SlideShare a Scribd company logo

Auditing SharePoint Permissions

Download as PPTX, PDF
K
Karim Roumani

So SharePoint won our hearts and our data is now all over its nested sites, lists and folders. Our user base has gradually grown. Permissions have been created and deleted and inheritance broken by us and others. The permission landscape is patchy, neglected and little understood. Our data security is sitting on thin ice. With all the recent news about data breaches and information leakage outside the corporate firewalls, as IT administrators and security professionals, it is our job to understand What our users in SharePoint have access to What areas of our SharePoint site are more sensitive than others. Where are the unique permissions? What permissions have been misassigned. What permissions have others been assigning? Are we ok with them? Ultimately we try to answer the question: Do users have access to content they are not supposed to have access to? Join me in this Webinar to explore and tackle how we ought to audit SharePoint permissions and come up with a coherent ongoing strategy to safeguard your company's data.

Software
1 of 35
AUDITING SHAREPOINT PERMISSIONS WHY? HOW? WHAT? KARIM ROUMANI SOLUTIONS DIRECTOR/SPEAKER TWITTER: @KARIMSPOINT KARIM.ROUMANI@TEKREACH.C OM
ASSUMING • Assume have an basic understanding • eBook to get started - http://bit.ly/1RuAAn7
WHY SHOULD YOU CARE? • CyberCrime is not a hobby, its big business • Organized Crime • Nation States • Terror Groups • Security Vulnerabilities Hit all Time high in 2014 • Heartbleed SSL • Shellshock (unix) • Sandworm (windows malware using OLE) • People Are the Weakest link / Bad Apple / Leakers • Downsizing, Leaving on Bad Terms, Mistakes, Social Engineering • Competitors • Contractors • Examples • eBay, Home Depot, Michaels, Sony, Target
WHY PERMISSIONS ARE DIFFICULT TO REGULATE?
THE HUMAN WEAKNESS • Convenience people just give permissions without thorough understanding • Forget • To delete the user • Set an expiration date • Remove the permissions • Lack of Visibility and Visualization on the Data • Difficulty to Grasp the Risks
THE HUMAN WEAKNESS • Difficulty to Grasp the Risks
SHAREPOINT CHALLENGE • Nested Objects • Hard to see a full picture • Confusing • Daunting Effort • No Process Exists
IMPACT OF BREACH • Lawsuits • Trade Secret/ Financial Loss • Social Security, Credit Cards, Medical Records • Compliance Issues • Embarrassment
Producer at SONY thinks Angelina Jolie is a "spoiled brat"
RISK IMPACT OF BREACH • PR Crisis • Fired
HOW? PLAN? GOAL: No Person Should have Access to Information they shouldn’t have access to.
THE PLAN Master Checklist • NOW • Unique Verification • With Content Owners Remediation Sign Off
PERMISSION CHECK LIST Marketing Owners Mike
HOW DO I BUILD THIS MASTER LIST?
BRUSH UP
AUDITING SITE COLLECTION ADMINISTRATORS • OPEN DEMO
MANUAL CHECK OF UNIQUE PERMISSIONS • Sites Excel Master List
LIST AUDIT HR WEBSITE DEMO
ITEM UNIQUE PERMISSIONS • Items
CHALLENGES OUT OF THE BOX • Too Many Clicks and Windows • Very tough to track • Collaboration is difficult • Building a Master Tedius
USING TOOLS • Powershell (scripting/coding) • Tru Permissions Auditor (turn-key)
POWESHELL FLAVORS • Server Code (works only with on-premises) • Client Code (needed for O365)
TRU PERMISSION AUDITOR DEMO truapps.portalfront.c om
4 FINAL KEY TIPS
AUDITING EFFECTIVE PERMISSIONS• EFFECTIVE PERMISSIONS ARE THE TRUTH • IF JOHN.DOE  READ MARKETING GROUP EDIT JOHN.DOE IS MEMBER OF MARKETING GROUP THEN EFFECTIVE PERMISSIONS ARE JOHN.DOE  EDIT DEMO CHECK PERMISSIONS
