SharePoint Governance: stories, myths,legends and real life

Toni Frankola @tonifrankola

SharePoint MVPAcceleratio Ltd,. Croatia

Grant, addDelete, remove

Clone, transfer

Generate entire SharePoint documentation, check the custom solutions, save farm deployment.

Analyze and manage permissions live: clone, transfer, create groups, add or remove users.

Monitor farm health, track changes and compare. Report on site contents and audit farm setup.

One solution for all your SharePoint troubles…

Farm Assessment

Permissions Farm Audit Save time! Single

console!

Validate!

Explore and compare SharePoint Online permissions.

Review all your Office 365 tenants, licenses

and subscriptions.

Track changes and monitor users Exchange Online data.

GroupsUsers

Administrators

One tool for entire Office 365…

Tenant Overview

Permissions ReportsReview all! Save time! Examine!

Compare

The size of digital universe

4 ZB2013

44 ZB2020

OneDrive storage plans change in pursuit of productivity and collaboration

…a small number of users backed up numerous PCs and stored entire movie collections and DVR recordings. In some instances, this exceeded 75 TB per user or 14,000 times the average.

The goals for this session• Demystify SharePoint Governance• Rules for governance plan• Forming a governance team• Creating a sample governance plan• Policy / Responsibility / Process• 4 examples of processes for implementing policies

FACT: NOBODY REALLY LIKES GOVERNANCE

• Time consuming• Costly• Outcome is difficult to measure

Why don’t we do SharePoint governance?

• SharePoint Governance is only important for large deployments.• SharePoint Governance is a book. A big book.• We don’t have people for real governance board.• Governance is nothing more than consultancy hours

What is SharePoint Governance?Governance is the set of policies, roles, responsibilities, and processes that control how an organization's business divisions and IT teams work together to achieve its goals.

(Microsoft)

Low Medium High0

1

2

3

4

5

6

IT Management; 2

Information management; 4

Security management; 3

Application management; 5

Governance effort per SharePoint maturityGO

VERN

ANCE

EFF

ORT

Typic

al am

ount

of go

verna

nce

Proportion of site types in a typical environment

Central published site (Intranet home page)

Departmental site

Group and team sites

Projects and workspaces

Personal sites (My Sites)

Governance and Site Types

SP G

over

nanc

e A. IT Governance (S+S)

A1. Security, infra, and web app policies

A2. Data protection (backup + rec)

A3. Site policies

A4. Quotas

A5. Asset classification

B. Information management (content)

B1. Architecture

B2. Access

B3. Management tools

C. Application management (Custom Solutions)

C1. Customization policy

C2. Branding

C3. Custom Solutions / Apps

A. IT Governance (Software + Services)

A1. Security, infra, and web app policies• How is the system and infrastructure maintained?• Hardware, Software, Updates, Services Running

• Who has access at what levels?• Privileged Access

• Permissions(a topic for a dedicated conference)

A1-A. Deployment governance• Track installations

Use AD.

• Block installationsSP, SPD, InfoPath

• Keep current with software updatesKeep your servers current. Test and install recommended software updates.

• Site collection upgradesSite collections can now be upgraded independently from the content databases.

A1-B Permissions• Share with external users (who and what)• SharePoint Groups (when and how many)• AD groups• Clean up and testing

A2. Data Protection • Backup and restore• Frequency• Level

• Software boundaries and limits for SharePoint (2007/2010/2013)Limit Maximum value Limit type NotesNumber of content databases 500 per farm Supported The maximum number of content

databases per farm is 500. Content database size (general usage scenarios)

200 GB per content database

Supported The default file size is 50 MB, which can be increased to a maximum of 2 GB.

