Moving SharePoint Online Documents to Azure Blob Storage

Moving SharePoint Online Documents to Azure Blob Storage

by | Oct 4, 2024 | SharePoint

SharePoint Online Documents to Azure Blob Storage

Managing large volumes of documents in SharePoint Online can become challenging as storage needs grow.

Squirrel for SharePoint Dashboard

With rising storage costs and limits, organizations often look for efficient ways to offload files. One highly scalable and cost-effective solution is moving documents from SharePoint Online to Azure Blob Storage. In this article, we’ll explore why this migration is beneficial, methods to move your data—including automated archiving with Squirrel—and best practices for managing the process.

Why Move Documents from SharePoint Online to Azure Blob Storage?

Cost Efficiency:

SharePoint Online storage can become expensive, especially as organizations scale up and accumulate terabytes of data. SharePoint’s storage costs are higher because it’s designed for frequent access and collaboration, but not all files need to stay in this high-cost environment. Azure Blob Storage, on the other hand, offers a much more cost-efficient solution by providing tiered pricing based on access frequency (hot, cool, or archive tiers). Archiving older, unused documents to Azure Blob Storage significantly reduces storage expenses by moving infrequently accessed data to cheaper, scalable cloud storage, allowing businesses to free up expensive SharePoint storage for more active documents.

Scalability:

One of the challenges with SharePoint Online is its storage limits, which, while flexible, may require purchasing additional capacity as your organization grows. Azure Blob Storage offers virtually unlimited scalability, allowing you to store vast amounts of data without worrying about reaching storage caps. This makes it a seamless option for large enterprises or growing businesses that anticipate exponential data growth. By offloading older documents from SharePoint to Azure Blob Storage, you can ensure that your SharePoint environment remains manageable, while your archived files are stored securely without the need for costly storage upgrades.

Data Management:

As document libraries expand over time, it becomes increasingly difficult to manage, search, and retrieve important files. The clutter of older, less frequently accessed documents can slow down performance and impact productivity. Offloading these older files to Azure Blob Storage not only helps streamline SharePoint libraries by keeping them more organized and optimized for daily use, but also ensures that important files remain easy to access. By reducing the volume of files in SharePoint, organizations can improve overall data management, enabling teams to locate key documents more efficiently while still maintaining access to archived data when necessary.

Compliance and Archiving:

In many industries, regulatory compliance requires organizations to retain records for specific periods, even if they are no longer actively used. Moving older, unused files to Azure Blob Storage helps organizations meet these compliance requirements by securely storing data in a cost-effective and highly durable environment. Azure Blob Storage offers features like encryption and access control, ensuring that archived data remains protected. Additionally, offloading documents from SharePoint to Azure Blob Storage reduces the risk of non-compliance by ensuring only essential and current documents are retained in SharePoint, while archived files remain accessible for audits or future retrieval.

Methods for Moving Documents

There are multiple ways to move documents from SharePoint Online to Azure Blob Storage, depending on your organization’s needs, the size of your data, and the level of automation required. These methods range from using manual workflows to fully automated, hands-off solutions that can handle large-scale document migrations. Below, we explore three primary methods: Power Automate for smaller, rule-based transfers, Azure Data Factory for large-scale data pipelines, and Squirrel for automated archiving with minimal manual intervention.

Power Automate:

Power Automate (formerly known as Microsoft Flow) is a cloud-based service that enables users to create automated workflows between various applications and services. This is a relatively simple solution to move files from SharePoint Online to Azure Blob Storage. It’s particularly useful for small-scale operations where you want to automate repetitive tasks, such as moving specific files based on certain criteria (e.g., when a file is created or modified).

However, Power Automate comes with some limitations, such as restrictions on file size (typically 100-250MB per file), making it less suitable for large datasets or frequent large file transfers. Additionally, Power Automate workflows can become complex to manage if your data needs grow, but it’s a good starting point for smaller or selective migrations. It’s ideal for scenarios where you need quick, one-off solutions or for businesses that need to move specific documents based on custom rules.

When to use Power Automate:

  • Small-to-medium file sizes and datasets.
  • Selective transfers, such as specific document types, categories, or time-based rules.
  • Minimal complexity with a limited number of workflows.

Azure Data Factory:

Azure Data Factory (ADF) is a robust cloud-based data integration service designed for building complex data pipelines. It allows organizations to move large-scale data between systems, including SharePoint Online and Azure Blob Storage. Unlike Power Automate, Azure Data Factory is highly scalable and can handle the transfer of large datasets, including terabytes of data. It supports advanced workflows, including data transformation, monitoring, and scheduling.

With Azure Data Factory, you can create data pipelines that automatically retrieve files from SharePoint Online using connectors, apply transformations if necessary, and then store the data in Azure Blob Storage. While it requires more technical expertise than Power Automate, ADF offers far greater flexibility and scalability, making it ideal for enterprises handling large volumes of documents or organizations looking for a more automated and hands-off solution.

Using Azure Data Factory also provides more control over how data is processed, with features like data integration from multiple sources, real-time data monitoring, and built-in security. However, the setup can be more complex, requiring knowledge of data engineering and pipeline configuration, which may require dedicated resources.

When to use Azure Data Factory:

  • Large-scale datasets and frequent transfers.
  • Complex data integration requirements, including file transformation and multiple data sources.
  • Advanced scheduling, monitoring, and automation capabilities.
  • Organizations with technical resources for managing complex workflows.

Squirrel for Automated Archiving:

For organizations that need an easy-to-implement, fully automated solution, Squirrel offers the ideal tool for moving SharePoint Online documents to Azure Blob Storage. Squirrel is designed to automate the process of archiving documents from SharePoint to Azure Blob Storage based on pre-configured lifecycle policies. This reduces the need for manual workflows or the creation of complex pipelines, making it a hands-off solution for busy IT teams and large organizations.