EXTERNAL USERS • What is an external user? • An external user is someone outside of your organization who can access your SharePoint Online sites and documents but does not have a license for your SharePoint Online or Microsoft Office 365 subscription. External users are not employees, contractors, or onsite agents for you or your affiliates. • External users inherit the use rights of the SharePoint Online customer who is inviting them to collaborate. That is, if an organization purchases an E3 Enterprise plan, and builds a site that uses enterprise features, the external user is granted rights to use and/or view the enterprise features within the site collection they are invited to. While external users can be invited as extended project members to perform a full range of actions on a site, they will not have the exact same capabilities as a full, paid, licensed member within your organization. The limitations are described in the table below.
FIND ALL EXTERNAL USERS LAUNCH DEMO
WHAT IS “EVERYONE EXCEPT EXTERNAL USERS” GROUP EVERYONE EXCEPT EXTERNAL USERS WHEN A USER IS ADDED TO OFFICE 365, THE USER AUTOMATICALLY BECOMES A MEMBER OF EVERYONE EXCEPT EXTERNAL USERS. BY DEFAULT, THE EVERYONE EXCEPT EXTERNAL USERS GROUP IS ADDED TO THE MEMBERS GROUP ON THE SHAREPOINT TEAM SITE. IT IS AUTOMATICALLY ASSIGNED A PERMISSION LEVEL OF CONTRIBUTE. THIS MEANS ALL USERS WHO ARE ADDED TO OFFICE 365 CAN VIEW, ADD, UPDATE, AND DELETE ITEMS FROM LISTS AND LIBRARIES. IF YOU WANT TO CHANGE THE PERMISSION LEVELS FOR THIS GROUP, YOU CAN REMOVE IT FROM THE MEMBERS GROUP AND THEN ADD IT TO A GROUP THAT USES DIFFERENT PERMISSIONS. FOR EXAMPLE, YOU MIGHT ADD THE EVERYONE EXCEPT EXTERNAL USERS TO THE SHAREPOINT VISITORS GROUP. THIS AUTOMATICALLY ASSIGNS A READ PERMISSION LEVEL TO ALL USERS IN THE EVERYONE EXCEPT EXTERNAL USERS GROUP
“SHARE EVERYTHING IN THIS FOLDER” (NEW FEATURE) • Changes were made to the folder sharing behavior in SharePoint Online. Before this update, folder sharing shared only the contents of the folder that inherited permissions from the folder. The new changes lets users share all contents (even uniquely permissioned contents) in a folder when they share a folder. To do this, select the Share everything in this folder, even items with unique permissions check box in the sharing dialog box for a folder. • https://support.microsoft.com/en- us/kb/3048806
MOVING FORWARD • Site Owner Education • Audit Triggers / Schedules
WHEN TO AUDIT • Migration of Data • Security Review • Recent Breach • Employee or Contractor leaving • What do they still have access to? • Did they modify permissions • Taking over administration. What's the current lay of the land. • Validating controls of a new comer. • Many unique item level permissions • Employee Changing Roles
COMMON PITFALLS • A person still in a nested group • A person given direct access to an obscure object • External Users who still have access • A person who gave another person the wrong access. (lack of training/user error)
SUMMARY • RISKS • Challenges Keeping Clean Permissions • Audit Plan • Master List / manual using tools • External Users • Key Concepts
ULTIMATE GOAL No Person Should have Access to Information they shouldn’t have access to.
THANK YOU FOR ATTENDING/ QUESTIONS Karim Roumani Solutions Director/Speaker Twitter: @KarimsPoint Karim.Roumani@tekreach.com • We will send you a link to the recording • Please fill out feedback survey • Tru Apps: http://truapps.portalfront.com/sharepoint-permissions-audit- report.html • SharePoint Permissions eBook: http://bit.ly/1RuAAn7 • Add me to twitter • Email me for questions

Recommended

Bancarizacion
BancarizacionBancarizacion
BancarizacionVCTORHUGO62
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks
Imperva
 
SharePoint Folders vs. Metadata
SharePoint Folders vs. MetadataSharePoint Folders vs. Metadata
SharePoint Folders vs. Metadata
Gregory Zelfond
 
