SlideShare a Scribd company logo

Best Practices for Security in Microsoft SharePoint 2013

A
AntonioMaio2

Best Practices for Security in Microsoft SharePoint 2013

Technology
1 of 25
Best Practices for Security in Microsoft SharePoint 2013 Antonio Maio Senior Product Manager, TITUS Microsoft SharePoint Server MVP Email: Antonio.maio@titus.com Blog: www.trustsharepoint.com Twitter: @AntonioMaio2
www.sharepointsummit.org 2 Introduction Goal: Inform and Educate on Key SharePoint Security Features  We know its critical in government and military deployments  We know its critical consideration in business  Security is still often its an after thought for many deployments  Requires good planning  Requires good awareness of the capabilities available  Requires knowledge of what SharePoint cannot do
www.sharepointsummit.org 3 Introduction Topics • What Drives our Security Needs in SharePoint? • Deployment Planning & Accounts • Authentication • Permissions • Web Application Policies & Anonymous Access • Security Considerations for Public Facing Web Sites • Other Security Features
www.sharepointsummit.org What Drives our Information Security Needs? Information Security comes down to 2 or 3 drivers:  Protecting Your Investments (intellectual property, digital assets, competitive advantage…)  Reducing Your Liability (avoid compliance violations, fines/sanctions, reputation issues…)  Public Safety or Mission Success (protect classified information, mission plans, reputation issues…) 4
www.sharepointsummit.org What Drives our Information Security Needs? How does this affect us as SharePoint people?  How We Deploy SharePoint  Control Access  Assign Roles & Establish Repeatable/Predictable Process  Regulatory Compliance Standards  Auditing & Reporting Obligations 5
www.sharepointsummit.org Deployment Planning/Managed Accounts SharePoint is a web application built on top of SQL Server  Best practice: to have specific managed accounts for specific purposes with least privileges Benefits: Separation of Concerns  Separation of data  Multiple points of redundancy  Targeted auditing of account usage Review SharePoint deployment guide before you install
www.sharepointsummit.org Examples of Managed Accounts 1. SQL Server Service Account  Assign to MSSQLSERVER and SQLSERVERAGENT services when you install SQL Server (ex: domainSQL_service)  No special domain permissions - given required rights on the SQL Server during setup 2. Setup User Account  Used to install SharePoint, run Product Config Wizard, install patches/updates  login with this account when running setup (ex: domainsp_setup_user)  Must be local admin on each server in SharePoint farm (except SQL Server if different box) 3. SharePoint Farm Account  Used to run the SharePoint farm; not just for database access (ex. domainsp_farm_user)  After Product Config Wizard is run, prompted to provide the Database Access Account – misnamed in UI, this is really the farm service account Should all be AD domain accounts Do not use personal admin account, especially for Farm Account Configure central email account for all managed accounts
www.sharepointsummit.org Authentication Determine that users are who they say they are (login)  Configured on each web app  Multiple authentication methods per web app SharePoint 2010 Options  Classic Mode Authentication (Integrated Auth, NTLM, Kerberos)  Claims Based Authentication  Forms Based Authentication available- done through Claims Based Auth. UI configuration only available in UI upon web app creation To convert non-claims based web app to claims will require PowerShell SharePoint 2013 Options  Claims Based Authentication - default  Classic Mode Configuration UI has been removed (Only configurable through PowerShell)
www.sharepointsummit.org Permissions Allow you to secure any information object or container  Determine who gets access to what information objects and what type of access  Apply to items, folders, lists, libraries, sites, site collection…  Do not apply to individual column field values (not a securable object) Assigning Permissions Includes  The user or group we are enabling with access  The information object in question  The permission level we are granting as part of that access Examples  Finance AD Group has Full Control on Library  ProjectX-Contractor SP Group has Read access on site  Antonio.Maio AD user has Contribute access on Document
www.sharepointsummit.org Users Interacting with Permissions 10
www.sharepointsummit.org Users Interacting with Permissions 11
www.sharepointsummit.org Users Interacting with Permissions 12
www.sharepointsummit.org Users Interacting with Permissions 13
www.sharepointsummit.org Inherited Permissions  Hierarchical permission model  Permissions are inherited from level above  Can break inheritance and apply unique permissions  Manual process  Permissive Model SharePoint Farm Web Application Site Collection Site Collection Site Site Library List Document Web Application Item Site Document Document Item Demo Members SharePoint Group Edit Demo Owners SharePoint Group Full Control Demo Visitors SharePoint Group Read Finance Team Domain Group Edit Senior Mgmt Domain Group Full Control Research Team Domain Group Full Control Senior Mgmt Domain Group Full Control Research Team Domain Group Full Control Senior Mgmt Domain Group Full Control Antonio.Maio Domain User Full Control