Content database size (all usage scenarios)

4 TB per content database Supported Content databases of up to 4 TB are supported*

A3. Site policies• Site Lifecycles• Site Deletion• Site Creation• Management

A4. Quotas• How much data can be stored in a site collection• Maximum size of uploaded files• Database growth predictions

B. Information management (content)Versions, Records, Information Architecture

C. Application management (Custom Solutions)Proces for piloting and testing solutionsGuidelines for packaging and deploying customizationsGuidelines for updating customizationsApproved tools for customizations

C2. Lifecycle management

Development Pre-production Production

Test new and updated apps and solutions

Control source code and use versioning

Keep environments in sync to get best results from testing

Sync Sync

C3. Branding• Custom Logo + Custom Theme

• Master Pages• Localization• Responsive

Myth 1: Governance is important only for large deployments

“We just want to collaborate”

Creating SharePoint artifacts without a plan(Infrastructure, Information Architecture)

No Enterprise Content ManagementNo permissions concept, archiving, no retention

SharePlosion(can happen with relatively small amounts of content)

How did this happen?

Inadequate infrastructure

No information architecture No security concept Wild

customizations No proper training Governance hell

What is SharePoint Governance?Governance is the set of policies, roles, responsibilities, and processes that control how an organization's business divisions and IT teams work together to achieve its goals.(Microsoft)

Policy Role / Responsibility Process

CDB cannot contain more than 20 SCs Farm Admin

Weekly: Create CDBs / Move SCs /

Delete SCs

Myth 2: The Governance Plan

The SharePoint Governance Plan is a guidebook outlining the administration, maintenance, and support of X Corporation’s SharePoint environments. It identifies lines of ownership for both business and technical teams, defining who is responsible for what areas of the system. Furthermore it establishes rules for appropriate usage of the SharePoint environments.

Microsoft SharePoint Governance Template

Myth 2: The Governance Plan

Governance plan• Small and concise• Bullets, posters• Wiki

Policy Role / Responsibility Process

Policies Roles/Responsibilities Processes

IT Governance

Information management

Security Management

Application management

Your Governance Plan

Your governance plan

Don’t try to cover everything.

Make sure that the Governance Body has authority to decide and react quickly.

Myth 3: The Governance Body

We recommend that you create a team from various disciplines across your organization to develop and maintain these policies. Include people from as many roles as possible.

Microsoft Technet

https://technet.microsoft.com/en-us/library/cc263356.aspx

Governance team

https://technet.microsoft.com/en-us/library/cc263356.aspx

Your Governance team

Governance Body

Enterprise Architect

Project Lead(s)

[Business]

Lead SP Admin

Lead Software Architect

Workers council

ComplianceOfficer

RiskOfficer

Data Privacy officer

SP Influencers

Project Sponsor

Myth 3: The Governance Body

Focus on needs and resources Keep it small Authority to

decide

Real world example: Large Real Estate customer

Real world example

8.000Site Collections

CRM

Real world example

• Auto-provisioned from external system (CRM)• 200-10000 documents (avg. 500)• 24 Security Groups• 4 groups with prepopulated membership (CRM)• “Nested” through group owners• Hierarchical permissions management• “Managers” can break permission inheritance• 60 Content types. CT Inheritance• Records management (InPlace + DM)• Site policies according to Project Lifecycle

RE FARM

Governance ChallengesFarm health

Permissions

Content types

Content monitoring

ECM

Applications

Policies Roles/Responsibilities Processes

IT Management

Information management

Security Management

Application management

Your Governance Plan

IT/SP ManagementPolicy Role/Responsibility Process

Measure network latency

Network latency cannot be larger than X

Chief Network Administrator, Mr. John Smith

Tool X will be configured to automatically measure network latency in 10-days intervals. If latency is larger than X...

SP Logs Hard drives size

Drive partitions where log drives are stored cannot be used more than 75%

Chief Network Administrator, deputy Mr. Adam Doe

SC will be configured to monitor drives, and to archive logs...

SP Health check Regular SP Farm health check

Chief Network Administrator, Mr. John Smith

Tool X will be used to...