Squirrel simplifies the archival process by allowing you to set rules that determine when and how documents are moved from SharePoint to Azure Blob Storage. For instance, you can configure Squirrel to archive documents that haven’t been accessed or modified within a certain timeframe, ensuring that only active and relevant data remains in SharePoint while older files are securely stored in Azure. This allows you to free up SharePoint storage space without having to constantly monitor and manually manage the archiving process.

Unlike Power Automate and Azure Data Factory, Squirrel requires little to no ongoing management. It runs automatically in the background, reducing storage costs and improving the performance of your SharePoint environment without disrupting user workflows. Additionally, Squirrel offers built-in security features, ensuring that sensitive data is securely transferred and stored in Azure Blob Storage, fully compliant with industry standards.

When to use Squirrel:

  • Large organizations that require a fully automated, hands-off solution.
  • Frequent need for archiving based on lifecycle policies, such as last modified or last accessed dates.
  • IT teams looking to reduce manual oversight and administrative workload.
  • Businesses wanting to optimize SharePoint storage while securely archiving documents to Azure Blob Storage.

Methods for Moving Documents

There are several methods for moving documents from SharePoint to Azure Blob Storage, ranging from manual workflows to fully automated solutions like Squirrel. Below, we’ll cover Power Automate, Azure Data Factory, and how Squirrel can simplify the entire process.

How to Guide for Power Automate:

Power Automate allows you to create workflows that can automate tasks like moving files from SharePoint to Azure Blob Storage. However, it comes with limitations, such as a file size limit (typically 100-250MB per file), which can restrict its use for larger datasets.

Step 1: Create a New Flow in Power Automate

Sign in to Power Automate: Go to Power Automate and sign in with your Microsoft account.

Create a New Flow: On the homepage, click Create and select Automated Cloud Flow. 

Choose a Trigger: Set a trigger for when a file will be moved. For example, select the When a file is created (SharePoint) trigger to start the flow when a new file is added to a document library.

powerautomate create automated cloud flow
build an automated cloud flow
when a file is created

Step 2: Configure the SharePoint Action

Select SharePoint Site: In the trigger settings, choose your SharePoint Site Address from the dropdown or enter the site URL.
Select Library Name: Choose the Library Name where files will be monitored for movement.

Powerautomate action

Step 3: Add a SharePoint ‘Get File Content’ Action

Get the File Content: After the trigger, click + New Step and search for the Get File Content action under SharePoint.

Configure the “Get file content” Action

  • Site AddressSelect your SharePoint site
    https://XXXXXXX.sharepoint.com/sites/Finance
    This points Power Automate to the correct SharePoint site where the document library is located. 
  • File IdentifierNow you can browse through our SharePoint site, and choose the file you want to move to blob storage.
    /Doclib1/ActionItems SlideShow.pptx
    This means that the file you’re retrieving is located in the Doclib1 document library within the Finance site, and the file is named “ActionItems SlideShow.pptx.”
powerautomate add action
file selection
powerautomate add action

Step 4: Add an Azure Blob Storage Action

Add ‘Create Blob’ Action: Click + New Step and search for Azure Blob Storage. Select the Create blob action.

Provide the following;

  • Connection Name: Give the azure blob storage connection a name
  • Authentication Type: You can choose how to authentice, either Service Principal Authentication, Access Key or Microsoft Entra ID integrated
  • Azure Storage account name or blob endpoint: Here is where you input the storage account name, or endpoint name
  • Since I chose to use Access Key for authentication, you simply copy that from your blob storage account and paste it here

Set Blob Storage Parameters:

  • Folder Path: Enter the container path where the file will be stored in Azure Blob.
  • File Name: Define the file name for the uploaded file (you can use dynamic content like File Name from the previous step).
  • File Content: Select the File Content dynamic content from the previous Get File Content action.

 

add blob storage action
create blob
azure blob storage connection
azure blob storage connection

Step 5: Test and Monitor the Flow

Test the Flow: Click Save and run a test by uploading a file to the SharePoint document library. The flow should automatically upload the file to Azure Blob Storage.

Monitor Flow Performance: Under the Monitor section of Power Automate, check the flow history to see if the flow runs successfully and inspect any errors.

powerautomate save

PowerAutomate Use Case:

Power Automate works well for smaller files and selective transfers but may not be suitable for organizations dealing with very large datasets or needing more complex migrations. The above example will move a single file from the SharePoint site to Azure Blob Storage.

How to Guide using Azure Data Factory:

Azure Data Factory is a cloud-based data integration service that allows you to create data pipelines for moving data between SharePoint and Azure Blob Storage. It’s more scalable than Power Automate, making it ideal for larger datasets, though it requires more setup and configuration.

Step 1: Create a Data Factory in the Azure Portal

Sign in to the Azure Portal: Go to Azure Portal and log in with your Azure account.

Create a New Data FactorySearch for Data Factory in the search bar.

Click Create and fill in the required details like Subscription, Resource Group, and Region.

Click Review + Create to deploy the Data Factory.

create new azure data factory

Step 2: Set Up a New Pipeline

Navigate to the Data Factory Resource: Once your Data Factory is created, go to the resource and click on Launch Studio.

Now you are in the Data Factory Page.

Create a Linked Service for SharePoint Online

Click on “Author & Monitor” to open the ADF studio.

In the left menu, click on the “Manage” icon (toolbox).

Under “Linked services”, click “Create New“.

Search for and select “SharePoint Online List“.

Click “Continue“.

Fill in the details:

  1. Name: Give your linked service a name
  2. Description: (Optional)
  3. Connect via integration runtime: AutoResolveIntegrationRuntime
  4. Authentication method: Choose “OAuth2” for modern authentication
  5. SharePoint Online site URL: Enter your SharePoint site URL
  6. Tenant: Enter your Azure AD tenant ID
  7. Service Principal ID: Enter your Azure AD application ID
  8. Service Principal Key: Enter your Azure AD application key

Click “Test connection” to verify.