www.sharepointsummit.org Permissions and Security Scopes  Every time permission inheritance is broken a new security scope is created  Security Scope is made of up principles:  Domain users/groups  SharePoint users/groups  Claims  Be aware of “Limited Access”  Limitations  Security Scopes (50,000 per list)  Size of Security Scope (5,000 per scope)  Resources  Microsoft SharePoint Boundaries and Limits: http://technet.microsoft.com/en- us/library/cc262787.aspx
www.sharepointsummit.org Fine Grained Permissions Trend: sensitive content sitting beside non-sensitive content Leads to customers exploring fine grained permissions Confidential Public Internal Recommendation  Use metadata to identify which data to protect  User attributes (claims) to determine who should have access  Implemented automated solution to manage fine-grained permissions
www.sharepointsummit.org Web Application Policies User Permissions  Permissions available within permission levels at site collection level Permission Policies  Define groups of permissions (similar to permission levels)  Control if site collection admins have full control on any object in site col.  Only place with a “Deny” capability (default: deny write, deny all) User Policies  Assign permission policies to users and groups for the entire web app  Ex. Deny group from deleting items within an entire web app – applicable to public facing web app Blocked File Types  Prevent specific files types from being added to libraries within web app
www.sharepointsummit.org Anonymous Access Turn on or off for web application – only making available for sites  Central Admin> Manage Web Apps> Authentication Providers  Edit an Authentication Provider  Check on „Enable Anonymous Access‟ for that provider  Select “Anonymous Policy” for the web app  Select zone and policy for anonymous access
www.sharepointsummit.org  Site Owners must explicitly enable on each site (this is a good thing)  Site Settings> Site Permissions Anonymous Access
www.sharepointsummit.org Risk: Inadvertent exposure of internal data on a public web site  All form pages and _vti_bin web services are accessible - PUBLICLY  Modify the URL of a public facing SharePoint site: http://www.mypublicsite.com/SitePages/Home.aspx to http://www.mypublicsite.com/_layouts/viewlsts.aspx  View All Site Content page is now exposed, typically in SharePoint branding, with all site content visible  Desired behavior: User is presented with a login page, or an HTTP error  Accessible pages /_layouts/adminrecyclebin.aspx /_layouts/policy.axpx /_layouts/recyclebin.aspx /_layouts/bpcf.aspx /_layouts/policyconfig.asp /_layouts/wrkmng.aspx /_layouts/create.aspx /_layouts/policycts.aspx /_layouts/vsubwebs.aspx /_layouts/listfeed.aspx /_layouts/policylist.aspx /_layouts/pagesettings.aspx /_layouts/managefeatures.aspx /_layouts/mcontent.aspx /_layouts/settings.aspx /_layouts/mngsiteadmin.aspx /_layouts/sitemanager.aspx /_layouts/newsbweb.aspx /_layouts/mngsubwebs.aspx /_layouts/stor_man.aspx /_layouts/userdisp.aspx Anonymous Access and Exposure Risk
www.sharepointsummit.org Anonymous Access and Public Facing Sites Remove View Application Pages permission & Use Remote Interfaces permission from Limited Access permission level  Limited Access is what‟s used for anonymous users  Prevents anonymous users from accessing form pages To Do This… Turn on the “Lockdown” Feature  Remove all anonymous access from the site  Open command prompt and go to the folder C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions14BIN  Check whether the feature is enabled or not (If ViewFormPagesLockDown is listed, it's enabled): get-spfeature -site http://url  If not listed then we must enable it using: stsadm -o activatefeature -url -filename ViewFormPagesLockDownfeature.xml  To disable it: stsadm -o deactivatefeature -url -filename ViewFormPagesLockDownfeature.xml  Reset anonymous access on the site Will result in users getting an Authentication Page when accessing these forms pages Available in MOSS2007, SharePoint 2010 and SharePoint 2013 On by default for Publishing Portal Site Template – for other site templates must turn it on manually
www.sharepointsummit.org To prevent access to _layouts pages and web services we must also modify web.config to include: <location path="_layouts/error.aspx"> <system.web> <authorization> <allow users="?" /> </authorization> </system.web> </location> <location path="_layouts/accessdenied.aspx"> <system.web> <authorization> <allow users="?" /> </authorization> </system.web> </location> <add path="configuration"> <location path="_layouts"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> <location path="_vti_bin"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> <location path="_layouts/login.aspx"> <system.web> <authorization> <allow users="?" /> </authorization> </system.web> </location> Anonymous Access and Public Facing Sites
www.sharepointsummit.org Other Security Features  Information Rights Management  Event Auditing  Privileged Users
Thank you for your attention! This presentation will be available on the Toronto SharePoint Summit web site a few days after the event. Antonio Maio Senior Product Manager, TITUS Microsoft SharePoint Server MVP Email: Antonio.maio@titus.com Blog: www.trustsharepoint.com Twitter: @AntonioMaio2
Please rate this session! Fill out the survey and get a chance to win a Surface

