Search This Blog

Friday, February 5, 2016

Design a security trimmed navigation in SharePoint Online

Design a security trimmed navigation in SharePoint Online

...or SharePoint 2013, SharePoint 2016, SharePoint get the picture by now.

What users want...

Users want to navigate quickly to the required information...ow gods if this was the only thing they wanted. Let's asume we have a user that wants just that :-)

...users get!

When working with SharePoint you have to take the boundaries and limits into account. One of the biggest challanges with navigation in SharePoint is how to get information accross site collections? Your biggest asset here is the use of search. Search is able to look beyond site collection boundaries. Another mayor benefit is that it is security trimmed. This means that you only see what you are allowed to see.

For more information on security trimming in SharePoint read the following:

This makes search one of the best candidates for navigation.

My Enterprise Search Center is up and running now what?

In order to really use search you can (or must?) plan your information architecture.

Let's say we have created a site collection:
- Projects

We have created 1 (for simplicity) content type called: Base with a single site column: Customer. Customer is of the type managed metadata.

When we create a new Project site we add a list with the content type Base. After that we add a record to the list, defining the Title and Customer.

We created the following structure:
/sites/projects/Project1 | Base.Customer:Contoso 
/sites/projects/Project2 | Base.Customer:Microsoft
/sites/projects/Project3 | Base.Customer:Contoso

Because we added records to the lists and thus the site columns Search creates crawled properties. When this is done we can create managed properties.

Let's say we created a managed property called: Customer.
We can now search for:
This should result in 2 hits Project1 and Project3.

You can use the above to create the following wireframe:

The recipe:
- 1 web part page
- 1 search refiner webpart
- 1 search results webpart

Configure the refiner webpart to be able to refine on Customer (division or status).
Configure the search result webpart with the following config:
path:https://<tenant>    (contentclass:STS_List) ContentType:Base

Hope you have fun with this!

For background reading

Troubleshooting search in SharePoint Online.

SharePoint Online, Windows Intune, Information Rights Management and a cherry pie

SharePoint Online, Windows Intune, Information Rights Management and a cherry pie

A short story on how Windows Intune, Information Rights Management SharePoint Online can work together while eating a delicious cherry pie.

First things first. What's what?

SharePoint Online 

Organizations use SharePoint to create websites. You can use it as a secure place to store, organize, share, and access information from almost any device. All you need is a web browser, such as Internet Explorer, Chrome, or Firefox.

Windows Intune

Microsoft Intune offers features for the management of mobile devices and applications, and pc management from the cloud. With Intune enables organizations to their employees virtually anywhere and on virtually any device access to enterprise applications, data and business information sources and at the same time secure.

Information Rights Management

Within SharePoint IRM protection is applied to files on the list and library level. Before your organization can make use of IRM protection, you must first set up Rights Management. IRM SharePoint Online is based on the Active Directory Rights Management service Microsoft Azure (Microsoft Azure AD RM) to encrypt and assign usage restrictions.

How can Windows Intune, IRM and SharePoint Online benefit from each other?

Really short: Windows Intune enables organizations to mark devices as trustworthy, or not. This makes it possible to say (for instance) : hey! Only devices I trust are allowed to access to SharePoint Online or corporate email.

A typical flow for conditional access might look as follows:

Use conditional access to manage access to Microsoft Exchange On-premises, Exchange Online, Exchange Online Dedicated, and SharePoint Online.

This shows how Microsoft Windows Intune and SharePoint Online work seamlessly together.

How does IRM help in this picture?
IRM helps secure confidential content in the following ways:
- prevent an authorized user to copy content for unauthorized use, customize, print, fax or copy and paste.
- prevent an authorized user to copy the content with the print screen feature of Microsoft Windows.
- prevent an unauthorized user to display the content that is sent in an e-mail message after being downloaded from the server.
- Access to content is limited to a specified period, after which users must confirm their credentials and need to download the content again.
- Assists in the implementation of corporate policy for use and dissemination of content in your organization.


Microsoft has done a great job in advanced security and protection of your intellectual property. Please use your own intellect by properly following the plan-do-act circle!