Microsoft 365 Cloud Security and Governance when External Sharing | Case Study
|Org Size||500 +|
2toLead recently worked with one of Atlantic Canada’s largest regional law firms. They reached out to us for guidance on using SharePoint Online to share information with external users, primarily their clients.
They were curious to explore the use of SharePoint Online for their clients and ensure they had easy and secure access while experiencing the platform. The team was particularly interested in the key areas that would help them secure access, ensure sensitive information was protected, and learn how to guarantee the configuration needed for Extranet sites was repeatable to keep compliant and maintain consistency.
The law firm was looking for a team that had the same philosophies around innovating and customer excellence. 2toLead was a great choice given our extensive experience building Intranet and Extranet portals as well as our breadth and depth of knowledge in the Microsoft 365 platform. The client’s primary need was to move towards building an extranet service based on SharePoint Online that integrates with other systems for a more cohesive client experience. Join us in taking a look at the journey we took to better governed and more secure sharing.
TIP | If you are looking to improve governance, our eBook on SharePoint and Microsoft Teams Sprawl can help!
Our journey toward better Microsoft 365 cloud security when external sharing begins
To determine the team’s specific needs, we began our journey by holding a series of discovery sessions. These interactive discussions centered on governance, security, and compliance. The team was highly engaged and keen to learn what is possible in the platform, so we peeled back the various layers of Microsoft 365. We did this to ensure we had a common understanding of the platform’s possibilities and gain user needs and insights that would drive our recommendations towards what specific areas needed to be defined and configured.
Peeling the external sharing onion
While the storefront for an extranet based on Office 365 is traditionally a SharePoint Extranet, we reviewed the different areas where the platform is malleable to configure a safe and secure collaboration experience. Along the way, we dove in to discuss Azure Active Directory, Microsoft 365 Groups, SharePoint, and OneDrive external sharing. We also looked at relevant policies and settings in Microsoft Teams to ensure proper coverage of the many ways one can collaborate and share with others.
The team was particularly interested in the platform’s federation and single sign-on capabilities (as they were using a third-party solution to accomplish this goal. A more extensive and organization-specific analysis was done to identify the level of support and effort to migrate the SSO capability from the third-party platform to Azure Active Directory.
Add more personable moments, to highlight the relationship and good collaboration with the client.
- SSO piece, added interactive aspect to our discovery discussions
Thought leadership: showcase an example and a moment that marks the 2toLead difference.
- SSO piece, adding value beyond the basics
- Extranet/Intranet portals our core strength
Check about us page for client and map out values to journey where applicable.
- Added commitment to innovation and adding value to client with the firm intent to make their life’s easier.
A key differentiator for them as opposed to any other client.
- Their focus on innovation is clearly stated
Governance as the mainline for putting all the pieces together
In isolation, these capabilities allow us to configure the main pieces. However, we took special consideration in managing the container’s lifecycle, site provisioning, and guest management.
Our findings raised important considerations for managing and automating these crucial processes to establish a repeatable and auditable process that balances business agility and security.
Keeping sensitive information safe and secure
Our compliance discussions highlighted the need for defining a set of policies and labeling that can support users on day one of using their extranet and prevents leakage of sensitive information. On the other hand, the need to define retention based on key document types, locations, automated or manual led to raising awareness and establishing an information governance strategy to support internal and external users as they adopt the new system.
Trust, but verifying
Another important consideration for security was the ability to audit user activity. The unified audit logging capabilities of the platform complement their existing investments on security.
These capabilities support the team by being alerted of critical risks associated with external sharing and other administration related tasks, ensuring prompt detection and mitigation should the need arise.
By performing access reviews using the Azure Active Directory capabilities, the team can ensure the right people have access to resources by periodically triggering reviews and providing the information to the owners of the content to attest to the access granted.
What is next?
While the journey continues for the law firm, the team now has a roadmap that sets out a clear path to follow based on business needs and prioritized next steps. Key milestones include defining their governance and information architecture needs towards automation of extranet site creation. In parallel, the team works with relevant parties to refine integration points with other systems to further enhance their clients’ experience.
Let us tag along
For many organizations, the world of Microsoft 365 is uncharted territory. If you are unsure about what you need for your digital transformation journey, reach out to us. Our strategy services can help you identify the key pieces to consider and set you up for success. Better yet, if you need a team of experts and passionate consultants to walk the path with you, let us tag along and bring the umbrella to protect you from rainy days.