10 Reasons to Avoid Folders in SharePoint 2013/2010
10 Reasons to Avoid Folders in SharePoint 2013/201010 Reasons to Avoid Folders in SharePoint 2013/2010
10 Reasons to Avoid Folders in SharePoint 2013/2010
Bobby Chang
 
SharePoint Permissions Worst Practices
SharePoint Permissions Worst PracticesSharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
Bobby Chang
 
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Toni Frankola
 
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
spsnyc
 
Teams Governance - SharePoint Saturday Calgary 2019
Teams Governance - SharePoint Saturday Calgary 2019Teams Governance - SharePoint Saturday Calgary 2019
Teams Governance - SharePoint Saturday Calgary 2019
Morio Kumagawa
 

Recommended

Bancarizacion
BancarizacionBancarizacion
BancarizacionVCTORHUGO62
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks
Imperva
 
SharePoint Folders vs. Metadata
SharePoint Folders vs. MetadataSharePoint Folders vs. Metadata
SharePoint Folders vs. Metadata
Gregory Zelfond
 
10 Reasons to Avoid Folders in SharePoint 2013/2010
10 Reasons to Avoid Folders in SharePoint 2013/201010 Reasons to Avoid Folders in SharePoint 2013/2010
10 Reasons to Avoid Folders in SharePoint 2013/2010
Bobby Chang
 
SharePoint Permissions Worst Practices
SharePoint Permissions Worst PracticesSharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
Bobby Chang
 
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Toni Frankola
 
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
spsnyc
 
Teams Governance - SharePoint Saturday Calgary 2019
Teams Governance - SharePoint Saturday Calgary 2019Teams Governance - SharePoint Saturday Calgary 2019
Teams Governance - SharePoint Saturday Calgary 2019
Morio Kumagawa
 
Doing It Right: The SharePoint Way
Doing It Right: The SharePoint WayDoing It Right: The SharePoint Way
Doing It Right: The SharePoint Way
Stacy Deere
 
SharePoint Governance 101 SPSSA2016
SharePoint Governance 101 SPSSA2016SharePoint Governance 101 SPSSA2016
SharePoint Governance 101 SPSSA2016
Jim Adcock
 
SPS London 2019 Enabling External Sharing in Office 365, SharePoint and OneDrive
SPS London 2019 Enabling External Sharing in Office 365, SharePoint and OneDriveSPS London 2019 Enabling External Sharing in Office 365, SharePoint and OneDrive
SPS London 2019 Enabling External Sharing in Office 365, SharePoint and OneDrive
Chirag Patel
 
Threat from within
Threat from withinThreat from within
Threat from within
Nuxeo
 
Enterprise Open Source
Enterprise Open SourceEnterprise Open Source
Enterprise Open Source
Oscar Renalias
 
SharePoint Governance 101 - Austin O365 & SharePoint User Group
SharePoint Governance 101 - Austin O365 & SharePoint User GroupSharePoint Governance 101 - Austin O365 & SharePoint User Group
SharePoint Governance 101 - Austin O365 & SharePoint User Group
Jim Adcock
 
SP Fest Denver - O365 Governance: One Area Cloud May Not Be Simpler
SP Fest Denver - O365 Governance: One Area Cloud May Not Be SimplerSP Fest Denver - O365 Governance: One Area Cloud May Not Be Simpler
SP Fest Denver - O365 Governance: One Area Cloud May Not Be Simpler
Stacy Deere
 
If SharePoint had Warning Labels
If SharePoint had Warning LabelsIf SharePoint had Warning Labels
If SharePoint had Warning Labels
Joanne Klein
 
SharePoint Governance 101 - OKCSUG
SharePoint Governance 101 - OKCSUGSharePoint Governance 101 - OKCSUG
SharePoint Governance 101 - OKCSUG
Jim Adcock
 
SharePoint Permissions 101
SharePoint Permissions 101SharePoint Permissions 101
SharePoint Permissions 101
Thomas Duff
 
Optimize Your Funnel By Getting Inside Your Buyer's Head
Optimize Your Funnel By Getting Inside Your Buyer's HeadOptimize Your Funnel By Getting Inside Your Buyer's Head
Optimize Your Funnel By Getting Inside Your Buyer's Head
David Skok
 
