SharePoint setup basics

Question

Hi all, 

I'm new to SharePoint and I am investigating how to best configure an environment. I'd like to put as much effort into the planning of the framework as possible, as I understand that some things can cause issues further down the line. I have a couple of questions that I'd like to ask regarding planning and setup, if you could kindly advise.

SharePoint version:

Online

Intent:

1. Document management with version control, approval and retention, based on specific document types.
2. A method of finding and viewing documentation across multiple sites for varied departments.
3. Make use of modern SP sites, instead of classic. As the setup is new, I don't foresee a reason to look backwards, when in all likelihood the configurations will be deprecated.

Current setup:

As it currently stands, I have several existing MS Teams (departments) that inherently have SP team sites associated. These sites will be collaboration spaces for the members of the team. 

Understanding so far (Please correct me):

Site Setup & Sharing

• Each team site will belong to the team members only, but content could be shared.
• Team site content could be shared to a global (all internal members) user group, individual or external as required for the institution.
• Team site content could be dynamically listed in a highlighted content web part or direct links on another site if required (e.g. comm's site)

Document Management:

• Revisioning and Approval is turned on in the document library settings
• Document libraries can have content types associated. These are configured using columns, which is where institutionally required information can be specified for that content type. E.g. Policy, Procedure, Guideline
• Content types create future opportunity for data policies within the O365 environment.
• Content types can be defined in the default content type hub.
• Shared links do not change if a version of the document/page changes.
• Only the current major (approved) version of a document/page will be shown to non-members (as configured in document library settings).

Navigation:

• If document library content is shared with a group, members would see results in the 'global search' facility.
• Centralised navigation can only exist in the form of a hub site. Users can also use the SharePoint Home for associated/followed sites

Users

• Members will create/update content (as defined)
• Approvers will approve content before it can be seen by non-members (as defined)
• Administrators will design and configure each site (as defined)

Questions:

1. Is it common practice to maintain document content in a team site, but publish it (via link) to a communication site?
2. Are content types better for identifying document types (policy, guide etc.) than terms?
3. Are content types the only method of associating O365 data polices?
4. How can I safely define a content type in a central location that is available to existing team sites? - Some users have suggested not altering the default content type hub, though what is the workaround?
5. Are general information (communication pages) best created in the Team site, or a Communication site, when the intent is for all internal users to access them (Who we are, what we do in our department etc.)?
6. How can a document be locked from further editing? - I understand that 'approval' does part of this.

Many thanks in advance for any support given. I would prefer GUI operation where possible, as opposed to PowerShell.

Answer 1

Hi Anthony,

Thank you for posting your question in this community. It seems that you have some concerns about SharePoint usage based on your description. Hence, I would like to share my knowledge and experiences based on your question separately. Hope it can be much clearer.

1. Is it common practice to maintain document content in a team site, but publish it (via link) to a communication site?

I am not quite sure what is the final object you would like to achieve. But you can list the document from a Team site to another community site by creating a sharable link of the document as long as the sharable link is not expired and the users in communication site have the related permission to access this document.

For the question 2 and 3, it seems that they related to each other, so I put them together.

2. Are content types better for identifying document types (policy, guide etc.) than terms?

3: Are content types the only method of associating O365 data polices?

Generally, both content types and terms in term set are commonly used for managing and indexing your data storage in an easily way.

For content types, it provides an ability to organize the contents in SharePoint in a centralized and meaningful manner. For example, in a SharePoint site, you have varieties of files for different projects. By creating a content type, like project 1, project 2. Then, you can assign the content type according to different files based on different projects. In another words, you can figure out which files belong to project 1, which files belong to project 2

For your information:

Introduction to Content Types

For the terms in term set, you can think it as a label or category in library. For example, a SharePoint site contains a lot of information and contents which are belongs to different company departments. Then you can apply this “label” according to different departments, such as HR, Accounting, Marketing, etc.

For your information:

Term Set and Terms

Overall, the purpose of these two are helping the site owner or users to manage and search the related information and contents in SharePoint in a much efficient way.

For the Microsoft 365 policy you are referring to, may I know it is the policies, such as Data lost Policy (DLP), Retention policy etc.? If so, based on my knowledge, the content types and terms didn’t determine by these policies. For example, Data lost Policy in Microsoft 365, which it helps to protect sensitive information in your organization tenant, such as customer credit card information, social security numbers, etc. After you set up the rules based on your requirement. It would scan all the locations you applied and figure out whether there is any sensitive information in these locations.

For your information

Overview of data loss prevention

Overview of retention policies

4. How can I safely define a content type in a central location that is available to existing team sites? - Some users have suggested not altering the default content type hub, though what is the workaround?

Generally, each site, such as site collection, site library, site list has its own content types. You can create or manage the content types from highest level to lowest level sites and the content types in lowest level can also inherit the content type from higher level, For example, a site document library can inherit content type from the site level.

I am not quite sure which is the “safely define a content type in a central location. you can also share more details of it with a objective you may would like to achieve.

5. Are general information (communication pages) best created in the Team site, or a Communication site, when the intent is for all internal users to access them (Who we are, what we do in our department etc.)?