If successful, click “Create”.

 

 

 

launch azure data factory
azure data factory linked service
azure data factory sharepoint list

Step 3: Create a Linked Service for Azure Blob Storage

Still in the “Manage” section, click “New” under “Linked services”.

Search for and select “Azure Blob Storage”.

Click “Continue”.

Fill in the details:

  • Name: Give your linked service a name
  • Description: (Optional)
  • Connect via integration runtime: AutoResolveIntegrationRuntime
  • Authentication method: Choose “Account key”
  • Account selection method: “From Azure subscription”
  • Azure subscription: Select your subscription
  • Storage account name: Select the storage account you created earlier

Click “Test connection” to verify.

If successful, click “Create”.

 

azure data factory blob storage link
azure data factory blob details
azure data factory settings

Step 4: Create a Dataset for SharePoint Online

In ADF studio, click on the “Author” icon (pencil) in the left menu.

Click the “+” button and select “Dataset“.

Search for and select “SharePoint Online List“.

Click “Continue“.

Configure the dataset:

  • Name: Give your dataset a name
  • Linked service: Select the SharePoint Online linked service you created
  • List name: Enter the name of your SharePoint list or document library

Click “OK“.

In the dataset settings, specify any additional parameters if needed.

azure data factory new sharepoint dataset
azure data factory blob dataset settings

Step 4: Create a Dataset for Azure Blob Storage

Still in the “Author” section, click the “+” button and select “Dataset“.

Search for and select “Azure Blob Storage“.

Click “Continue”.

Choose “Binary” in the “Select Format” section.

Configure the dataset:

  • Name: Give your dataset a name
  • Linked service: Select the Azure Blob Storage linked service you created
  • File path: Browse to select your container and specify a folder path if needed
  • File Name: You can leave file name blank to keep the files original name.

Click “OK”.

azure data factory azure blob dataset
choose data type
dataset set properties

Step 5: Create a Pipeline

In the “Author” view, click the “+” button and select “Pipeline”.

Give your pipeline a name.

azure data factory pipeline

Step 6: Add and Configure a Copy Activity

In the pipeline canvas, expand “Move & transform” in the Activities pane.

Drag and drop “Copy data” onto the canvas.

In the bottom pane, configure the Copy activity:

General tab:

  • Name: Give your copy activity a name
  • Source tab:
    • Source dataset: Select your SharePoint Online dataset
    • File path type: Wildcard file path (“”)
    • Wildcard file name: Enter a pattern to match files (“*”)
  • Sink tab:
    • Sink dataset: Select your Azure Blob Storage dataset
    • Copy behavior: Choose appropriate option (e.g., “Preserve hierarchy”)
  • Settings tab:
    • Enable staging: Leave unchecked unless you need it
    • Enable incremental copy: Configure if needed for incremental loads
pipeline canvas
source tab
data sink tab
settings tab

Step 7: Validate and Publish

Click “Validate” in the pipeline toolbar to check for errors.

If validation passes, click “Publish all” to save your changes.

validate data factory pipeline

Step 7: Trigger the Pipeline

In your pipeline view, click “Add trigger” in the toolbar.

Select “Trigger now” for a manual run, or set up a schedule.

Click “OK” to run the pipeline.

 

Azure Data Factory Use Case:

Azure Data Factory is highly flexible and scalable, making it ideal for moving larger datasets, but it requires more technical expertise than Power Automate. 

The above steps will copy all files from the SharePoint site to your Azure Blob Storage Account.

Squirrel for Automated Archiving:

For organizations looking for a more automated solution that eliminates manual intervention, Squirrel is the ideal tool. Squirrel automatically archives SharePoint documents to Azure Blob Storage based on lifecycle policies, freeing up valuable SharePoint storage space and minimizing administrative overhead.

How Squirrel Works:

Lifecycle Policies: Squirrel allows you to set lifecycle policies based on file properties like last modified or last accessed date, ensuring only older, unused files are archived.

Squirrel Administrators can set a Global lifecycle policy which will be applied to all their SharePoint Online Document Libraries, or individual lifecycle policies if required. These policies can be based on either when files where last accessed, or last modified, or even a combination of the two.

Squirrel Site Archive Settings

Automated Archiving: Once configured, Squirrel runs in the background, automatically moving files to Azure Blob Storage without manual oversight.

When a file becomes of age and triggers a lifecycle policy, the file will be copied, compressed, obfuscated and encrypted in a squirrel native format. The file will then be moved to your Azure Blob Storage Account, and once compete the file is deleted from your SharePoint Online site, and replaced with a stub file.

Squirrel Archived Files

Secure Archiving: Squirrel ensures that all data is securely transferred and encrypted when stored in Azure Blob Storage, maintaining compliance with data protection standards.

Each file is hash checked to ensure it is correct, then encrypted and secured in your Azure Blob Storage. 

Squirrel Main Dashboard

Squirrel SharePoint Online Archiving Use Case:

Squirrel is perfect for organizations that need an automated, hands-off solution to efficiently archive large volumes of SharePoint documents to Azure Blob Storage.a

Conclusion

Moving SharePoint documents to Azure Blob Storage offers significant advantages in terms of cost savings, scalability, and data management. While Power Automate and Azure Data Factory are viable options for moving files, Squirrel offers a comprehensive automated solution that simplifies the process, reduces manual effort, and improves SharePoint storage management. By automating the archival process with Squirrel, organizations can focus on managing active data while ensuring that older files are securely stored in Azure.

Reducing SharePoint Costs Doesn’t Have to Be Hard.

With Squirrel, automate your document archiving and save on SharePoint storage—without lifting a finger!

Squirrel for SharePoint Site Size Reporting

Cutting SharePoint Costs is Simpler Than You Think. Request a Demo of Squirrel today, and see the savings for yourself.

