How to Manage Microsoft 365 Permissions Like a Pro

Post Date: 06/16/2021
feature image

Microsoft has always been steering the conversation towards enabling collaboration. What were once siloed platforms—Microsoft Teams for communication, SharePoint as a document management platform, and Yammer for social interactions—are now better integrated to help enable business users to discover the content they need to do their job more efficiently and effectively.

But in conjunction with these collaboration developments lies the underlying concern of gatekeeping security. As we generate more organizational data, we become more conscious of the idea of exposure and sensitivity—of permissions and access.

In one of our recent webinars, we tackled how organizations can better manage permissions in their environment with the help of AvePoint solutions. Read on for an in-depth recap!

The Complexity of Security

Whether you’re on-prem, in the cloud, or hybrid, the complexity of security systems (and guidelines) has been a conundrum for many.

For SharePoint on-prem, dealing with security may be looking at your different permissions from a site collection level down to your files. In the cloud, Microsoft has extra levels of complexity in security as collaboration offerings expand.

AvePoint solutions can make managing your security less daunting when entering the perplexing labyrinth of security processes and policies. With a user-friendly interface, our solutions can be leveraged no matter your organization setup.

1. Administrator Tools

Primarily built with SharePoint in mind, most of Administrator’s features mainly answer SharePoint-focused needs. It is available on both:

  • On-prem (DocAve Administrator): SharePoint On-Premises
  • In the cloud (Cloud Management solution): SharePoint Online and sites that it supports such as OneDrive for Business, Groups, and Teams.

While the Administrator tool on DocAve is installed in your local network, the Administrator tool in our Cloud Management solution is the ported version where no local installs, managers, or agents are needed and can be worked through AvePoint Online Services.

Administrator is efficient even for hybrid settings as it has a central administration that lets you monitor and manage your environments in a single console.

Native Features

First and foremost, Administrator has all the basic features you’ve come to expect. That means users and permissions settings can be adjusted so you’ll be able to do basic things such as creating groups, adding users, owners, and members, and removing these users as well. You can also build your permission levels.

But aside from these basic features, Administrator also offers various tools you can leverage that can’t be found natively, such as:


1. Security Search: Because settings in the Microsoft platforms are decentralized, it can be a hassle to look for security reports that have an overview of what you want to know. For example, if you want to have an overview of your security permissions over your entire deployment, you’re going to have to look at each of your site collections.

With Security Search, you’ll have the ability to search comprehensively and granularly. You can search your entire on-prem farm, your various site collections in the cloud, or you can look through your specific permission levels.

This generates the data out to a spreadsheet which you can then sort, filter, and use to manage your permissions. With this capability, you can not only have an overview of your security position in your environment but also make specific changes to your permissions.

2. Permissions Cloning: Giving all the necessary permissions to your new employee can sometimes be taxing. If you were to do it natively in SharePoint, you’d have to create your owner’s Group and your members’ Group and then add people to those groups within the appropriate context—and sometimes that just doesn’t work.

What if you have to add your new employee to existing groups and add permissions that have to be exactly the same as those of other employees?

Instead of pulling all those various reports and adding your new employee to each Group, you can clone permissions with Administrator. You can copy the permissions of your other employees with the same position, and give those exact same permissions to your new employee before adding them to the same Groups.

This way, you’re still abiding by security protocols but doing so in a much quicker and efficient way!

Policy Enforcer Tool

Aside from the features mentioned above, Administrator also has extra tools you can utilize.

The policy enforcer tool is extremely useful if you want to have rules-based governance. Not only will you have the ability to do auditable actions like deleting users, deleting content, copying content, and so on, but you can also manage your versioning settings and site templates more easily. You’ll also be able to manage your external settings for SharePoint, OneDrive, Groups, and Teams sites more efficiently for more secure collaboration.


Now, in the cloud, we’ve mentioned how security is made even more complex in the cloud. When talking about cloud security, it’s not only permissions that we should consider but also securing sensitive content. And this is where our Policies and Insights solution can help.

PI is basically broken into two components: Policies and Insights.


Insights is concerned with collecting information around your existing Microsoft 365 content. Now you might be thinking, “Do you mean AvePoint is scanning my data?”

You know how Microsoft scans your content to find sensitive information like credit card numbers and user identification to help protect against data exposure? What AvePoint does is utilizing that capability to make sense of your data and help you better discover content that might be exposed.

Here’s what happens: as we utilize Microsoft’s sensitive content scanning abilities we get the results back to you to let you know if you have sensitive content you might want to better protect. With that, you’ll have a chance to look at the permissions and see if there’s any content that shouldn’t be accessed by unauthorized users.

For example, say sensitive content is shared in a Microsoft Teams chat with 30 members—are those 30 members authorized to see said content? It can also be handy when a link is shared with an external user; PI will notify you of these cases to let you monitor whether your sensitive content is being shared appropriately.

We do this by surfacing it in a way where you don’t have to pull various reports. It runs on a daily basis and gives you regular and recent updates regarding your content.



Policies is the natural evolution of our Policy Enforcer tool – although instead of being SharePoint-focused, it was built with Microsoft 365 in mind.

Policies takes the information from your Insights, looks at any patterns that might exist, and presents you with rules that help mitigate the overexposure of your content. These rules can then be applied according to the scope you want, be it involving anonymous links or access and permissions.

The great thing about Policies is that it’s very malleable to suit your needs. If you want to allow link sharing to an extent, for instance, you have the option to customize it so you only allow internal sharing.

With Policies and Insights, you can be strategic in the rules that you apply and how you apply them to better align with your organization’s policies.


More Permissions Resources:

AvePoint has various resources—user guides, direct links to our how-to videos, walkthroughs of our solutions, information on upcoming and past webinars and e-books, and so on—that you can take advantage of. For access, easily set up an account on our account portal at In the meantime, here are a few blog posts worth checking out:

Want to learn more about securing your Microsoft 365 environment? Be sure to subscribe to our blog!

Sherian Batallones is a Content Marketing Specialist at AvePoint, covering AvePoint and Microsoft solutions, including SaaS management, governance, backup, and data management. She believes organizations can scale their cloud management, collaboration, and security by finding the right digital transformation technology and partner.

View all posts by Sherian Batallones

Subscribe to our blog