Building enterprise platforms - off the beaten path - SharePoint User Group U...
Building enterprise platforms - off the beaten path - SharePoint User Group U...Building enterprise platforms - off the beaten path - SharePoint User Group U...
Building enterprise platforms - off the beaten path - SharePoint User Group U...
Andy Talbot
 
Governance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I StartGovernance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I StartStacy Deere
 
Governance in o365 share point online. yes, you can and yes, you should
Governance in o365 share point online. yes, you can and yes, you shouldGovernance in o365 share point online. yes, you can and yes, you should
Governance in o365 share point online. yes, you can and yes, you should
Don Daubert
 
Future-proof your office 365 digital workplace
Future-proof your office 365 digital workplaceFuture-proof your office 365 digital workplace
Future-proof your office 365 digital workplace
Owen Allen
 
Office365 Governance Is Changing!!
Office365 Governance Is Changing!!Office365 Governance Is Changing!!
Office365 Governance Is Changing!!
Stacy Deere
 
Sharing Nicely with Others - External Sharing in SharePoint Online
Sharing Nicely with Others - External Sharing in SharePoint OnlineSharing Nicely with Others - External Sharing in SharePoint Online
Sharing Nicely with Others - External Sharing in SharePoint Online
Dean Virag
 
Teams Day Online V - Information Barriers - Communication Compliance and Micr...
Teams Day Online V - Information Barriers - Communication Compliance and Micr...Teams Day Online V - Information Barriers - Communication Compliance and Micr...
Teams Day Online V - Information Barriers - Communication Compliance and Micr...
Albert Hoitingh
 
Solvion Trend Werkstatt juni 2019 - Microsoft Teams
Solvion Trend Werkstatt juni 2019 - Microsoft TeamsSolvion Trend Werkstatt juni 2019 - Microsoft Teams
Solvion Trend Werkstatt juni 2019 - Microsoft Teams
Thomas Gölles
 
158 - Product Management for Enterprise-Grade platforms
158 - Product Management for Enterprise-Grade platforms 158 - Product Management for Enterprise-Grade platforms
158 - Product Management for Enterprise-Grade platforms
ProductCamp Boston
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
Game Development with Unity3D (Game Development lecture 3)
Game Development with Unity3D (Game Development lecture 3)Game Development with Unity3D (Game Development lecture 3)
Game Development with Unity3D (Game Development lecture 3)
abdulrafaychaudhry
 

More Related Content

Similar to Auditing SharePoint Permissions

Doing It Right: The SharePoint Way
Doing It Right: The SharePoint WayDoing It Right: The SharePoint Way
Doing It Right: The SharePoint Way
Stacy Deere
 
SharePoint Governance 101 SPSSA2016
SharePoint Governance 101 SPSSA2016SharePoint Governance 101 SPSSA2016
SharePoint Governance 101 SPSSA2016
Jim Adcock
 
SPS London 2019 Enabling External Sharing in Office 365, SharePoint and OneDrive
SPS London 2019 Enabling External Sharing in Office 365, SharePoint and OneDriveSPS London 2019 Enabling External Sharing in Office 365, SharePoint and OneDrive
SPS London 2019 Enabling External Sharing in Office 365, SharePoint and OneDrive
Chirag Patel
 
Threat from within
Threat from withinThreat from within
Threat from within
Nuxeo
 
Enterprise Open Source
Enterprise Open SourceEnterprise Open Source
Enterprise Open Source
Oscar Renalias
 
SharePoint Governance 101 - Austin O365 & SharePoint User Group
SharePoint Governance 101 - Austin O365 & SharePoint User GroupSharePoint Governance 101 - Austin O365 & SharePoint User Group
SharePoint Governance 101 - Austin O365 & SharePoint User Group
Jim Adcock
 
SP Fest Denver - O365 Governance: One Area Cloud May Not Be Simpler
SP Fest Denver - O365 Governance: One Area Cloud May Not Be SimplerSP Fest Denver - O365 Governance: One Area Cloud May Not Be Simpler
SP Fest Denver - O365 Governance: One Area Cloud May Not Be Simpler
Stacy Deere
 