Ready To Start Saving on SharePoint Storage?

Request a Demo Today

How to Change SharePoint Document Versioning

How to Change SharePoint Document Versioning

by | Sep 23, 2024 | SharePoint, Squirrel

Change SharePoint Default Versioning

For SharePoint Online administrators managing large environments, keeping track of storage usage is crucial to maintaining performance and controlling costs. One key factor contributing to storage consumption is document versioning. By default, SharePoint Online keeps up to 500 major versions of each document, and with frequent updates, this can quickly add up.

 

Squirrel Main Dashboard

In this guide, we will explain why it’s essential to limit document versioning across your entire SharePoint Online environment and provide a step-by-step walkthrough on how to apply these limits using SharePoint Online Management Shell or PowerShell. This will help you ensure optimal performance and reduce storage costs across all your sites.

Why Limit Document Versioning Across the Entire Environment?

As a SharePoint Administrator, managing document versioning across the entire environment provides several benefits:

Reducing Storage Costs

  • Storage Allocation: SharePoint Online comes with limited storage based on your Microsoft 365 subscription. Versions of documents count towards your storage quota, so limiting them can help avoid additional storage purchases.
  • Cost Efficiency: By controlling the number of versions stored, you reduce the need for extra storage, keeping costs manageable.

Consistent Governance

  • Version Limits Across Sites: Applying a standard versioning limit across all sites ensures a consistent governance approach to data management.
  • Compliance: Certain regulations and organizational policies may require limiting the number of versions stored to comply with retention policies.

Simplifying Document Management

  • Fewer Versions to Manage: Limiting versions makes document management easier for users and admins, ensuring that only relevant changes are kept.
  • Performance Improvement: Fewer versions per document reduce the load on document libraries, improving performance and retrieval speeds.

Default Versioning Settings in SharePoint Online

By default, SharePoint Online automatically enables versioning in every document library, with the system set to retain up to 500 major versions of each document. Each time a document is edited and saved, SharePoint creates a new major version, and these versions are stored indefinitely unless a limit is manually set.

While this can be extremely helpful for tracking changes, restoring older versions, and collaborating on documents, it can also lead to rapid storage consumption, especially in environments with many active users, frequent edits, or large file sizes. In organizations with hundreds or thousands of users, the storage of 500 versions per document across multiple sites and libraries can quickly add up, causing storage to balloon unexpectedly.

Without intervention, this default setting can exhaust your SharePoint Online storage allocation, forcing organizations to purchase additional storage from Microsoft at a premium. For businesses focused on cost-efficiency, managing versioning settings is a critical task to ensure that storage usage remains under control while still maintaining an appropriate version history for documents.

How to Limit Versioning for All Sites in SharePoint Online

As an admin, you can set versioning limits across your SharePoint Online tenant using PowerShell. This will apply the changes globally to all existing document libraries, ensuring consistency and helping reduce storage costs.

Prerequisites

  • Permissions: You must be a SharePoint Online Admin or Global Admin to make changes across your environment.
  • Tools Needed: You’ll need to have SharePoint Online Management Shell or PowerShell installed.

Step-by-Step Guide to reduce SharePoint Online Document Versions

Step 1: Install and Connect to SharePoint Online PowerShell

  1. Open PowerShell on your machine.
  2. Install the SharePoint Online Management Shell (if you haven’t already):
    powershell

    Install-Module -Name Microsoft.Online.SharePoint.PowerShell

     

  3. Connect to SharePoint Online:
    powershell

    Connect-SPOService -Url https://<your-domain>-admin.sharepoint.com

     

    Replace <your-domain> with your actual domain.

Step 2: Get All Sites in Your Tenant

To make changes across all document libraries in SharePoint Online, first retrieve a list of all site collections in your tenant:

$sites = Get-SPOSite -Limit All

 

Step 3: Iterate Through Each Site and Set Versioning Limits

You can loop through each site and set versioning limits for each document library. In this example, we’ll limit the number of major versions to 10 across all document libraries.

foreach ($site in $sites) {

# Get all document libraries in the site

$libraries = Get-PnPList -Web $site.Url | Where-Object {$_.BaseTemplate -eq 101}

foreach ($library in $libraries) {

# Set the version limit to 10 major versions

Set-PnPList -Identity $library -MajorVersions 10

Write-Host “Versioning set to 10 for library $($library.Title) in site $($site.Url)”

}

}

 

  • Explanation: The script loops through each site, retrieves the document libraries, and sets the number of major versions to 10.
  • 101: This refers to document libraries specifically.

Step 4: Run the Script

Once your script is ready, run it in PowerShell. The script will apply the new versioning settings to all document libraries across your SharePoint Online environment.

Step 5: Verify the Changes

You can verify that the versioning settings were applied by visiting any document library and checking the versioning settings:

  1. Go to any site collection in SharePoint.
  2. Navigate to Site Contents > Library Settings > Versioning Settings.
  3. Ensure that the version limit is set to 10.

Alternative Solution:

 

Use Squirrel for Archiving Documents and Versions

 

Another alternative for managing document versions across a SharePoint Online environment is to use Squirrel, a document archiving solution that moves documents (along with their versions) to more cost-effective Azure Blob Storage. Squirrel retains the full version history and metadata without consuming SharePoint storage, reducing both costs and complexity.

 

With Squirrel, you don’t need to worry about storage limitations in SharePoint Online. The system allows users to rehydrate files on demand, making document restoration easy while keeping all versions intact. This provides a scalable solution for organizations with extensive document histories that need to maintain large archives efficiently.

 

 

Conclusion

 

For SharePoint Online administrators, managing versioning limits across the entire environment is critical to controlling storage costs, improving performance, and ensuring governance consistency. By using SharePoint Online Management Shell or PowerShell, you can efficiently apply versioning limits to all sites and document libraries.