SP Best practices Regular SP Best Practices monitoring

Chief Network Administrator, Mr. John Smith

A tool will be used to automatically monitor SP Best Practices every week and to report

Challenge 1: SharePoint Farm Health

• SharePoint Farm Status• SharePoint Best Practices

Infrastructure / SharePointPolicy Role/Responsibility Process

Best Practice SharePoint Logs have to be stored on a separate drive

Chief Network Administrator, Mr. John Smith

Best Practices check to determine if Logs are in proper location

Best Practice Loopback Check disabled

Chief Network Administrator deputy Mr. Adam Doe

Best Practices check to determine if loopback check is configured properly

SharePoint Best practices• Microsoft TechNet• PowerShell / Central Admin• SPDocKit SharePoint Best Practices Portal

https://bp.spdockit.com

Challenge 2: Dead content

• Documents not accessed• Documents whose authors are not....

Information ManagementPolicy Role/Responsibility Process

Site structure Project sites can contain only predefined libraries

Chief Network Administrator, Mr. John Smith

Use SharePoint Manager, or PowerShell script A, to identify project sites with custom document libraries

Dead content Dispose of the content that is unused since 6 months

Chief Network Administrator deputy Mr. Adam Doe

Once a month use PowerShell to locate content which is not used since 6 months, and inform the content owners...

Sites in retention Regular SP Farm health check

Compliance officer, Ms Anna Smith, Chief Network Administrator...

PowerShell Script X will be executed every Monday which finds the site collections that...

Content types Content types are provisioned only through the CTH

Taxonomy officer, Ms Jane Smith, Chief Network Administrator...

PowerShell Script Y will be executed every Monday which iterates the site collections...

Challenge 3: Permission governance

• Reporting permissions for sites and users• SharePoint Group and Permission level management• Permission inheritance

Permissions and securityPolicy Role/Responsibility Process

Item level permissions No item level permissions are enabled in the “Reports” library

Chief Network Administrator X, Compliance Officer Y

Develop security event receiver that prevents breaking permissions on the item level in the document library “Reports”

Auditors Every six months, enable auditing process on the “Reports” library

Chief Network Administrator X, Compliance Officer Y

On demand, use code to create Permission Level and SharePoint Group for Auditors, so they can access content in the “Reports” library

External Users (Microsoft Account)

External users are not allowed in library “Reports”

Chief Network Administrator X, Compliance Officer Y

PowerShell Script X will be executed every day which finds and removes external users...

Group Owners Project Managers SP Group is owner of all other SP Groups

Chief Network Administrator X, Compliance Officer Y

PowerShell Script Y will be executed every Monday which iterates the site collections...

Challenge 4: Customizations governance

• Assert the necessity of customization• Code quality

ApplicationsPolicy Role/Responsibility Process

Custom code policy in portal site

In the portal site, only apps are allowed

Chief Network Administrator, Mr. John Smith

No server side custom code is allowed for deployment in the portal web application. Every 7 days, PowerShell script A will detect...

Server side code in project sites

All server side code in project sites must be approved

Head of Development, Ms Samantha Doe

Before installation of any server side package SPCop / SPCAF will be used for code quality check

.NET 3.5 workflows No .NET 3.5 workflows allowed – only WM or K2...

Head of Development, Ms Samantha Doe

PowerShell Script Y, run once a day, will be used to iterate site collections and detect and deactivate Workflows...

Code quality and tools Coding conventions (your own or Microsoft’s)

StyleCop (stylecop.codeplex.com)

SharePoint server side code quality SPDisposeCheck SPCAF (www.spcaf.com)

Real world use case

• Infrastructure provisioning• Content provisioning and management• Responsibilities, roles and permissions• ECM Policies (Records + Site Policies)

Governance Plan(24 pages)

• Project Sponsor• Project lead• Enterprise Architect• Software Architect

Governance Body

• Governance is necessary for small and large deployments• Demystify governance, keep it straightforward• Keep focus on implementation (processes)

QuestionsThank you!