Recommended

Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMDrew Madelung
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTRadhakrishnan Govindan
 
SharePoint Workflow Migration
SharePoint Workflow MigrationSharePoint Workflow Migration
SharePoint Workflow MigrationCygnet Infotech
 
An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)Robert Crane
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory ProposalMJ Ferdous
 
Sharepoint
SharepointSharepoint
SharepointNaqash Ahmed
 

Recommended

Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMDrew Madelung
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTRadhakrishnan Govindan
 
SharePoint Workflow Migration
SharePoint Workflow MigrationSharePoint Workflow Migration
SharePoint Workflow MigrationCygnet Infotech
 
An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)Robert Crane
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory ProposalMJ Ferdous
 
Sharepoint
SharepointSharepoint
SharepointNaqash Ahmed
 
Understand the SharePoint Basics
Understand the SharePoint BasicsUnderstand the SharePoint Basics
Understand the SharePoint BasicsBenjamin Niaulin
 
Broken access control
Broken access controlBroken access control
Broken access controlPriyanshu Gandhi
 
TeamsNation 2022 - Governance for Microsoft Teams - A to Z.pptx
TeamsNation 2022 - Governance for Microsoft Teams - A to Z.pptxTeamsNation 2022 - Governance for Microsoft Teams - A to Z.pptx
TeamsNation 2022 - Governance for Microsoft Teams - A to Z.pptxJasper Oosterveld
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directorythoms1i
 
SharePoint Tutorial and SharePoint Training - Introduction
SharePoint Tutorial and SharePoint Training - IntroductionSharePoint Tutorial and SharePoint Training - Introduction
SharePoint Tutorial and SharePoint Training - IntroductionGregory Zelfond
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
May 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know WebinarMay 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know WebinarRobert Crane
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD ConnectSasha Rosenbaum
 
Azure active directory
Azure active directoryAzure active directory
Azure active directoryRaju Kumar
 
Everything you need to know about external sharing in OneDrive, SharePoint, a...
Everything you need to know about external sharing in OneDrive, SharePoint, a...Everything you need to know about external sharing in OneDrive, SharePoint, a...
Everything you need to know about external sharing in OneDrive, SharePoint, a...Drew Madelung
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security RisksImperva
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 DefenderMighty Guides, Inc.
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Active Directory
Active DirectoryActive Directory
Active DirectorySmall World Group L.L.C
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual MachinesClint Edmonson
 
Introduction To Microsoft SharePoint 2013
Introduction To Microsoft SharePoint 2013Introduction To Microsoft SharePoint 2013
Introduction To Microsoft SharePoint 2013Vishal Pawar
 
Deploying & Managing OneDrive
Deploying & Managing OneDriveDeploying & Managing OneDrive
Deploying & Managing OneDriveDrew Madelung
 
Mobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - AtidanMobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - AtidanDavid J Rosenthal
 
Advantages of SharePoint Online
Advantages of SharePoint OnlineAdvantages of SharePoint Online
Advantages of SharePoint OnlineRishabh Software
 
CollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystifiedCollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystifiedAlbert Hoitingh
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...AntonioMaio2
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedAntonioMaio2
 