 

Alternatively, solutions like Squirrel can help you archive documents and their versions outside of SharePoint, providing cost-effective, long-term storage while keeping all version histories intact.

 

 

Additional Resources

 

 

Reducing SharePoint Storage Costs Doesnt Have to be Hard

Reducing SharePoint storage costs is easy with Squirrel, which seamlessly archives documents and versions to cost-effective Azure storage.

Squirrel for SharePoint File Type Reporting

Save on SharePoint storage costs with Squirrel, the seamless solution for archiving documents and retaining version history in Azure.

Want to Reduce SharePoint Costs?

Contact Us Today

What Does Archiving Mean? Definition and Examples

What Does Archiving Mean? Definition and Examples

by | Sep 20, 2024 | SharePoint

What is Archiving?

Archiving is a crucial concept in both personal and business data management, ensuring that important information is preserved for future use without cluttering up active systems. In today’s digital world, where vast amounts of data are generated every second, understanding the value of archiving and how it works can help organisations stay efficient, compliant, and secure.

Squirrel for SharePoint Dashboard
Key Takeaway Description
Archiving vs. Backup Archiving is for long-term storage of inactive data, while backups are for quick recovery in case of data loss. They serve different purposes but complement each other in data management strategies.
Benefits of Archiving Archiving helps reduce storage costs, improve system performance, and ensure compliance with legal and regulatory requirements by preserving important but inactive data.
Types of Archiving There are two main types of archiving: Digital (cloud or external storage for files and documents) and Physical (traditional storage of paper documents).
Squirrel for SharePoint Archiving Squirrel automates the archiving of SharePoint Online files to Azure Blob Storage, leaving stub files for easy restoration and ensuring all archived data is encrypted and securely stored.
Access to Archived Data Archived data is still accessible when needed, though it may take longer to retrieve. Systems like Squirrel allow quick rehydration of files with a single click, bringing back all versions and metadata.
Compliance and Legal Protection Archiving supports compliance with regulations like GDPR and HIPAA by ensuring data is securely stored for the required retention periods. Squirrel’s automated archiving features help businesses stay compliant effortlessly.
Security of Archived Data Modern archiving solutions encrypt archived data to ensure it is protected from unauthorised access. Squirrel encrypts all archived data in transit and at rest, ensuring compliance with security best practices.
Automated Archiving Archiving systems like Squirrel can automatically identify and move inactive files based on preset rules, making the process efficient and requiring minimal manual intervention.
Data Retrieval after Archiving Even if a company stops using an archiving solution, data can still be retrieved. Squirrel ensures that data can be rehydrated back to SharePoint, and manual scripts are available for decrypting data if necessary.

Types of Archiving

There are two primary types of archiving: digital archiving and physical archiving.

Digital Archiving: This is the most common form today, where digital files are stored in secure cloud platforms or external storage drives. These archives include emails, documents, databases, and more, all of which can be retrieved when needed. Digital archiving often comes with advanced features like encryption, versioning, and searchability to ensure secure and efficient data management.

Physical Archiving: Though becoming less common, physical archiving still exists in many industries. This refers to the storage of paper documents, files, and records in a dedicated space or off-site facility. It is particularly prevalent in industries where physical copies of documents, such as contracts or signed agreements, are legally required to be maintained.

Both digital and physical archiving serve the same core purpose: preserving data that is no longer in active use but may be required in the future for legal, historical, or reference purposes.

Why Archive Data?

There are several compelling reasons why both individuals and organisations choose to archive data. It’s not just about freeing up space but about ensuring long-term access to important information in a cost-effective and organised way. Below are some of the primary reasons for archiving data:

Data Retention and Compliance: Many industries are governed by strict regulations regarding data retention. Laws like the General Data Protection Regulation (GDPR) in Europe or the Health Insurance Portability and Accountability Act (HIPAA) in the U.S. require businesses to keep certain records for a specified period. Archiving helps organisations meet these compliance standards without keeping rarely used data in high-cost storage locations.

Storage Efficiency: As businesses grow, so does their data. Storing everything in high-performance systems quickly becomes expensive and inefficient. By moving infrequently accessed files to an archive, organisations can free up space on primary systems, improving performance and reducing storage costs. This is especially beneficial in environments like SharePoint or cloud-based systems where storage limits or high costs are a concern.

Data Backup Isn’t Enough: It’s a common misconception that backup systems alone can manage long-term data retention. While backups are critical for recovering data quickly after a disaster or system failure, they are not designed for long-term storage of inactive data. Archives, on the other hand, are optimised for long-term storage and can hold years or even decades of information in a secure, low-cost environment.

Benefits of Archiving

Archiving provides several key benefits, especially in a world where data continues to grow exponentially. Here’s a closer look at the advantages:

Cost Efficiency: By moving inactive data to cheaper, slower storage solutions, organisations can reduce the overall cost of managing their data. This is particularly true in cloud environments where high-performance storage can be costly. Archiving frees up space on expensive primary systems while preserving data for future use.

Improved Organisation: When unused data piles up in active storage systems, it becomes harder to manage and search for current files. Archiving old or infrequently used files creates a cleaner and more organised environment, improving overall productivity. This is especially useful for businesses that handle large amounts of data, such as law firms, financial institutions, or healthcare providers.

Compliance and Legal Protection: Many businesses must adhere to specific regulatory requirements around data retention and protection. By archiving critical files, organisations can ensure they meet these compliance standards. Archiving also offers legal protection by preserving data that may be needed for audits

How Archiving Works

The process of archiving, especially in digital systems, involves several key steps to ensure data is properly stored, managed, and retrievable when needed. Let’s break down how modern digital archiving typically works:

Identification of Inactive Data: The first step in the archiving process is identifying which files or data are no longer in active use but still need to be retained. This might involve setting rules based on file age, access frequency, or business relevance. For example, documents older than two years or files that haven’t been accessed in a year might be automatically flagged for archiving.

