How to: enable additional SharePoint security features
Seattle University SharePoint sites support many communication and collaboration needs, including file sharing, multi-user file editing in real time, and reporting services. All students faculty and staff can manage SU SharePoint sites, and SU sites are accessible by people inside and outside Seattle University.
SU SharePoint sites are secure by default; only members can access data, and members must authenticate to the site with active username and password. However, some SharePoint site owners may want to make additional changes to their site(s) to further restrict SharePoint site functionality and features.
Instructions
The following instructions list features that are commonly requested at SU that impact sharing capabilities to promote tighter data management, stricter site security, and protect SU data.
Only Site Owners can share content
By default, all site members can share site content. To restrict the sharing of site data, limit sharing of files and folders to team owners. This helps ensure that owners are in control of file sharing.
Feature located under Site Sharing Settings (Settings (gear icon) > Site Permissions > Site Sharing > “Change how members can share”)
Change default member permissions to "read-only"
You can change default SharePoint behavior so that all members only have read-only / “view” permissions. If you want all members to always have this ability, you can edit the “(site) members” security group to only have view permissions. Each person is considered a member, but all members now only have read (view-only) permissions.
This option could work well for a document repository or an intranet site.
Feature located under Site Sharing Settings (Settings (gear icon) > Site Permissions > Site Members > (change from Edit to Read)
Restrict access to specific folders within a SharePoint site
NOTE: site owners will have access to all SharePoint site content. If you need to keep sensitive data inaccessible to a site owner, you should create a new, separate site for that data.
Change folder settings in the "Manage access" menu:
Change External sharing settings (requires ITS SharePoint Admin involvement)
NOTE: as of April 2021 SU's external sharing settings allow for "anyone' access on SharePoint, but default SharePoint site creation is enabled for "New and Existing Guests" only.
SU SharePoint sites are enabled for external authorized access ("new and existing guests"; users must authenticate to gain access to an SU SharePoint site). If a site owner wants to prevent any chance for external access to their site, they can request changing their site's external access permissions to a more-restrictive setting, including "only people in your organization".
This change is available under the M365 Admin console for SharePoint. To request this change please open a ticket with the ITS Service Desk.
Sites > Active Sites > (name of site) > Sharing :
Change default sharing link settings (requires ITS SharePoint Admin involvement)
By default, site members can share site content and the sharing link pre-populates the following link settings: only people in your organization, and edit. If no adjustments are made to the sharing link, then when a member shares content with another person they will only be able to share with another SU person and that other SU person has edit rights to the content being shared (even if that person is not a member of the site).
The "sharing link type" is already restrictive to SU members, but can be made more restrictive by default by changing this setting to "People with Existing access"
The "link permission" can be changed to "View" to ensure that files are not accidentally or unintentionally edited.
Need additional help? Submit a ticket in our new portal here: IT Service Desk Help Center