More Related Content

What's hot

Understand the SharePoint Basics
Understand the SharePoint BasicsUnderstand the SharePoint Basics
Understand the SharePoint BasicsBenjamin Niaulin
 
TeamsNation 2022 - Governance for Microsoft Teams - A to Z.pptx
TeamsNation 2022 - Governance for Microsoft Teams - A to Z.pptxTeamsNation 2022 - Governance for Microsoft Teams - A to Z.pptx
TeamsNation 2022 - Governance for Microsoft Teams - A to Z.pptxJasper Oosterveld
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directorythoms1i
 
SharePoint Tutorial and SharePoint Training - Introduction
SharePoint Tutorial and SharePoint Training - IntroductionSharePoint Tutorial and SharePoint Training - Introduction
SharePoint Tutorial and SharePoint Training - IntroductionGregory Zelfond
 
May 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know WebinarMay 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know WebinarRobert Crane
 
Azure active directory
Azure active directoryAzure active directory
Azure active directoryRaju Kumar
 
Everything you need to know about external sharing in OneDrive, SharePoint, a...
Everything you need to know about external sharing in OneDrive, SharePoint, a...Everything you need to know about external sharing in OneDrive, SharePoint, a...
Everything you need to know about external sharing in OneDrive, SharePoint, a...Drew Madelung
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security RisksImperva
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 DefenderMighty Guides, Inc.
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual MachinesClint Edmonson
 
Introduction To Microsoft SharePoint 2013
Introduction To Microsoft SharePoint 2013Introduction To Microsoft SharePoint 2013
Introduction To Microsoft SharePoint 2013Vishal Pawar
 
Deploying & Managing OneDrive
Deploying & Managing OneDriveDeploying & Managing OneDrive
Deploying & Managing OneDriveDrew Madelung
 
Mobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - AtidanMobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - AtidanDavid J Rosenthal
 
Advantages of SharePoint Online
Advantages of SharePoint OnlineAdvantages of SharePoint Online
Advantages of SharePoint OnlineRishabh Software
 
CollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystifiedCollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystifiedAlbert Hoitingh
 

What's hot (20)

Understand the SharePoint Basics
Understand the SharePoint BasicsUnderstand the SharePoint Basics
Understand the SharePoint Basics
 
Broken access control
Broken access controlBroken access control
Broken access control
 
TeamsNation 2022 - Governance for Microsoft Teams - A to Z.pptx
TeamsNation 2022 - Governance for Microsoft Teams - A to Z.pptxTeamsNation 2022 - Governance for Microsoft Teams - A to Z.pptx
TeamsNation 2022 - Governance for Microsoft Teams - A to Z.pptx
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
 
SharePoint Tutorial and SharePoint Training - Introduction
SharePoint Tutorial and SharePoint Training - IntroductionSharePoint Tutorial and SharePoint Training - Introduction
SharePoint Tutorial and SharePoint Training - Introduction
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
May 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know WebinarMay 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know Webinar
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD Connect
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
 
Everything you need to know about external sharing in OneDrive, SharePoint, a...
Everything you need to know about external sharing in OneDrive, SharePoint, a...Everything you need to know about external sharing in OneDrive, SharePoint, a...
Everything you need to know about external sharing in OneDrive, SharePoint, a...
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Active Directory
Active DirectoryActive Directory
Active Directory
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
 
Introduction To Microsoft SharePoint 2013
Introduction To Microsoft SharePoint 2013Introduction To Microsoft SharePoint 2013
Introduction To Microsoft SharePoint 2013
 
Deploying & Managing OneDrive
Deploying & Managing OneDriveDeploying & Managing OneDrive
Deploying & Managing OneDrive
 
Mobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - AtidanMobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - Atidan
 
Advantages of SharePoint Online
Advantages of SharePoint OnlineAdvantages of SharePoint Online
Advantages of SharePoint Online
 
CollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystifiedCollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystified
 

Similar to Best Practices for Security in Microsoft SharePoint 2013

SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...AntonioMaio2
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedAntonioMaio2
 
Permissions designed to scale
Permissions designed to scalePermissions designed to scale
Permissions designed to scaleJamie Aliperti
 
Easy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 UsmanEasy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 UsmanUsman Zafar Malik
 
Easy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 UsmanEasy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 UsmanUsman Zafar Malik
 