Transfer to Archive Storage: Once the files are identified, they are transferred from the active storage system to an archival solution, such as cloud storage or a dedicated archival server. During this process, data may be compressed or encrypted to ensure security and efficiency in storage.

Metadata Preservation: A key part of the archiving process is preserving the metadata of the archived files. Metadata includes details like the file name, creation date, author, and other important information that helps maintain the context and integrity of the archived data. In systems like Squirrel, metadata preservation is crucial for accurate retrieval and compliance.

Data Encryption and Protection: Archival data is often encrypted to ensure its security, especially when using cloud storage. Encryption ensures that only authorised users can access the files, protecting them from unauthorised access or breaches.

Retrieval When Needed: Although archived files are rarely accessed, they must remain easily retrievable when required. Good archiving systems allow users to search for and retrieve specific files based on metadata or keywords, ensuring that even old data can be accessed quickly when needed.

Key Use Cases for Archiving

Archiving plays a crucial role in various industries and sectors, each of which has specific reasons for needing a reliable and efficient archiving system. Here are a few key use cases:

Businesses and Enterprises: In most businesses, archiving is a standard practice to ensure long-term data retention, compliance with legal standards, and efficient use of storage. Files such as emails, financial records, contracts, and client data are often archived to avoid cluttering up active systems while keeping the data accessible for audits or legal purposes.

Healthcare: In the healthcare industry, patient records, billing information, and clinical data are subject to strict regulations regarding retention and privacy. Healthcare providers must ensure that medical records are archived securely and remain accessible for years after they are created. Archiving also helps organisations manage large volumes of data while remaining compliant with laws like HIPAA.

Legal and Financial Sectors: Both the legal and financial industries rely heavily on accurate and accessible records for everything from contracts and transactions to case files and tax records. Archiving helps these organisations meet regulatory requirements while keeping their primary systems efficient and well-organised.

Education: In the education sector, archiving is used to store historical student records, academic publications, and research data. With the ever-increasing volume of digital content being generated, universities and schools archive old materials to maintain system performance and comply with data retention policies.

Government and Public Sector: Governments often have long-term data retention requirements for historical, legal, or regulatory reasons. Archiving allows them to securely store records while ensuring that sensitive information is protected and can be accessed when needed, whether for audits, legal cases, or historical research.

Common Misconceptions About Archiving

There are several misconceptions about what archiving entails and how it differs from other data management practices. Let’s clarify a few:

Archiving Is Not the Same as Backup: Many people confuse archiving with data backups, but they serve different purposes. A backup is meant to restore data quickly in the event of a failure, while archiving is intended for long-term storage of inactive data. Archived data is typically less accessible but securely preserved for future use.

Archived Data Isn’t Lost or Deleted: A common fear is that once data is archived, it’s “gone” or no longer accessible. In reality, archived data is fully retrievable when needed. Modern archiving systems, like Squirrel, allow users to search, locate, and restore archived files easily, often with just a few clicks.

Archiving Doesn’t Mean Data Loses Its Value: Some might think that archived data is obsolete or irrelevant. However, just because data is no longer active doesn’t mean it has lost its value. In many industries, historical data is vital for audits, legal cases, business insights, or future projects. Archiving ensures that data is safely stored but still available for when it’s needed.

Conclusion

Archiving is an essential practice for both organisations and individuals, allowing for the efficient management of data by preserving files and documents that are no longer in active use but may be needed in the future. Whether for compliance, cost-efficiency, or simply to declutter your systems, archiving plays a vital role in modern data management.

By understanding what archiving means, how it works, and its benefits, businesses can make more informed decisions about how to manage their data in the long term. Whether through traditional physical archiving or modern digital solutions like Squirrel, the practice ensures that your data is secure, accessible, and cost-effective, making it a critical component of any data strategy.

FAQs About Archiving and Squirrel

What is archiving, and how is it different from backing up data?
Archiving is the process of moving inactive or infrequently accessed data to long-term storage, while keeping it accessible for future use. Backups, on the other hand, are primarily used for disaster recovery, ensuring that data can be quickly restored in the event of system failures or data loss. Archiving is more about long-term storage, while backups focus on quick restoration.

Squirrel: Squirrel provides an automated solution for archiving documents from SharePoint Online, ensuring that inactive files are securely moved to Azure Blob Storage while remaining accessible when needed.

Why should I archive my data?

Archiving improves storage efficiency by freeing up space on your active systems, reducing costs associated with high-performance storage, and helping to meet legal or regulatory compliance requirements. It also preserves historical data that may be valuable for audits, legal cases, or future reference.

Squirrel: Squirrel’s archiving solution helps businesses reduce costs by moving SharePoint documents to cheaper storage, while also ensuring compliance with data retention policies through automated archiving workflows.

How does Squirrel help with archiving?

Squirrel automates the archiving process for SharePoint Online, moving files to Azure Blob Storage based on lifecycle policies. It leaves stub files in SharePoint, allowing users to easily rehydrate or restore files with a single click. Squirrel also ensures that all archived data is encrypted and securely stored.

Can I still access my archived data easily?
Yes, archived data is still accessible, though it may take longer to retrieve than actively stored files. Good archiving systems provide search and retrieval functions, so you can easily locate and restore archived files.

Squirrel: With Squirrel, archived documents can be rehydrated by clicking on the stub file left in SharePoint. Squirrel retrieves all versions of the file, along with its metadata, ensuring a seamless restoration process.

How does archiving help with compliance and legal regulations?

Archiving allows businesses to meet data retention policies set by laws like GDPR or HIPAA. By securely storing old or inactive data, organisations can ensure that they comply with industry regulations without cluttering active systems.

Squirrel: Squirrel helps ensure compliance by automatically archiving documents in SharePoint according to retention policies. It also maintains metadata and versions, making it easier to manage and track compliance across archived files.

Is my archived data secure?

