Samstag, 9. September 2017

Using site classification for SharePoint Sites

Site classification is a must-have when we talk about Governance, Compliance and also topics around GDPR.
Beside 3rd party solutions focusing on site and content classification we have also some out of the box options and developer opportunities in Office 365 and SharePoint on-prem. Depending on if we are talking about classic SharePoint Site Collections or if we talk about modem Team Sites, being part of an Office 365 Group, we have different szenarios.

To create a new SharePoint site in Office 365 we know two different ways.

  1. We can create a SharePoint Online Site using the SharePoint Online Administration. This will create a SharePoint Site based on WebTemplate STS
  2. We can go to SharePoint Home and click “create” in the upper left corner or we can go to Outlook Online and create a new Group. Both will create a SharePoint Site based on WebTemplate GROUP
To provide a site classification solution for classic Team Sites created by option 1 we need to implement the following: Implement a SharePoint site classification solution. This works also for SharePoint 2013 on-prem. The article describes a full solution including policies for site closing and deletion depending on the classification setting. As you can see the article describes some steps to do:
  • Define and set site policies
  • Insert a custom action
  • Custom site classification
  • Add a classification indicator to site page
Using the opportunities we have with Groups and Group Policies some of these things can be automatically put to a SharePoint Site based on WebTemplate GROUP.
This video by Vesa Juvonen is showing the steps and the final results:
As you can see we need to create the site bases on option 2.
(Dialogs already including policies)
SharePoint Home - Create:
Outlook Online -> Create Group:

Final result:

Step by Step

To enable this functionality in Office 365 we need to set up an “Settings Object” and a “Settings Template” in Azure AD. To do this we can use the Azure Active Directory cmdlets for configuring group settings.

First of all we need to install the preview of Azure Active Directory V2 PowerShell Module:

Install-Module -Name AzureADPreview

To set up the site classification options and configure properties like ClassificationList and ClassificationDescriptions etc follow these steps also shown in Vesas video:

#Connect
Connect-AzureAD
Get-AzureADDirectorySettingTemplate

#Create
$Template = Get-AzureADDirectorySettingTemplate -Id 62375ab9-6b52-47ed-826b-58e47e0e304b
$Setting = $template.CreateDirectorySetting()
$setting["UsageGuidelinesUrl"] = "http://sharepointtalk.com"
$setting["ClassificationList"] = "Public, Internal, TopSecret"
$setting["DefaultClassification"] = "TopSecret"
$setting["ClassificationDescriptions"] = "Public:no restrictions,Internal:all internal users can access,TopSecret:only special users can access"
$setting["GuestUsageGuidelinesUrl"] = "http://sharepointtalk.net"
New-AzureADDirectorySetting -DirectorySetting $setting

#Check
Get-AzureADDirectorySetting -All $True
(Get-AzureADDirectorySetting -Id %%YOUR ID%%).values

As described in the video we can now use the CLASSIFICATION property to assign a site policy or any other custom action. Details about site policies are part of Implement a SharePoint site classification solution.

Here the script taken from the video to get the CLASSIFICATION property:

#Get PnP PowerShellOnline
Install-Module SharePointPnPPowerShellOnline
#Get Site classfication value
Connect-PnPOnline https://%YOUR TENANT%.sharepoint.com/sites/%YOUR SITE%
Get-PnPSite
$Site.Classification
Get-PnPProperty -ClientObject $Site -Property Classification