If SharePoint had Warning Labels
If SharePoint had Warning LabelsIf SharePoint had Warning Labels
If SharePoint had Warning Labels
Joanne Klein
 
SharePoint Governance 101 - OKCSUG
SharePoint Governance 101 - OKCSUGSharePoint Governance 101 - OKCSUG
SharePoint Governance 101 - OKCSUG
Jim Adcock
 
SharePoint Permissions 101
SharePoint Permissions 101SharePoint Permissions 101
SharePoint Permissions 101
Thomas Duff
 
Optimize Your Funnel By Getting Inside Your Buyer's Head
Optimize Your Funnel By Getting Inside Your Buyer's HeadOptimize Your Funnel By Getting Inside Your Buyer's Head
Optimize Your Funnel By Getting Inside Your Buyer's Head
David Skok
 
Building enterprise platforms - off the beaten path - SharePoint User Group U...
Building enterprise platforms - off the beaten path - SharePoint User Group U...Building enterprise platforms - off the beaten path - SharePoint User Group U...
Building enterprise platforms - off the beaten path - SharePoint User Group U...
Andy Talbot
 
Governance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I StartGovernance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I StartStacy Deere
 
Governance in o365 share point online. yes, you can and yes, you should
Governance in o365 share point online. yes, you can and yes, you shouldGovernance in o365 share point online. yes, you can and yes, you should
Governance in o365 share point online. yes, you can and yes, you should
Don Daubert
 
Future-proof your office 365 digital workplace
Future-proof your office 365 digital workplaceFuture-proof your office 365 digital workplace
Future-proof your office 365 digital workplace
Owen Allen
 
Office365 Governance Is Changing!!
Office365 Governance Is Changing!!Office365 Governance Is Changing!!
Office365 Governance Is Changing!!
Stacy Deere
 
Sharing Nicely with Others - External Sharing in SharePoint Online
Sharing Nicely with Others - External Sharing in SharePoint OnlineSharing Nicely with Others - External Sharing in SharePoint Online
Sharing Nicely with Others - External Sharing in SharePoint Online
Dean Virag
 
Teams Day Online V - Information Barriers - Communication Compliance and Micr...
Teams Day Online V - Information Barriers - Communication Compliance and Micr...Teams Day Online V - Information Barriers - Communication Compliance and Micr...
Teams Day Online V - Information Barriers - Communication Compliance and Micr...
Albert Hoitingh
 
Solvion Trend Werkstatt juni 2019 - Microsoft Teams
Solvion Trend Werkstatt juni 2019 - Microsoft TeamsSolvion Trend Werkstatt juni 2019 - Microsoft Teams
Solvion Trend Werkstatt juni 2019 - Microsoft Teams
Thomas Gölles
 
158 - Product Management for Enterprise-Grade platforms
158 - Product Management for Enterprise-Grade platforms 158 - Product Management for Enterprise-Grade platforms
158 - Product Management for Enterprise-Grade platforms
ProductCamp Boston
 

Similar to Auditing SharePoint Permissions (20)

Doing It Right: The SharePoint Way
Doing It Right: The SharePoint WayDoing It Right: The SharePoint Way
Doing It Right: The SharePoint Way
 
SharePoint Governance 101 SPSSA2016
SharePoint Governance 101 SPSSA2016SharePoint Governance 101 SPSSA2016
SharePoint Governance 101 SPSSA2016
 
SPS London 2019 Enabling External Sharing in Office 365, SharePoint and OneDrive
SPS London 2019 Enabling External Sharing in Office 365, SharePoint and OneDriveSPS London 2019 Enabling External Sharing in Office 365, SharePoint and OneDrive
SPS London 2019 Enabling External Sharing in Office 365, SharePoint and OneDrive
 
Threat from within
Threat from withinThreat from within
Threat from within
 
Enterprise Open Source
Enterprise Open SourceEnterprise Open Source
Enterprise Open Source
 
