classification is a must-have when we talk about Governance, Compliance and
also topics around GDPR.
Beside 3rd party solutions focusing on site
and content classification we have also some out of the box options and
developer opportunities in Office 365 and SharePoint on-prem. Depending on if
we are talking about classic SharePoint Site Collections or if we talk about modem
Team Sites, being part of an Office 365 Group, we have different szenarios.
To create a new SharePoint site in Office 365 we
know two different ways.
can create a SharePoint Online Site using the SharePoint Online Administration.
This will create a SharePoint Site based on WebTemplate STS
can go to SharePoint Home and click “create” in the upper left corner or we can
go to Outlook Online and create a new Group. Both will create a SharePoint Site
based on WebTemplate GROUP
provide a site classification solution for classic Team Sites created by option
1 we need to implement the following: Implement
a SharePoint site classification solution. This works also for SharePoint
2013 on-prem. The article describes a full solution including policies for site
closing and deletion depending on the classification setting. As you can see
the article describes some steps to do:
and set site policies
a custom action
a classification indicator to site page
Using the opportunities
we have with Groups and Group Policies some of these things can be automatically
put to a SharePoint Site based on WebTemplate GROUP.
This video by Vesa Juvonen is showing the steps and
the final results:
As you can
see we need to create the site bases on option 2.
One of the
backend systems helping to fulfill those regulations is the SharePoint Online
Search Service. In the SharePoint Online Search schema, we can find two managed
properties focusing on sharing and access from outside of your organization.
ViewableByExternalUsers and ViewableByAnonymousUsers
the same setting: Query, Retrieve, Refine
and Sort. So we can use them to
create some reports based on search queries.
let every user search in his SharePoint Online sites, OneDrive for Business
files and also in Emails for content. In this scenario Email is of topic. But
using this search function at the landing page of Office 365 a user can create
a personal overview of content he shared to externals or anonymous.
To do this
a user needs to fill in the following query in the search box at the Office 365
In this example,
I search for documents located in SharePoint Online sites or in my personal
OneDrive for Business which are shared based on an anonymous guest link.
Using the query
ViewableByExternalUsers=true shows me the files shared with
external users through a sharing link that requires them to log in before they
can view the file.
says: List of files you have access to
that have been shared with users outside your organization through a sharing
link that requires them to log in before they can view the file. Files shared
with anonymous users or files available to users with guest permissions are not
To get a
list of files shared anonymous in this Team Site we can again use the query: ViewableByAnonymousUsers=true followed by a path filter like for
Using Search Center to get
As an administrator,
you can also use the search center to get an overview of anonymous shared content
or about data and also SharePoint Online Sites them self, shared to externals.
The queries are basically the same and you can extend them with additional
keyword queries properties.
search all Office 366 Groups external users can access:
(Because of security trimming in SharePoint
Search the user who runs the query needs access to all Team Sites to gets an
there are also options archiving this using PowerShell
for Office 365 Groups or using Reports
in the Office 365 Security & Compliance Center. Using the SharePoint
Online search gives you the power and flexibility to integrate all managed
properties as metadata in you report like for example ViewsLifeTime, LastModifiedTime,
CreatedBy or ModifiedBy. In addition you can easily scope
your report to only show documents using the IsDocument=true query parameter or to focus to
special Site Templates like WebTemplate:GROUP to only show Office 365 Groups Team Sites etc.