card image

AvePoint’s Survivial Guide for SharePoint: Automating SharePoint Governance (Part 2)

Welcome to the second half of my two part blog series for AvePoint’s Survival Guide for Automating SharePoint. In Part 1, I covered the challenges faced by manually enforcing policies, and the value of automation for effective SharePoint governance.

In this final half, we come full circle by identifying SharePoint governance processes that automation can alleviate, and exploring the solutions offered by AvePoint.

What Do We Mean by “Governance?”

When talking about SharePoint Governance, we are essentially looking at three principles:

  • Policy
  • Guidance
  • Enforcement

Policies are often the main focus of governance discussions. For many organizations, the impulse when creating governance plans is to create definitive and detailed documents full of policy definitions.

This approach alone often leads to one of two results:

  1. The document is never completed.
  2. The document is completed, but is hundreds of pages long and basically impossible to implement.

All three principles above are equally necessary to have a well governed environment. Spending all of your efforts creating a policy document will not be successful as it leaves no room for implementation and action.

If we keep an eye on all three principles, we can start to identify important features a solution must have in order to support effective governance in SharePoint. Much has been written on approaches to enforcement, including my previous post for this series and the Enforcement Phase of AvePoint’s SharePoint Survival Guide. Therefore, today I will be focusing on policy and guidance.

Policy – What You Can and Should Do

Previously, we looked at SharePoint governance in terms of configurations, lifecycle, and level of control. Similarly, when creating pre-configured services that simplify the steps needed to fulfill a user’s business needs, the ideal solution must provide flexibility and automation for:

  • SharePoint Configuration: The pre-configured or “built-in” element of a request
  • Service Level Agreements (SLAs) and Information Lifecycle: The consideration of service change over time depending on business criticality
  • The Targeted Audience: The delivery of appropriate options to the correct users

You can think of this kind of pre-configured offering like an app designed for a specific business function. With automation, we can easily provision business applications to solve specific problems. Providing this functionality for even the most complex applications increases business agility and admin efficiency.

For example, instead of provisioning a generic team site, a customized site for post-sales project management (configuration) can be delivered to the correct project management team (targeted audience) for the duration of the engagement (lifecycle).

After setting up this type of system for a customer, we reached out to them to see what kind of impact the automation had for their team. Our contact responded, “We have provisioned 2,000 site collections in production over the last 5 months with zero IT involvement.”

Transparency for users is critical as well. Effective pre-configured offerings surface the details about ownership, SLAs, lifecycle, policy and classification so users can easily find information they need and make well-informed decisions. When you can clearly see who owns a site, you can avoid going back and forth with IT. Instead, you can get answers about content and purpose directly from the person in charge of that content. Likewise, if you inherit a site from someone leaving the company, having insight into how the site was set up makes the transition seamless.

Another customer remarked that having an automated system in place was important for personnel changes in the IT department. Rather than fishing for information from coworkers or combing through a large policy document to figure out what should be done next, very little searching was necessary because all of the governance policies had already been applied.

Guidance – Making it Easier to Follow the Rules

Providing guidance to users is often left to training seminars. But there is a prime opportunity for software to more effectively guide users as they make their choices on SharePoint. One way to break down guidance step by step is by following the stages of lifecycle management – or the life of a SharePoint object or change from creation to expiration. Let’s take a look.


During the initial stages of any change in SharePoint, guidance needs to be provided to ensure the change is made correctly in the first place. Regardless of whether it is a request for a new site or library, or a request to copy or share content, every change in SharePoint comes with many decisions or policies.

The user knows their business but not SharePoint, and the Administrator knows SharePoint but not exactly what users are trying to do. To bridge this gap, users and Administrators must communicate effectively to gain all of the relevant information – such as the purpose of the request, who needs access, and how long they need it. Based on the answers, the correct request can be presented and filled out by the user.

Automating this interview process with surveys and intuitive forms allows business and IT to clearly communicate, while providing a self-service experience for the user.

Managing Content Ownership

During the life of SharePoint, its usage changes and evolves. It is important to be able to monitor and adjust configuration to accommodate changing needs. Employing a services catalog for change requests is a great option, but we also need some regular tasks that ensure the environment remains intact.

For example, having owners for all content is an essential tenant of effective governance. When all data has a clear owner, responsibility and accountability can be specifically defined. Data owners are also involved with many of the processes that affect SharePoint, such as approval requests. Ensuring an owner is defined during provisioning is a simple matter of adding that policy to the overall process. But keeping this data up-to-date throughout the content lifecycle is a difficult and potentially time-consuming process.