MOSS2007 Security
MOSS2007 SecurityMOSS2007 Security
MOSS2007 Securitydropkic
 
Spstc2011 Getting the Most from SharePoint's User Profiles
Spstc2011 Getting the Most from SharePoint's User ProfilesSpstc2011 Getting the Most from SharePoint's User Profiles
Spstc2011 Getting the Most from SharePoint's User ProfilesMichael Oryszak
 
Spsvb Getting the Most from user profiles
Spsvb Getting the Most from user profilesSpsvb Getting the Most from user profiles
Spsvb Getting the Most from user profilesMichael Oryszak
 
Securing the SharePoint Platform
Securing the SharePoint PlatformSecuring the SharePoint Platform
Securing the SharePoint PlatformBert Johnson
 
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information SecurityFerraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Securitymferraz
 
Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...UiPathCommunity
 
Getting the Most from SharePoint's User Profiles
Getting the Most from SharePoint's User ProfilesGetting the Most from SharePoint's User Profiles
Getting the Most from SharePoint's User ProfilesMichael Oryszak
 
Ferraz Ia252 Developing An Information Architecture
Ferraz Ia252 Developing An Information ArchitectureFerraz Ia252 Developing An Information Architecture
Ferraz Ia252 Developing An Information Architecturemferraz
 
Getting the Most from SharePoint's User Profiles
Getting the Most from SharePoint's User ProfilesGetting the Most from SharePoint's User Profiles
Getting the Most from SharePoint's User ProfilesMichael Oryszak
 
Share point 2013 add-in (formerly app) development
Share point 2013 add-in (formerly app) developmentShare point 2013 add-in (formerly app) development
Share point 2013 add-in (formerly app) developmentSuhas R Satish
 
Tech Ed 2006 South East Asia Security And Compliance by Joel Oleson
Tech Ed 2006 South East Asia Security And Compliance by Joel OlesonTech Ed 2006 South East Asia Security And Compliance by Joel Oleson
Tech Ed 2006 South East Asia Security And Compliance by Joel OlesonJoel Oleson
 
Advanced SharePoint Server Concepts
Advanced SharePoint Server ConceptsAdvanced SharePoint Server Concepts
Advanced SharePoint Server ConceptsLearning SharePoint
 

Similar to Best Practices for Security in Microsoft SharePoint 2013 (20)

SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 published
 
Permissions designed to scale
Permissions designed to scalePermissions designed to scale
Permissions designed to scale
 
Easy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 UsmanEasy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 Usman
 
Easy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 UsmanEasy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 Usman
 
MOSS2007 Security
MOSS2007 SecurityMOSS2007 Security
MOSS2007 Security
 
Spstc2011 Getting the Most from SharePoint's User Profiles
Spstc2011 Getting the Most from SharePoint's User ProfilesSpstc2011 Getting the Most from SharePoint's User Profiles
Spstc2011 Getting the Most from SharePoint's User Profiles
 
Spsvb Getting the Most from user profiles
Spsvb Getting the Most from user profilesSpsvb Getting the Most from user profiles
Spsvb Getting the Most from user profiles
 
Securing the SharePoint Platform
Securing the SharePoint PlatformSecuring the SharePoint Platform
Securing the SharePoint Platform
 
Ferraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information SecurityFerraz Itp368 Optmizing Information Security
Ferraz Itp368 Optmizing Information Security
 
Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...
 
Moss Governance Guidelines
Moss Governance GuidelinesMoss Governance Guidelines
Moss Governance Guidelines
 
Getting the Most from SharePoint's User Profiles
Getting the Most from SharePoint's User ProfilesGetting the Most from SharePoint's User Profiles
Getting the Most from SharePoint's User Profiles
 
Ferraz Ia252 Developing An Information Architecture
Ferraz Ia252 Developing An Information ArchitectureFerraz Ia252 Developing An Information Architecture
Ferraz Ia252 Developing An Information Architecture
 
Getting the Most from SharePoint's User Profiles
Getting the Most from SharePoint's User ProfilesGetting the Most from SharePoint's User Profiles
Getting the Most from SharePoint's User Profiles
 
SharePoint 2007 Security
SharePoint 2007 SecuritySharePoint 2007 Security
SharePoint 2007 Security
 