Yes, most modern archiving systems use encryption and other security measures to protect archived data from unauthorised access. Encryption ensures that even if the data is stored in the cloud, it remains protected.

Squirrel: All data archived by Squirrel is encrypted and stored securely in Azure Blob Storage. Squirrel’s architecture ensures data protection both in transit and at rest.

What types of data can be archived?
Any type of digital data can be archived, including emails, documents, databases, images, videos, and more. Physical documents can also be archived in the form of digital scans or paper storage.

Squirrel: Squirrel specifically archives documents from SharePoint Online, including all file types and versions, while retaining important metadata. It supports both individual files and complete site archives.

How long should data be archived for?
The length of time data should be archived depends on your industry, legal requirements, and business needs. Some data must be kept for a specified number of years, while other data may be archived indefinitely for future reference.

Squirrel: Squirrel can be configured to archive documents according to your organisation’s lifecycle policies, whether that means archiving after a certain period of inactivity or based on custom retention rules.

Can I automate the archiving process?

Yes, many archiving solutions, including Squirrel, offer automation features that automatically identify and archive files based on preset rules like file age, modification date, or access frequency.

Squirrel: Squirrel automates the archiving of SharePoint documents by identifying files based on your organisation’s policies and lifecycle rules, making it a hands-off process for administrators.

What happens if I stop using Squirrel – can I still access my archived data?

If you stop using Squirrel, you need to rehydrate your archived data before removing the system. Squirrel allows admins to restore data easily, ensuring that no documents are lost during the transition.

Squirrel: Squirrel’s system ensures that, even if you discontinue the service, your archived data can still be accessed, but it requires Squirrel to decrypt and restore files. Without Squirrel, the data remains encrypted, but SmiKar can provide a script to help manually decrypt the data if needed.

Archiving Doesn’t Have to Be Hard.

With Squirrel, easily archive SharePoint Online files based on lifecycle policies, while making it easy for Users to still access the files.

Squirrel Site Archive Settings

Archive SharePoint, Save Costs with Squirrel

Want to Start Archiving?

Contact Us Today

SharePoint Microsoft Information Protection

SharePoint Microsoft Information Protection

by | Sep 16, 2024 | SharePoint

Understanding SharePoint and Microsoft Information Protection (MIP)

A Comprehensive Guide

In today’s digital era, organizations increasingly rely on collaboration platforms to enhance productivity and streamline workflows. Microsoft SharePoint stands out as a leading solution, offering robust features for document management, team collaboration, and information sharing. It enables teams to work together efficiently, regardless of their physical locations, by providing a centralized hub for content, knowledge, and applications.

Squirrel Main Dashboard
Key Point Summary
Importance of Data Protection Protecting sensitive information is crucial in today’s digital landscape to prevent data breaches, comply with regulations, and maintain customer trust.
Microsoft SharePoint SharePoint is a leading collaboration platform that enables efficient teamwork through centralized content sharing and management.
Microsoft Information Protection (MIP) MIP is a comprehensive framework designed to discover, classify, label, and protect sensitive information across an organization, enhancing data security within platforms like SharePoint.
Integration of MIP with SharePoint MIP enhances SharePoint’s security by applying persistent protection at the data level, ensuring that documents remain protected even when shared or moved outside the platform.
Sensitivity Labels Labels that indicate the sensitivity level of data, triggering protection mechanisms such as encryption, access restrictions, and content markings that persist with the data.
Setting Up MIP in SharePoint Involves creating sensitivity labels, publishing them through label policies, and configuring settings specific to SharePoint content to protect data effectively.
Managing Labels Includes assigning labels manually or automatically, handling overrides and justifications for label changes, and ensuring users understand labeling practices to maintain consistent data protection.
Monitoring and Compliance Utilizing tools like Activity Explorer and audit logs to track label usage, ensure compliance with organizational policies, and generate reports for regulatory adherence.
Best Practices Developing a clear labeling strategy, training staff on data classification, and regularly reviewing and updating labels and policies to keep data protection measures effective and up-to-date.
Limitations and Considerations Being aware of compatibility issues with third-party integrations, potential performance impacts, and data residency concerns to mitigate challenges when implementing MIP in SharePoint.

However, with the surge in data creation and sharing, the importance of protecting sensitive information has never been more critical. Data breaches, unauthorized access, and compliance violations can lead to significant financial losses and damage to an organization’s reputation. As regulatory requirements become more stringent, businesses must ensure that their data protection strategies are up to par.

Enter Microsoft Information Protection (MIP)—a comprehensive framework designed to help organizations discover, classify, label, and protect sensitive information. MIP integrates seamlessly with SharePoint, enhancing its security capabilities and providing advanced tools to safeguard data throughout its lifecycle.

What is Microsoft Information Protection (MIP)?

MIP Definition and Core Objectives

Microsoft Information Protection is a suite of tools and services that enable organizations to protect their sensitive information, no matter where it resides or how it is used. The core objectives of MIP are:

  • Discovery: Identify sensitive data across your organization.
    Classification: Categorize data based on sensitivity levels.
    Labeling: Apply labels that persist with the data, indicating its sensitivity.
    Protection: Implement policies to control access and usage of the data.

By integrating these elements, MIP helps organizations maintain control over their data, meet compliance requirements, and reduce the risk of data breaches.

Key Components of MIP

  • Sensitivity Labels: Sensitivity labels are the cornerstone of MIP. They allow organizations to classify and protect data by applying labels that indicate the level of sensitivity. Labels can trigger encryption, watermarking, headers, footers, and access restrictions. For example, a “Confidential” label might encrypt a document and prevent it from being shared externally.
  • Label Policies: Label policies govern how sensitivity labels are deployed and managed across the organization. Administrators can define which labels are available to users, set default labels for new documents, and configure mandatory labeling. Policies can be scoped to specific users, groups, or locations, providing flexibility in implementation.
  • Data Classification and Protection: MIP leverages automated processes to classify and protect data. Using content inspection and pattern recognition, it can identify sensitive information like credit card numbers, social security numbers, and other personally identifiable information (PII). Once identified, the appropriate sensitivity label can be applied automatically, ensuring consistent protection.