Automation allows for regular recertification of ownership by reaching out on a regular basis and confirming that the owners are still responsible for the content. If the owners are no longer the same, the automated process can try to determine an appropriate owner based on users with high levels of permissions to the content. It can then validate by contacting them to confirm ownership until an appropriate contact is found.

Managing Changes in Permissions and Classification

Similarly, critical sites may need to have permissions reviewed on a regular basis. Permission models and levels are a key configuration setting for proper governance, but are also changed and adapted constantly. Guiding the content owners through a process of reviewing permissions, making necessary changes, and confirming proper settings are in place for their content is a time-consuming manual process without automation. An automated approach can create and deliver the permissions report, receive feedback from users, make changes, and record the confirmation without any intervention from the technical staff.

The only thing that changes faster than permissions is the content, which is why classification is essential for proper SharePoint administration. Ensuring the proper permissions are in place and not changing is only good and worthwhile if you can also validate the sensitivity of the content and classify it. Without automation, this manual burden falls on the technical staff or becomes an impediment to productivity if the user must fill out the required fields. Automation can remove this burden entirely by understanding the content and tagging it, which increases productivity for users and administrators.


A core tenant of SharePoint administration and lifecycle management is that whenever a new container or file enters SharePoint, there is a plan for how it will be disposed of after it is no longer useful. This is a very complex task in practice, which is why it is often imperfectly implemented.

Data disposition can also be thought of as a cube. On one axis, you determine what objects you are targeting: Are they documents and items, sites and lists, or entire workspaces such as site collections? Each will have its own requirements for disposition. On the second axis is the policy, such as disposition based upon age, lack of use or traffic, specific classifications, or even record retention needs.

The third axis of the cube is the action that needs to be taken on the content. Questions you might consider include: Do we need to archive and retain for a period of time? Does the content need to be snapshotted and exported to another location? Does it need to be deleted entirely, based on regulation? There are many possible actions that can be taken, and they are generally dependent on the other two axes of scope and policy.

Because of the complexity of records management, automation offers major advantages when dealing with both critical and non-critical records in SharePoint. Automation can help you discover content, share those findings with content owners, and take action based on policy – all of which benefits storage, productivity, and also regulatory compliance.

How AvePoint Enables Automation

At AvePoint we have developed our software to tackle all of the pain points I’ve addressed. Our off-the-shelf approach to software promotes SharePoint best practices to help you improve your environment.

DocAve Governance Automation provides the business with a self-service catalog of change requests with policies built in. This promotes user enablement, removes administrative burden from IT and ensures proper configuration of every change made in SharePoint.

DocAve Governance Automation also provides the guidance users need throughout the life of their content. The tool is configured with easy to understand forms and options that are relevant to specific business needs. It also provides the ongoing feedback needed to manage change in SharePoint, surfacing information about how the environment is set up and providing regular reports on permissions and ownership.

And by leveraging DocAve Archiver for SharePoint records management, DocAve Governance Automation can provide transparency and control to users regarding what content should be archived from SharePoint. DocAve Archiver manages the disposition cube of scope, policy, and action in a way that is easy to understand for administrators, whether their goal is pruning stale content, managing the retention of individual documents, or a combination of both.

AvePoint Compliance Guardian automates the classification of content in SharePoint (and other repositories such as file systems, databases, websites, Yammer, and Lync/Skype for Business). AvePoint Compliance Guardian scans for and reports on sensitive content, takes action on that content to protect it, provides a management workflow to content owners for review and disposition, and provides key performance indexes of risk trends and compliance violations for management teams.

Both platforms work together to ensure configurations and content are properly managed across SharePoint to comply with both internal governance policies and external regulations.

Wrap Up

The ultimate goal of SharePoint Administration is to provide user enablement while maintaining control over the environment. Effective administration is achieved through the combined consideration of the three principles of governance: policies, guidance and enforcement. However, because of the complexity and ever-changing nature of policies, content lifecycles, and scope, achieving this in a production SharePoint environment is not an easy task.

By using automation software that enables users with a pre-configured services catalog and provides IT with simple and flexible configuration, you can not only improve your ability to implement governance policies across the organization but also ensure they are enforced every step of the way. Ultimately, this yields a more productive collaboration environment for workers while putting less of a burden on IT administrators.

This blog series was created to supplement AvePoint’s Survival Guide for Automating SharePoint. Want more information on how to survive the SharePoint jungle? Gain access to more of our free Survival Guide for SharePoint resources today and register for our final webinar in the Survival Guide for SharePoint series, where our experts will recap key takeaways from each phase!

Edmund White

I joined AvePoint in February 2013 having an extensive background in SharePoint Administration and IT Services as the vendor/consultant. I live in Williamsburg Brooklyn and am into rock climbing, photography and creative writing.