Share point 2013 add-in (formerly app) development
Share point 2013 add-in (formerly app) developmentShare point 2013 add-in (formerly app) development
Share point 2013 add-in (formerly app) development
 
Sitecore experience platform part 2
Sitecore experience platform part 2Sitecore experience platform part 2
Sitecore experience platform part 2
 
Tech Ed 2006 South East Asia Security And Compliance by Joel Oleson
Tech Ed 2006 South East Asia Security And Compliance by Joel OlesonTech Ed 2006 South East Asia Security And Compliance by Joel Oleson
Tech Ed 2006 South East Asia Security And Compliance by Joel Oleson
 
Advanced SharePoint Server Concepts
Advanced SharePoint Server ConceptsAdvanced SharePoint Server Concepts
Advanced SharePoint Server Concepts
 

More from AntonioMaio2

Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365AntonioMaio2
 
A beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioAntonioMaio2
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamAntonioMaio2
 
Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioAntonioMaio2
 
SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?AntonioMaio2
 
Office 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maioOffice 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maioAntonioMaio2
 
Real world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - publishedReal world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - publishedAntonioMaio2
 
Overcoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointAntonioMaio2
 
What’s new in SharePoint 2016!
What’s new in SharePoint 2016!What’s new in SharePoint 2016!
What’s new in SharePoint 2016!AntonioMaio2
 
Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365AntonioMaio2
 
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioHybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioAntonioMaio2
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
 
Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...AntonioMaio2
 
A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013AntonioMaio2
 
Keeping SharePoint Always On
Keeping SharePoint Always OnKeeping SharePoint Always On
Keeping SharePoint Always OnAntonioMaio2
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013AntonioMaio2
 
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013AntonioMaio2
 
SharePoint Governance: Impacts of Moving to the Cloud
SharePoint Governance: Impacts of Moving to the CloudSharePoint Governance: Impacts of Moving to the Cloud
SharePoint Governance: Impacts of Moving to the CloudAntonioMaio2
 

More from AntonioMaio2 (20)

Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + Security
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365
 
A beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maio
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat team
 
Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maio
 
SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?
 
Office 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maioOffice 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maio
 
Real world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - publishedReal world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - published
 
Overcoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePoint
 
What’s new in SharePoint 2016!
What’s new in SharePoint 2016!What’s new in SharePoint 2016!
What’s new in SharePoint 2016!
 
Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365
 
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioHybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
 
Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...
 
A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013
 
Keeping SharePoint Always On
Keeping SharePoint Always OnKeeping SharePoint Always On
Keeping SharePoint Always On
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
 
Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013
 
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
 
SharePoint Governance: Impacts of Moving to the Cloud
SharePoint Governance: Impacts of Moving to the CloudSharePoint Governance: Impacts of Moving to the Cloud
SharePoint Governance: Impacts of Moving to the Cloud
 

Recently uploaded

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Recently uploaded (20)

