SharePoint governance

best practices
The ultimate guide to effective document
management and M365 collaboration.

Stay in control of Microsoft 365

CONTENTS

03 | The changing face of SharePoint

05 | The cost of SharePoint without

governance

06 | Information governance

08 | Operational governance

10 | Security and data access

12 | Clutter management

13 | Why SharePoint governance works

SharePoint governance best practices | 02

THE CHANGING FACE OF SHAREPOINT

SharePoint has, since it launched in 2001, been a staple of the Microsoft ecosystem. It’s also
changed faces numerable times. Whether as an on-premises or cloud-based collaborative
platform, it’s always staked its reputation on making it easy for employees to store, access, and
manage their organization’s data.

Today, SharePoint is used widely by employees as a data repository and intranet. Document librar-
ies can be created to store documents, while SharePoint sites connect employees to shared
resources. As both a document management and collaboration solution, the benefits of Share-
Point as a cloud-based solution are extensive, including:

• Quick file location, with metadata

• Smooth, real-time collaboration
• Better productivity
• Fast document sharing
• Robust security
• Disaster recovery
• Great user experience, with customization capabilities
• Capacity to scale as your organization grows
• Automatic updates

Over the last few years, uptake of cloud solutions in business has been exponential. This is likely
Ninety-four percent of businesses see an improve-
due to several benefits of cloud computing.https://www.salesforce.com/products/platform/best-practices/benefits-of-cloud-computing/
ment in security after switching to the cloud, and data is retained even if a company device is lost
or stolen. It also helps remote employees access information from anywhere in the world, at any

SharePoint governance best practices | 03

time. This gives cloud computing a clear advantage over on-premises solutions, which can techni-
cally be accessed by remote workers, but require extra security features, like VPN barriers and
firewalls, to be installed.

For a remote or hybrid workforce, cloud computing is an ideal solution. However, while it provides
enhanced useability over an on-premises architecture, cloud-based tools still need governance.
Proper governance protocols ensure a cloud environment, like SharePoint, is used correctly,
remains operational, and doesn’t put company data at risk.

SharePoint governance, as a system of policies and processes, has proven benefits for businesses.
These include:

• Support for scaling businesses – proper governance keeps a data environment in check as it
scales. Just as employees need better, and arguably more stringent management as a business
grows, a data repository requires effective protocols to keep the platform operational.

• Uptick in productivity – a “clean” SharePoint environment makes finding items easy and
generates a better user experience. For employees who need to access and share files, search
for items, or navigate to specific parts of a site, an orderly environment speeds up these tasks
and boosts collaboration and productivity.

• Secure against data loss – security is a priority for IT teams, post-pandemic. Proper govern-
ance enables users to work from shared cloud environments safely without compromising
company information.

• Pre-empt IT challenges – ineffective governance leads to IT challenges down the line. These
can be time-consuming and shift the focus away from other IT tasks. For example, without
governance, orphaned sites, storage limits and unregulated external access, to name a few,
can proliferate and require investigation at a later stage. Governance pre-empts these
challenges, by flagging issues before they occur. A third-party tool, for example, will flag any
sites without a sufficient number of owners.

SharePoint governance best practices | 04

THE COST OF SHAREPOINT
WITHOUT GOVERNANCE

Since many cloud solutions were deployed rapidly and at scale during the pandemic, it was easy for
IT teams to neglect important governance processes. Many realize now, as their cloud environ-
ments expand and businesses become more reliant on them, that proper governance cannot be an
afterthought. One great example is the adoption of multiple technologies within the same Micro-
soft 365 ecosystem. Both Teams and M365 groups also provide numerous endpoints to create
SharePoint sites and teams. Often this goes unnoticed and ungoverned.

The problems caused by misgovernance can interrupt what should be a smooth experience for
SharePoint users to collaborate without friction and reach their business goals. In best cases, it
puts the burden back on IT, and in the worst cases, it puts company data at risk. Governance
means different things for different cloud solutions, but for SharePoint there are several govern-
ance touchpoints:

• Information governance
• Operational governance
• Data access and sharing
• Clutter management

https://www.metrigy.com/
We’ll cover these in the next sections.