SharePoint Governance 101 - Austin O365 & SharePoint User Group
SharePoint Governance 101 - Austin O365 & SharePoint User GroupSharePoint Governance 101 - Austin O365 & SharePoint User Group
SharePoint Governance 101 - Austin O365 & SharePoint User Group
 
SP Fest Denver - O365 Governance: One Area Cloud May Not Be Simpler
SP Fest Denver - O365 Governance: One Area Cloud May Not Be SimplerSP Fest Denver - O365 Governance: One Area Cloud May Not Be Simpler
SP Fest Denver - O365 Governance: One Area Cloud May Not Be Simpler
 
If SharePoint had Warning Labels
If SharePoint had Warning LabelsIf SharePoint had Warning Labels
If SharePoint had Warning Labels
 
SharePoint Governance 101 - OKCSUG
SharePoint Governance 101 - OKCSUGSharePoint Governance 101 - OKCSUG
SharePoint Governance 101 - OKCSUG
 
SharePoint Permissions 101
SharePoint Permissions 101SharePoint Permissions 101
SharePoint Permissions 101
 
Optimize Your Funnel By Getting Inside Your Buyer's Head
Optimize Your Funnel By Getting Inside Your Buyer's HeadOptimize Your Funnel By Getting Inside Your Buyer's Head
Optimize Your Funnel By Getting Inside Your Buyer's Head
 
Building enterprise platforms - off the beaten path - SharePoint User Group U...
Building enterprise platforms - off the beaten path - SharePoint User Group U...Building enterprise platforms - off the beaten path - SharePoint User Group U...
Building enterprise platforms - off the beaten path - SharePoint User Group U...
 
Governance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I StartGovernance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I Start
 
Governance in o365 share point online. yes, you can and yes, you should
Governance in o365 share point online. yes, you can and yes, you shouldGovernance in o365 share point online. yes, you can and yes, you should
Governance in o365 share point online. yes, you can and yes, you should
 
Future-proof your office 365 digital workplace
Future-proof your office 365 digital workplaceFuture-proof your office 365 digital workplace
Future-proof your office 365 digital workplace
 
Office365 Governance Is Changing!!
Office365 Governance Is Changing!!Office365 Governance Is Changing!!
Office365 Governance Is Changing!!
 
Sharing Nicely with Others - External Sharing in SharePoint Online
Sharing Nicely with Others - External Sharing in SharePoint OnlineSharing Nicely with Others - External Sharing in SharePoint Online
Sharing Nicely with Others - External Sharing in SharePoint Online
 
Teams Day Online V - Information Barriers - Communication Compliance and Micr...
Teams Day Online V - Information Barriers - Communication Compliance and Micr...Teams Day Online V - Information Barriers - Communication Compliance and Micr...
Teams Day Online V - Information Barriers - Communication Compliance and Micr...
 
Solvion Trend Werkstatt juni 2019 - Microsoft Teams
Solvion Trend Werkstatt juni 2019 - Microsoft TeamsSolvion Trend Werkstatt juni 2019 - Microsoft Teams
Solvion Trend Werkstatt juni 2019 - Microsoft Teams
 
158 - Product Management for Enterprise-Grade platforms
158 - Product Management for Enterprise-Grade platforms 158 - Product Management for Enterprise-Grade platforms
158 - Product Management for Enterprise-Grade platforms
 

Recently uploaded

Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
Game Development with Unity3D (Game Development lecture 3)
Game Development with Unity3D (Game Development lecture 3)Game Development with Unity3D (Game Development lecture 3)
Game Development with Unity3D (Game Development lecture 3)
abdulrafaychaudhry
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
Aftab Hussain
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Google
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
Google
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
Hornet Dynamics
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 

Recently uploaded (20)

Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
Game Development with Unity3D (Game Development lecture 3)
Game Development with Unity3D (Game Development lecture 3)Game Development with Unity3D (Game Development lecture 3)
Game Development with Unity3D (Game Development lecture 3)
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 