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

Best Practices for Security in Microsoft SharePoint 2013

  • 1. Best Practices for Security in Microsoft SharePoint 2013 Antonio Maio Senior Product Manager, TITUS Microsoft SharePoint Server MVP Email: Antonio.maio@titus.com Blog: www.trustsharepoint.com Twitter: @AntonioMaio2
  • 2. www.sharepointsummit.org 2 Introduction Goal: Inform and Educate on Key SharePoint Security Features  We know its critical in government and military deployments  We know its critical consideration in business  Security is still often its an after thought for many deployments  Requires good planning  Requires good awareness of the capabilities available  Requires knowledge of what SharePoint cannot do
  • 3. www.sharepointsummit.org 3 Introduction Topics • What Drives our Security Needs in SharePoint? • Deployment Planning & Accounts • Authentication • Permissions • Web Application Policies & Anonymous Access • Security Considerations for Public Facing Web Sites • Other Security Features
  • 4. www.sharepointsummit.org What Drives our Information Security Needs? Information Security comes down to 2 or 3 drivers:  Protecting Your Investments (intellectual property, digital assets, competitive advantage…)  Reducing Your Liability (avoid compliance violations, fines/sanctions, reputation issues…)  Public Safety or Mission Success (protect classified information, mission plans, reputation issues…) 4
  • 5. www.sharepointsummit.org What Drives our Information Security Needs? How does this affect us as SharePoint people?  How We Deploy SharePoint  Control Access  Assign Roles & Establish Repeatable/Predictable Process  Regulatory Compliance Standards  Auditing & Reporting Obligations 5
  • 6. www.sharepointsummit.org Deployment Planning/Managed Accounts SharePoint is a web application built on top of SQL Server  Best practice: to have specific managed accounts for specific purposes with least privileges Benefits: Separation of Concerns  Separation of data  Multiple points of redundancy  Targeted auditing of account usage Review SharePoint deployment guide before you install
  • 7. www.sharepointsummit.org Examples of Managed Accounts 1. SQL Server Service Account  Assign to MSSQLSERVER and SQLSERVERAGENT services when you install SQL Server (ex: domainSQL_service)  No special domain permissions - given required rights on the SQL Server during setup 2. Setup User Account  Used to install SharePoint, run Product Config Wizard, install patches/updates  login with this account when running setup (ex: domainsp_setup_user)  Must be local admin on each server in SharePoint farm (except SQL Server if different box) 3. SharePoint Farm Account  Used to run the SharePoint farm; not just for database access (ex. domainsp_farm_user)  After Product Config Wizard is run, prompted to provide the Database Access Account – misnamed in UI, this is really the farm service account Should all be AD domain accounts Do not use personal admin account, especially for Farm Account Configure central email account for all managed accounts
  • 8. www.sharepointsummit.org Authentication Determine that users are who they say they are (login)  Configured on each web app  Multiple authentication methods per web app SharePoint 2010 Options  Classic Mode Authentication (Integrated Auth, NTLM, Kerberos)  Claims Based Authentication  Forms Based Authentication available- done through Claims Based Auth. UI configuration only available in UI upon web app creation To convert non-claims based web app to claims will require PowerShell SharePoint 2013 Options  Claims Based Authentication - default  Classic Mode Configuration UI has been removed (Only configurable through PowerShell)
  • 9. www.sharepointsummit.org Permissions Allow you to secure any information object or container  Determine who gets access to what information objects and what type of access  Apply to items, folders, lists, libraries, sites, site collection…  Do not apply to individual column field values (not a securable object) Assigning Permissions Includes  The user or group we are enabling with access  The information object in question  The permission level we are granting as part of that access Examples  Finance AD Group has Full Control on Library  ProjectX-Contractor SP Group has Read access on site  Antonio.Maio AD user has Contribute access on Document
  • 14. www.sharepointsummit.org Inherited Permissions  Hierarchical permission model  Permissions are inherited from level above  Can break inheritance and apply unique permissions  Manual process  Permissive Model SharePoint Farm Web Application Site Collection Site Collection Site Site Library List Document Web Application Item Site Document Document Item Demo Members SharePoint Group Edit Demo Owners SharePoint Group Full Control Demo Visitors SharePoint Group Read Finance Team Domain Group Edit Senior Mgmt Domain Group Full Control Research Team Domain Group Full Control Senior Mgmt Domain Group Full Control Research Team Domain Group Full Control Senior Mgmt Domain Group Full Control Antonio.Maio Domain User Full Control
  • 15. www.sharepointsummit.org Permissions and Security Scopes  Every time permission inheritance is broken a new security scope is created  Security Scope is made of up principles:  Domain users/groups  SharePoint users/groups  Claims  Be aware of “Limited Access”  Limitations  Security Scopes (50,000 per list)  Size of Security Scope (5,000 per scope)  Resources  Microsoft SharePoint Boundaries and Limits: http://technet.microsoft.com/en- us/library/cc262787.aspx