SharePoint governance best practices | 05

INFORMATION GOVERNANCE

In a world in which data is a commodity, and a risk to organizations if in the wrong hands, protect-
ing business information is crucial. SharePoint features support information governance, but IT
teams must be proactive in implementing and maintaining protocols.

The way you structure your information – we call this “information architecture” – is important, as
it determines how information is presented to site users. Effective information architecture
supports the following goals:

• Easily managed by IT teams – architecture must facilitate the use, management, and imple-
mentation of new elements by IT administrators.

• Meet relevant requirements – architecture must comply with any regulatory requirements,
as well as those set by individual businesses. This will include privacy and security goals.

• Easy for users to navigate – architecture must be intuitive and easy to use for all employees
in a business. This helps keep the platform operational.

Document versioning Metadata content tagging Cataloging content Better navigation UX

SharePoint governance best practices | 06

Document management and classification are a key part of information governance. SharePoint
has extensive features to support this, like “managed metadata” to tag content, and “content
types” to classify information about an item. There are some basic, but key, steps to take when
building your SharePoint architecture, including:

1. Usinghttps://docs.microsoft.com/en-us/share-
metadata to tag and find content
point/managed-metadata

2. Establishing authoritative versions of a document, withhttps://docs.microsoft.com/en-us/microsoft-365/com-

versioning
munity/versioning-basics-best-practices
https://support.microsoft.com/en-us/office/enable-a-li-
3.brary-or-list-as-a-catalog-in-sharepoint-d1d377f3-77d5-
Cataloging your content, and creating user friendly URLs
4023-82d6-0a04e8c74ba4

4. Gettinghttps://docs.microsoft.com/en-us/share-
design navigation fundamentals right, for a better user experience
point/plan-navigation-modern-experience

The way you structure your SharePoint’s architecture will determine how it is used and governed
from thereon. Meeting the basic requirements – a platform which can be used by both IT admins
and employees, and which is compliant – will mean better governance in the long run.

SharePoint governance best practices | 07

OPERATIONAL GOVERNANCE

SharePoint must be easy to use for both IT teams and employees within a business. It’s not enough
to design an effective SharePoint architecture, although this is an important first step. Additional-
ly, the architecture must be maintained over time.

Bad SharePoint governance can lead to operational failures, such as content duplication, content
which isn’t used, or that which is confusing to navigate. If the environment becomes a jumble, or
simply doesn’t meet the needs of users, it will frustrate employees and may be abandoned entire-
ly. Common issues around operational governance include:

List/libraries with too many items

You can store up to 30 million items in a SharePoint list or library. However, when you try to view
more than 5,000 items, you will run into a viewhttps://rencore.com/products/governance/?utm_term=rencore&ut-
threshold error. The best way to keep track of list
m_campaign=SEARCH+-+RG+Promo+Generic+-+EN+(excl+DACH)&utm_source=adwords&utm_medium=ppc&hsa_net=adwords&hsa_tgt=kwd
and library items is with a third-party tool, which automatically reports on item totals.
-624703949695&hsa_ad=575570996775&hsa_acc=1286047396&hsa_grp=131935510306&hsa_mt=e&hsa_cam=15924446309&hsa_kw=rencor
e&hsa_ver=3&hsa_src=g&gclid=CjwKCAjw6raYBhB7EiwABge5KpOsUFqIGEEVeyaH_zehdbEv6OgFC7pixG5eNodaRWcQpJlIrYmfgRoC11sQAvD_BwE

Otherwise, typically users exceed the

threshold when their lists are tied to a Flow
or Timer Job – or any other scenario in
which the list or library is the automation
of a manual process (and not updated by
humans).

SharePoint governance best practices | 08

Site collections with less than two owners
When SharePoint has been in use for a while, it’s common to find multiple (sometimes hundreds
of) sites for which IT teams have little insight into. It might be unclear who created the site, and
what it’s being used for. When a business loses control of its sites like this, it can lose intellectual
property and other vital data.

For this reason, every site in SharePoint should, as a basic requirement, have two owners. Site
owners are those who control the technical aspects of a site (rather than its content), such as its
security and permissions. Ensuring that every site has two owners, and investigating those which
don’t, will keep your intellectual property safe and your sites compliant.