In this scenario, Communication site would be more suitable compare to Teams site as you tend share the information across all the internal users in your tenant from my point of view.

For your information:

Communication Site vs Team Site

6. How can a document be locked from further editing? - I understand that 'approval' does part of this.

In most of the senarios, to prevent document for further editing by users, you can always use check in or check out the documents for “approving”

Check out, check in, or discard changes to files in a library

However, you can also consider use to the SharePoint workflows for approval as another option to achieve this object.

Approval workflows

Best regards,

Dihao

Answer 2

Hi Anthony,  

Have you checked my reply above? If there are any updates, please feel free to post back here and share with us at your convenience.

Best regards,

Dihao

Answer 3

Hi Dihao, 

Thank you for taking the time to reply. Apologies for the late response.

I'll continue to refer to your numbering for consistency:

1. Your explanation here helped with identifying this process. Libraries/items shared with 'Users in the Organisation' might fulfil this task, allowing search as well as link publishing in another site.

2/3. I guess my question here was which is the best solution for identifying/tagging specific document types. Let's say I have policies, forms, guides, which are descriptors used across multiple sites. Is it better to identify these with a Content Type or Label? - Longer term, I'd like to investigate the use of features such as DLP to identify and monitor data. I also want to add columns to library views to show the labels added.

4. I looked at using content types for 2/3. I created columns that I wanted to ensure were filled in for each content type and then assigned them. Again, I did this for 'polices', 'forms', 'guides' etc.  This appears to work well for one site, but I have a flat architecture, where I would like to centrally define content types across multiple sites - I have no sub sites.
5. Your response is clear here, thanks.
6. I probably needed to be more clear here. I would like to know if I can lock a file so that I have a version of it archived. I've done a little reading here and think that Records Management might be what I'm after. I need to look in to this more.

If I may add another couple of questions to the list:

7. MS Teams with SharePoint sites: Am I right in understanding that Team Owners = Site Administrators (full control) and Team Members = Site Members (edit)
8. Can/should the default permissions be changed for these two roles? - I would like to stop owners/members from altering site settings. Essentially changing their permissions to edit or contribute.

Again, may thanks for any responses.

Answer 4

Hi Anthony, 

Thank you for your reply and updates. Based on my understating on your 2,3,4 question, you would like to have a tool in SharePoint, to manage, index, secure and monitor all the files in your SharePoint site. Hence, you are wondering which tool and feature is easiest between Content Type or Label.

In this scenario, I think you can create the custom content type at site collection level based on my experience and knowledge. Because the content type can apply to all your sites if you created it at site collection level so that you don’t have to create label one by one and easily manage them.

For your information:

Introduction to content types and content type publishing

However, DLP policy in Microsoft 365 didn’t works with content type or label. DLP policy is to protect the business sensitive information, such as Customer credit card numbers, social security number in your business files based on the business standards and industry regulations. When you create a DLP policy for a SharePoint site, it will start to scan this SharePoint site and detect whether there are any files or lists in this SharePoint site contains those sensitive information and keep monitoring.

For your information:

Overview of data loss prevention

If you only want to monitor the user activities in a SharePoint site, Audit log feature in Microsoft 365 will be more suitable in this scenario. It will help you record all the user activities across your tenant. You can also search the specific file or SharePoint site with the search feature in Audi Log.

For your information:

Search the audit log in the Security & Compliance Center

==================

Regarding to your question 6 about “Lock a file”, implement Records Management is a possible method to archive. This method is quite similar as creating a different document library for archive purpose at a top-level site collection.

However, here is a few scenarios, you can have a look, because I recommend you can use the easiest method to set up an environment, it will be also easier to manage in the future.

If you want to prevent user to further edit of a file version, check in/check out feature is easiest way.

If you want to completely prevent users to further edit a file, but only can view. The easiest way will be set a unique permission with a view only permission for this file which all the site members cannot edit this file anymore.

If you want to completely remove this file from user’s view and achieve it. The easiest way will be created a different library to store the achieve files.

Here is a similar thread I found about Hide/Archive documents in SharePoint Online, which some users also shared some ideas about it.

==============

For your newest two questions about Permission. Your understanding is correct. As you know, when you create a Teams group, an associated Microsoft 365 group will be created as well. By default, the Teams group owner will be the owner in Microsoft 365 group, which is the site owner of this SharePoint Teams site. And the Teams group members will be assigned Site members permission in this SharePoint Teams sites.

Furthermore, you can change the default permission for these two roles as a tenant admin. However, if you change the permission of this SharePoint Teams site, this change will be applied to the entire Microsoft 365 group based on my test.

For example, a site member who has edit permission in this SharePoint Teams site. If you change this user’s site permission from site member to site owner, this user will also become an owner of this Microsoft 365 group, which means this user will also lose the full control permission in other Microsoft services, such as this Teams group.

Notes: It may take some time to be applied to all related Microsoft 365 services of this Microsoft 365 group after you modify the ownership settings.

Best regards,

Dihao

Answer 5

Hi Anthony,  

Regarding to this question, is there any update? If so , please post back here and let me know. :) 

Best regards,

Dihao