  • 16. www.sharepointsummit.org Fine Grained Permissions Trend: sensitive content sitting beside non-sensitive content Leads to customers exploring fine grained permissions Confidential Public Internal Recommendation  Use metadata to identify which data to protect  User attributes (claims) to determine who should have access  Implemented automated solution to manage fine-grained permissions
  • 17. www.sharepointsummit.org Web Application Policies User Permissions  Permissions available within permission levels at site collection level Permission Policies  Define groups of permissions (similar to permission levels)  Control if site collection admins have full control on any object in site col.  Only place with a “Deny” capability (default: deny write, deny all) User Policies  Assign permission policies to users and groups for the entire web app  Ex. Deny group from deleting items within an entire web app – applicable to public facing web app Blocked File Types  Prevent specific files types from being added to libraries within web app
  • 18. www.sharepointsummit.org Anonymous Access Turn on or off for web application – only making available for sites  Central Admin> Manage Web Apps> Authentication Providers  Edit an Authentication Provider  Check on „Enable Anonymous Access‟ for that provider  Select “Anonymous Policy” for the web app  Select zone and policy for anonymous access
  • 19. www.sharepointsummit.org  Site Owners must explicitly enable on each site (this is a good thing)  Site Settings> Site Permissions Anonymous Access
  • 20. www.sharepointsummit.org Risk: Inadvertent exposure of internal data on a public web site  All form pages and _vti_bin web services are accessible - PUBLICLY  Modify the URL of a public facing SharePoint site: http://www.mypublicsite.com/SitePages/Home.aspx to http://www.mypublicsite.com/_layouts/viewlsts.aspx  View All Site Content page is now exposed, typically in SharePoint branding, with all site content visible  Desired behavior: User is presented with a login page, or an HTTP error  Accessible pages /_layouts/adminrecyclebin.aspx /_layouts/policy.axpx /_layouts/recyclebin.aspx /_layouts/bpcf.aspx /_layouts/policyconfig.asp /_layouts/wrkmng.aspx /_layouts/create.aspx /_layouts/policycts.aspx /_layouts/vsubwebs.aspx /_layouts/listfeed.aspx /_layouts/policylist.aspx /_layouts/pagesettings.aspx /_layouts/managefeatures.aspx /_layouts/mcontent.aspx /_layouts/settings.aspx /_layouts/mngsiteadmin.aspx /_layouts/sitemanager.aspx /_layouts/newsbweb.aspx /_layouts/mngsubwebs.aspx /_layouts/stor_man.aspx /_layouts/userdisp.aspx Anonymous Access and Exposure Risk
  • 21. www.sharepointsummit.org Anonymous Access and Public Facing Sites Remove View Application Pages permission & Use Remote Interfaces permission from Limited Access permission level  Limited Access is what‟s used for anonymous users  Prevents anonymous users from accessing form pages To Do This… Turn on the “Lockdown” Feature  Remove all anonymous access from the site  Open command prompt and go to the folder C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions14BIN  Check whether the feature is enabled or not (If ViewFormPagesLockDown is listed, it's enabled): get-spfeature -site http://url  If not listed then we must enable it using: stsadm -o activatefeature -url -filename ViewFormPagesLockDownfeature.xml  To disable it: stsadm -o deactivatefeature -url -filename ViewFormPagesLockDownfeature.xml  Reset anonymous access on the site Will result in users getting an Authentication Page when accessing these forms pages Available in MOSS2007, SharePoint 2010 and SharePoint 2013 On by default for Publishing Portal Site Template – for other site templates must turn it on manually
  • 22. www.sharepointsummit.org To prevent access to _layouts pages and web services we must also modify web.config to include: <location path="_layouts/error.aspx"> <system.web> <authorization> <allow users="?" /> </authorization> </system.web> </location> <location path="_layouts/accessdenied.aspx"> <system.web> <authorization> <allow users="?" /> </authorization> </system.web> </location> <add path="configuration"> <location path="_layouts"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> <location path="_vti_bin"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> <location path="_layouts/login.aspx"> <system.web> <authorization> <allow users="?" /> </authorization> </system.web> </location> Anonymous Access and Public Facing Sites
  • 23. www.sharepointsummit.org Other Security Features  Information Rights Management  Event Auditing  Privileged Users
  • 24. Thank you for your attention! This presentation will be available on the Toronto SharePoint Summit web site a few days after the event. Antonio Maio Senior Product Manager, TITUS Microsoft SharePoint Server MVP Email: Antonio.maio@titus.com Blog: www.trustsharepoint.com Twitter: @AntonioMaio2
  • 25. Please rate this session! Fill out the survey and get a chance to win a Surface

Editor's Notes

  1. Minimize risk of compromised accountsMinimize risk of information leaks
  2. SharePoint Farm account is sometimes referred to as the “Database Access Account”
  3. Each web application can have different methods of authentication enabled… and multipleSharePoint 2013 – Forms Based Auth is still available, through Claims
  4. Permissions relate to a process called “Authorization”Authorization is different from AuthenticationAuthorization is the process of determining what content is a user permitted to access and which actions are they permitted to perform