Unused SharePoint files

It’s important to set up retention policies, as part of a SharePoint governance strategy. Unused and
outdated documents and files will take up unnecessary space within the platform and become
confusing to users https://rencore.com/products/governance/?utm_term=rencore&ut-
and admins. You can modify SharePoint to automatically delete files or use a
m_campaign=SEARCH+-+RG+Promo+Generic+-+EN+(excl+DACH)&ut m_source=ad-
do the work for you.
third-party tool to words&utm_medium=ppc&hsa_net=adwords&hsa_tgt=k-
wd-624703949695&hsa_ad=575570996775&hsa_acc=1286047396&hsa_grp=13193551030
6&hsa_mt=e&hsa_cam=15924446309&hsa_kw=rencore&hsa_ver=3&hsa_src=g&gclid=C
jwKCAjw6raYBhB7EiwABge5KpOsUFqIGEEVeyaH_zehdbEv6OgFC7pixG5eNodaRWcQpJlIrYmfg
RoC11sQAvD_BwE

SharePoint governance best practices | 09

SECURITY AND DATA ACCESS

Since the COVID-19 pandemic, security has been on the top of IT teams’ agendas. A remote work
setting, while convenient for many employees, poses different security risks, including unsecured
Wi-Fi connections or devices left unattended.

Microsoft SharePoint, like other cloud apps within the Microsoft 365 ecosystem, provides first-rate
security measures. However, if employees are using the environment incorrectly or have easy access
to sensitive information, a secure cloud environment can fall foul to information loss and data
breaches. Common issues around security include:

Site collections with external users

Site owners can share sites with external users. This is a useful feature for those businesses that
work with external vendors, clients, and stakeholders, who might need access to specific docu-
ments. However, external sharing remains a business risk, so it’s important to set up authenticated
access for external users, which requests a user login or verification code to view content.

Site owners can set sharing permissions, but IT teams should also have a one-pane view of their
https://rencore.com/products/governance/?utm_term=rencore&ut-

organization’s external users. A third-party tool, like Rencore Governance, gives IT administrators
m_campaign=SEARCH+-+RG+Promo+Generic+-+EN+(excl+DACH)&utm_source=adwords&utm_medium=ppc&hsa_net=adwords&hsa_tgt=kwd-
624703949695&hsa_ad=575570996775&hsa_acc=1286047396&hsa_grp=131935510306&hsa_mt=e&hsa_cam=15924446309&hsa_kw=rencore&
hsa_ver=3&hsa_src=g&gclid=CjwKCAjw6raYBhB7EiwABge5KpOsUFqIGEEVeyaH_zehdbEv6OgFC7pixG5eNodaRWcQpJlIrYmfgRoC11sQAvD_BwE
a “control room” view of external operators, with a dashboard, which removes the burden from
individual site owners.

SharePoint governance best practices | 10

Loose permissions
It’s important that IT teams, when managing a governance strategy, assess to what granularity site
permissions should be controlled. Permissions enable users to perform various actions on a list,
library, or specific item. When permissions are too loose, users may be able to remove, edit, or move
items, which can undermine the platform’s architecture.

SharePoint users might be categorized and managed by their permission level. Default permission
levels range from view only, to contribute and edit, and full control. Although it’s simple to track the
permissions for any individual user, IT teams might want to consider using a third-party governance
tool for a more comprehensive view of user permissions. Tools like these report on permissions
changes, or any other modification that might be of note.

SharePoint governance best practices | 11

CLUTTER MANAGEMENT

"Clutter” has become the common way to describe any IT environment that isn’t well organized. A
cluttered cloud environment is the digital equivalent of a messy workspace, and can generate low
productivity, stress, and platform disbandment.

Clutter can be managed, in part, by building a streamlined architecture and setting the correct
permissions. However, SharePoint is a flexible, customizable tool and prone to becoming unruly
when mismanaged, which means that proper auditing and governance is required in the long term.
Common issues around clutter management include:

Unused site collections

Site collections should be deleted after a specified period of inactivity. The recommended length
of time is 90 days after site creation, although organizations can choose to extend this. It's impor-
tant to decide whether unused site collections ought to be deleted automatically, and whether it
first needs the owners’ approval. If you plan to automatically delete unused site collections, email
at least a period of twenty-eight days beforehand.
notifications should be sent to owners for https://docs.microsoft.com/en-us/sharepoint/sites/man-
age-unused-site-collections

Orphaned site collections

An orphaned site collection is one without any owners, and which no one is able to administer. If
left, these can build up on the platform, creating problems for IT staff who want to delete them
and clean up the environment. Without an owner, access to information may be limited.

