At AvePoint, we help more than 10,000 customers worldwide properly govern their Microsoft SharePoint environments to allow maximum business productivity and collaboration with confidence. We’ve been doing it since 2001, and we understand very well that every organization’s deployment is unique and that each requires its own level of care and specifications to ensure sites remain within policy and under control.
With that in mind, we’re excited to announce a brand new feature in our DocAve Administrator product called Policy Enforcer, which will be available with DocAve 6 Service Pack (SP) 3. Policy Enforcer helps organizations rapidly respond to unauthorized modifications in features, permissions, and settings. By continuously monitoring and taking action on your SharePoint environments, Policy Enforcer ensures that all actions and changes to your SharePoint environment fall within your organization’s defined governance policies. Policy Enforcer not only monitors new sites, but it can also scan existing sites and report on which ones are out of policy.
Rules and Triggers
Working with our expansive customer base, we determined more than 20 different rules that can be implemented to enable Policy Enforcer to monitor sites around the clock and automatically adjust settings, permissions, and configurations across environments. The product uses built-in sources (including Audit Log, Change Log, and Site Crawl), and each source relies upon a collection of more than 40 different event triggers that will, depending on the context of the events and the rules established, either cause the actions or changes made by end-users within the environment to either pass or fail.
The out-of-the-box Policy Enforcer Rule Libraries include:
· Information Rights Management (IRM): control IRM settings on Lists and Libraries
· Master Page: control the master page settings for Sites
· Property Bag: control the presence and integrity of values held within Sites property bag
· Recycle Bin: control the Recycle Bin settings for a Site Collection
· Site Lock: control the Site Lock settings
· Site Navigation: control the navigation settings of a Site Collection and Site
· Site Template: control the site template applied to a Site
· Site Theme: control the site theme applied to a Site
· Versioning: control the List and Library versioning settings within a Site
· Farm Level: control the activation or deactivation of any SharePoint feature at the farm level
· Web-app Level: control the activation or deactivation of any SharePoint feature at the web-app level
· Site Collection Level: control the activation or deactivation of any SharePoint feature at the site collection level
· Site Level: control the activation or deactivation of any SharePoint feature at the site level
· Break Inheritance: prevent or allow ability to break inheritance permissions at all object levels
· Content Creation: restrict or allow the uploading of content based on individual user or group, size of content, content type, or file type
· Copy: restrict or allow individual users or groups to copy SharePoint objects including content, permissions, content types, and more
· Delete: restrict or allow individual users or groups to delete items, lists, or libraries
· Grant or Revoke: prevent or allow individual users to grant or revoke permissions for other users or groups
· Move: restrict or allow individual users or groups to move SharePoint objects including content, permissions, content types, and more
· List or Library Creation: restrict or allow individual users or groups to create a list or library within SharePoint
· Site Creation: restrict or allow individual users or groups to create a Site within SharePoint
· Site Depth: restrict or allow the creation of Sites or sub-Sites
Some of the 40-plus event triggers available out of the box include:
· Site Creation event
· Object Permission Change
· Object Inheritance change event
· File/Item Creation event
· List/Library Creation event
· File/Item & List/Library Deletion event
· File/Item Copy & Move event
· Feature activation/deactivation state
· Web Application setting state
· Site Collection Settings state
· Site Settings state
· List Settings state
The rules also include an “Undo Action” that will allow you to return the configuration back to its previous setting before action was taken by Policy Enforcer should you decide to revert it. You can also undo actions manually while reviewing reports furnished by Policy Enforcer.
Similar to our other products like DocAve Archiver, Policy Enforcer allows you to apply Profiles to a Site Collection which contain a collection of pre-configured rules, allowing you to quickly add all of those rules to the site collection at once.
As it continues to monitor environments and take action, Policy Enforcer also gives access to a report view to show what Site Collections were within policy and which were not. The reports offer an attractive visual display of any automatic actions that were taken based on established rules and triggers and allow administrators to swiftly undo any of these actions if required.
For rules that require manual operations to revert, the reports will take administrators directly to the “Administrator Search Admin Results” window for the Site in question to allow the administrator to fix it.
Build Your Own Rules
While the 20-plus out-of-the-box rules offer plenty of breadth and depth for customers to manage their environments, we realize that no two environments are the same, information architecture continually evolves, and therefore some customers will want to add their own custom rules. Because of that, Policy Enforcer includes our Rules Software Developer Kit (SDK), which enables customers to actually build their own rules using either C# or VB.NET code, compile a Dynamic Link Library (DLL), and simply drop it in the DocAve 6 install folder. The custom rules, which can integrate any of the event triggers available in the product, will then show up right alongside the out-of-the-box rules.
We look forward to releasing Policy Enforcer as a part of DocAve Administrator in DocAve 6 SP3 and empowering organizations with complete control and unmatched governance enforcement. Want to learn more? Watch the video below to hear more about this exciting new feature from Senior Product Manager Shyam Oza and me, including ways in which the product works with our DocAve Governance Automation product.