel and click on the manage access link

    You will then see a “Stop sharing” link at the top of the panel. Click on it.

    Click on the stop sharing link

    After clicking on the link, the system will confirm with you if you want to delete all links that give access to the file.

    Simply click on the “Stop sharing” button and the file will be inaccessible to whom you shared it.

    Make SharePoint security a priority

    Microsoft may have good security features in place. Unfortunately, those don’t stop users from giving others unauthorized access.

    There’s always a security threat — which is why it’s important to make security a priority especially if you’re handling sensitive information on your site.

    Aside from implementing good practices on your side, make sure to teach your users how they can help keep the site more secure and safe.

    Do you have questions regarding SharePoint security? If so, drop them down in the comment section below. For inquiries, use my contact page to reach me directly.

    About Ryan Clark

    As the Principal Solutions Architect at Mr. SharePoint, I help companies of all sizes better leverage Modern Workplace and Digital Process Automation investments. I am also a Microsoft Most Valued Professional (MVP) for Office Apps & Services.

    Notify of
    Inline Feedbacks
    View all comments
    Would love your thoughts, please comment.x
    Scroll to Top