Ensuring that every site collection has at least two owners is a first step in avoiding orphaned site
collections. On top of this, IT teams need to put governance protocols in place, to regularly check
https://rencore.com/products/governance/?utm_term=rencore&ut-
third-party governance software to manage this process automatically.
for orphaned teams or usem_campaign=SEARCH+-+RG+Promo+Generic+-+EN+(excl+DACH)&utm_source=adwords&utm_medium=ppc&hsa
_net=adwords&hsa_tgt=kwd-624703949695&hsa_ad=575570996775&hsa_acc=1286047396&hsa_grp=131935510
306&hsa_mt=e&hsa_cam=15924446309&hsa_kw=rencore&hsa_ver=3&hsa_src=g&gclid=Cj0KCQjwjbyYBhCdARIs
AArC6LL0X-emNdjgs27xpk5YlyNsFROQFicyCtZd16WBTDL5pvnlebfD5uQaApKWEALw_wcB

SharePoint governance best practices | 12

MANUAL VS. AUTOMATED
GOVERNANCE

SharePoint governance is a large-scale undertaking, involving numerous checks against various

protocols. It should also happen alongside other governance strategies in the wider Microsoft
ecosystem. Applications like OneDrive and Microsoft Teams, for example, also require governance
actions to secure their data against breaches and intellectual property loss.

Keeping tabs on governance issues across the entire Microsoft ecosystem is difficult. Manual
governance is possible, but not recommended, especially when multiple cloud-based tools require
governing. The Microsoft ecosystem is a sprawling beast and difficult to keep in check without
automated help. For an organization looking to take governance seriously, automated governance
is required. An automated, third-party tool, makes it easy to pre-empt and gain control over a
host of governance tasks, including securing against data breaches, managing clutter, and ensur-
ing platforms are operational.

Cloud-based tools have given employees the

opportunity to work remotely. Now, they
need proper governance. Automated tools,
like Rencore Governance, sets up a busi-
ness for the modern workplace, in which
data or intellectual property loss can be
detrimental to a business (including small
businesses), and in which employees need to
collaborate effectively from the comfort of
their homes.

SharePoint governance best practices | 13

With automated governance, you can:

• Keep your Microsoft environment clutter free

• Optimize costs as you scale
• Manage external access and permissions
• Discover enhanced security
• Gain full visibility across all Microsoft 365 products
• Keep your apps operational
• Discover an uptick in productivity across apps
• Offboard users safely

Third-party governance tools do the work for you. They relieve your IT team of manual governance
tasks and put the control back in your hands. For businesses using multiple cloud-based apps such
as SharePoint, Teams, OneDrive, Exchange, Yammer, Azure AD and Power Platform across the
Microsoft 365 ecosystem, automated governance tools, like Rencore Governance, helps you keep
all bases covered.

SharePoint governance best practices | 14

About the author

Matthias is a Microsoft MVP, co-founder,

and CEO at Rencore.

Matthias’ mission is to help enterprises stay in

control of their Microsoft collaboration tech-
nology. Matthias and his team achieve this by
providing insights, advice, and actionable
ways to manage platform growth. Matthias is
speaking at many conferences and community
events all over the world and is a former organ-
iser of the European Collaboration Summit.

linkedin.com/in/matthiaseinig
https://www.linkedin.com/in/matthiaseinig/

twitter.com/mattein
https://twitter.com/mattein

SharePoint governance best practices | 15

About Rencore

Rencore’s award-winning software helps you scale time-consuming cloud governance and
maintain business continuity, simplifying lifecycle management, external user control,
and cost management.

Rencore is a trusted, long-time Microsoft partner with over 15 years of experience in the
Microsoft space.

Rencore
Bayerstr. 71-73
80335 Munich, Germany

Email
support@rencore.com
sales@rencore.com

Phone
DE: +49 (0) 89-2154169-0
Fax: +49 (0) 89-2154169-99

rencore.com

SharePoint governance best practices | 16

 Check out all our publications
and resources to successfully
stay in control of Microsoft 365
collaboration technologies at:

rencore.com/media/materials
https://rencore.com/media/materials/

rencore.com