Auditing SharePoint Permissions

  • 1. AUDITING SHAREPOINT PERMISSIONS WHY? HOW? WHAT? KARIM ROUMANI SOLUTIONS DIRECTOR/SPEAKER TWITTER: @KARIMSPOINT KARIM.ROUMANI@TEKREACH.C OM
  • 2. ASSUMING • Assume have an basic understanding • eBook to get started - http://bit.ly/1RuAAn7
  • 3. WHY SHOULD YOU CARE? • CyberCrime is not a hobby, its big business • Organized Crime • Nation States • Terror Groups • Security Vulnerabilities Hit all Time high in 2014 • Heartbleed SSL • Shellshock (unix) • Sandworm (windows malware using OLE) • People Are the Weakest link / Bad Apple / Leakers • Downsizing, Leaving on Bad Terms, Mistakes, Social Engineering • Competitors • Contractors • Examples • eBay, Home Depot, Michaels, Sony, Target
  • 5. THE HUMAN WEAKNESS • Convenience people just give permissions without thorough understanding • Forget • To delete the user • Set an expiration date • Remove the permissions • Lack of Visibility and Visualization on the Data • Difficulty to Grasp the Risks
  • 6. THE HUMAN WEAKNESS • Difficulty to Grasp the Risks
  • 7. SHAREPOINT CHALLENGE • Nested Objects • Hard to see a full picture • Confusing • Daunting Effort • No Process Exists
  • 8. IMPACT OF BREACH • Lawsuits • Trade Secret/ Financial Loss • Social Security, Credit Cards, Medical Records • Compliance Issues • Embarrassment
  • 9. Producer at SONY thinks Angelina Jolie is a "spoiled brat"
  • 10. RISK IMPACT OF BREACH • PR Crisis • Fired
  • 11. HOW? PLAN? GOAL: No Person Should have Access to Information they shouldn’t have access to.
  • 12. THE PLAN Master Checklist • NOW • Unique Verification • With Content Owners Remediation Sign Off
  • 14. HOW DO I BUILD THIS MASTER LIST?
  • 17. MANUAL CHECK OF UNIQUE PERMISSIONS • Sites Excel Master List
  • 20. CHALLENGES OUT OF THE BOX • Too Many Clicks and Windows • Very tough to track • Collaboration is difficult • Building a Master Tedius
  • 21. USING TOOLS • Powershell (scripting/coding) • Tru Permissions Auditor (turn-key)
  • 22. POWESHELL FLAVORS • Server Code (works only with on-premises) • Client Code (needed for O365)
  • 24. 4 FINAL KEY TIPS
  • 25. AUDITING EFFECTIVE PERMISSIONS• EFFECTIVE PERMISSIONS ARE THE TRUTH • IF JOHN.DOE  READ MARKETING GROUP EDIT JOHN.DOE IS MEMBER OF MARKETING GROUP THEN EFFECTIVE PERMISSIONS ARE JOHN.DOE  EDIT DEMO CHECK PERMISSIONS
  • 26. EXTERNAL USERS • What is an external user? • An external user is someone outside of your organization who can access your SharePoint Online sites and documents but does not have a license for your SharePoint Online or Microsoft Office 365 subscription. External users are not employees, contractors, or onsite agents for you or your affiliates. • External users inherit the use rights of the SharePoint Online customer who is inviting them to collaborate. That is, if an organization purchases an E3 Enterprise plan, and builds a site that uses enterprise features, the external user is granted rights to use and/or view the enterprise features within the site collection they are invited to. While external users can be invited as extended project members to perform a full range of actions on a site, they will not have the exact same capabilities as a full, paid, licensed member within your organization. The limitations are described in the table below.
  • 27. FIND ALL EXTERNAL USERS LAUNCH DEMO
  • 28. WHAT IS “EVERYONE EXCEPT EXTERNAL USERS” GROUP EVERYONE EXCEPT EXTERNAL USERS WHEN A USER IS ADDED TO OFFICE 365, THE USER AUTOMATICALLY BECOMES A MEMBER OF EVERYONE EXCEPT EXTERNAL USERS. BY DEFAULT, THE EVERYONE EXCEPT EXTERNAL USERS GROUP IS ADDED TO THE MEMBERS GROUP ON THE SHAREPOINT TEAM SITE. IT IS AUTOMATICALLY ASSIGNED A PERMISSION LEVEL OF CONTRIBUTE. THIS MEANS ALL USERS WHO ARE ADDED TO OFFICE 365 CAN VIEW, ADD, UPDATE, AND DELETE ITEMS FROM LISTS AND LIBRARIES. IF YOU WANT TO CHANGE THE PERMISSION LEVELS FOR THIS GROUP, YOU CAN REMOVE IT FROM THE MEMBERS GROUP AND THEN ADD IT TO A GROUP THAT USES DIFFERENT PERMISSIONS. FOR EXAMPLE, YOU MIGHT ADD THE EVERYONE EXCEPT EXTERNAL USERS TO THE SHAREPOINT VISITORS GROUP. THIS AUTOMATICALLY ASSIGNS A READ PERMISSION LEVEL TO ALL USERS IN THE EVERYONE EXCEPT EXTERNAL USERS GROUP
  • 29. “SHARE EVERYTHING IN THIS FOLDER” (NEW FEATURE) • Changes were made to the folder sharing behavior in SharePoint Online. Before this update, folder sharing shared only the contents of the folder that inherited permissions from the folder. The new changes lets users share all contents (even uniquely permissioned contents) in a folder when they share a folder. To do this, select the Share everything in this folder, even items with unique permissions check box in the sharing dialog box for a folder. • https://support.microsoft.com/en- us/kb/3048806
  • 30. MOVING FORWARD • Site Owner Education • Audit Triggers / Schedules
  • 31. WHEN TO AUDIT • Migration of Data • Security Review • Recent Breach • Employee or Contractor leaving • What do they still have access to? • Did they modify permissions • Taking over administration. What's the current lay of the land. • Validating controls of a new comer. • Many unique item level permissions • Employee Changing Roles
  • 32. COMMON PITFALLS • A person still in a nested group • A person given direct access to an obscure object • External Users who still have access • A person who gave another person the wrong access. (lack of training/user error)
  • 33. SUMMARY • RISKS • Challenges Keeping Clean Permissions • Audit Plan • Master List / manual using tools • External Users • Key Concepts
  • 34. ULTIMATE GOAL No Person Should have Access to Information they shouldn’t have access to.
  • 35. THANK YOU FOR ATTENDING/ QUESTIONS Karim Roumani Solutions Director/Speaker Twitter: @KarimsPoint Karim.Roumani@tekreach.com • We will send you a link to the recording • Please fill out feedback survey • Tru Apps: http://truapps.portalfront.com/sharepoint-permissions-audit- report.html • SharePoint Permissions eBook: http://bit.ly/1RuAAn7 • Add me to twitter • Email me for questions

Editor's Notes

  1. Not in our instinct to recognize the danger of information leaks. Unlick our fight or flight response
  2. Not in our instinct to recognize the danger of information leaks. Unlick our fight or flight response
  3. We need to understand what I looks like now, evaluate it then make any changes.
  4. https://tekreach.sharepoint.com/sites/demo Site Settings on the main site Site Permissions Check to see if the web has unique permissions.
  5. https://tekreach.sharepoint.com/sites/demo/hr https://tekreach.sharepoint.com/sites/demo/hr/_layouts/15/start.aspx#/_layouts/15/user.aspx
  6. https://tekreach.sharepoint.com/sites/demo/hr https://tekreach.sharepoint.com/sites/demo/hr/_layouts/15/start.aspx#/_layouts/15/user.aspx
  7. https://tekreach.sharepoint.com/sites/demo/hr https://tekreach.sharepoint.com/sites/demo/hr/_layouts/15/start.aspx#/_layouts/15/user.aspx
  8. Show Structure Show AD Group Members Check for kred\sample group on main site and show members Kred\karim.Roumani http://tekdev13.sytes.net
  9. http://tekdev13.sytes.net/_layouts/15/start.aspx#/_layouts/15/user.aspx Indicate how Mike has Read on this site Check Permission shows Edit Shows the source.
  10. https://portal.office.com/admin/default.aspx#SitesPage Click on External Sharing -> Sites Show Site URL -> Click on it User name
  11. https://support.microsoft.com/en-us/kb/3048806