Integration of MIP with SharePoint

How Microsoft Information Protection Enhances SharePoint’s Security Features

While SharePoint provides robust security mechanisms like permissions management and access controls, integrating MIP adds an extra layer of protection at the data level. MIP ensures that security travels with the data, so even if a document is downloaded, emailed, or moved to another location, the protection remains intact. This persistent protection is crucial in today’s mobile and cloud-centric work environments.

The Role of Sensitivity Labels in SharePoint Libraries and Lists

In SharePoint, sensitivity labels can be applied to documents, libraries, and lists. When a label is applied:

  • At the Document Level: Individual files carry the label, controlling access and usage based on the label’s configuration.
  • At the Library or List Level: All items within inherit the default label, ensuring consistent classification and protection across multiple documents or entries.

Users can manually apply labels or rely on automatic labeling policies set by administrators. This flexibility allows organizations to balance user autonomy with centralized control.

Protecting Documents and Data Within SharePoint Using MIP

By integrating MIP with SharePoint, organizations can:

  • Enforce Access Restrictions: Limit who can view or edit sensitive documents, even within the organization.
  • Apply Encryption: Protect data at rest and in transit, ensuring that only authorized users can access the content.
  • Enable Auditing and Monitoring: Track how and when sensitive information is accessed or shared, providing insights for security audits.
  • Implement Data Loss Prevention (DLP): Prevent the accidental or intentional sharing of sensitive information outside authorized channels.

This integration empowers organizations to maintain a high level of security without hindering collaboration and productivity.

Setting Up MIP in SharePoint

Prerequisites for Enabling MIP Features

This section provides a practical guide on how to implement MIP within a SharePoint environment. It outlines the prerequisites necessary for enabling MIP features, such as having the appropriate Microsoft 365 subscriptions and administrative permissions. The steps to create and publish sensitivity labels are detailed, along with instructions on configuring label policies specifically for SharePoint content. This guidance equips organizations with the knowledge to effectively set up MIP to protect their data. 

Before you begin implementing Microsoft Information Protection in SharePoint, ensure that your environment meets the necessary prerequisites:

  • Microsoft 365 Subscription: You need a subscription that includes MIP features, such as Microsoft 365 E3 or E5 licenses.
  • Administrative Permissions: Ensure you have the necessary permissions to access the Microsoft 365 Compliance Center and configure sensitivity labels and policies.
  • Updated Clients: For features like automatic labeling to work effectively, users should have the latest versions of Office applications installed.

Steps to Create and Publish Sensitivity Labels

  • Access the Compliance CenterNavigate to the Microsoft 365 Compliance Center via the admin portal.
  • Create Sensitivity Labels: 
  • Go to Classification > Sensitivity labels.
  • Click on Create a label.
  • Name and Description:
  • Provide a clear name and description for the label to help users understand its purpose.
  • Configure Label Settings:
  • Encryption: Decide if you want to encrypt content with this label. Specify permissions and access levels.
  • Content Marking: Add watermarks, headers, or footers to labeled documents.
  • Site and Group Settings: Define privacy settings for SharePoint sites when this label is applied.

Publish the Labels:

  • After creating labels, publish them by creating a label policy.
  • Select the labels to include in the policy.
  • Choose the users or groups to whom the labels will be available.
  • Configure policy settings, such as mandatory labeling or default labels.

Configuring Label Policies for SharePoint Content

  • Select Locations: In the label policy, ensure that SharePoint sites and OneDrive accounts are selected as locations where labels are applied.
  • Policy Settings: Mandatory Labeling: Require users to apply a label before saving documents.
  • Default Labels: Set a default label for documents stored in SharePoint.
  • Automatic Labeling: Configure rules to automatically apply labels based on content inspection. Set conditions using sensitive information types or custom keywords.
Managing Sensitivity Labels

Managing sensitivity labels is crucial for maintaining ongoing data protection. This section discusses how labels can be assigned to documents and sites, highlighting the differences between manual and automatic labeling. It also covers how to handle situations where label changes are necessary, including the processes for overriding labels and providing justifications. By understanding these management strategies, organizations can ensure that their labeling policies remain effective and adaptable to their needs.

Assigning Labels to Documents and Sites

  • Manual LabelingUsers can manually apply sensitivity labels within Office applications or directly in SharePoint by selecting the appropriate label from a dropdown menu.
  • Labeling SharePoint SitesWhen creating a new SharePoint site, you can assign a sensitivity label that dictates the site’s privacy settings and external sharing capabilities. 

Automatic Labeling vs. Manual Labeling 

  • Automatic Labeling:
  • Benefits: Ensures consistent application of labels, reduces reliance on user actions, and helps in compliance.
  • Implementation: Set up rules based on content patterns, such as detecting credit card numbers or personal identification information.
  • Manual Labeling:
  • Benefits: Allows users to apply their judgment to classify content appropriately.
  • Considerations: Requires training and awareness to prevent mislabeling.

Overriding and Justifying Label Changes 

  • Policy Configuration:
    • Administrators can configure policies to allow or prevent users from changing or removing labels.
  • Justification Requirement:
    • If allowed, users may be required to provide a justification for changing a label to a less restrictive one.
  • Audit Logging:
    • All label changes and justifications are logged, enabling administrators to review and audit these actions.

Monitoring and Compliance

Monitoring label usage and ensuring compliance are essential aspects of data protection. This section explores the tools available within MIP for tracking how sensitivity labels are applied across SharePoint. It emphasizes the importance of using analytics, audit logs, and reporting features to maintain compliance with organizational policies and regulatory requirements. The ability to monitor and report on label usage helps organizations identify potential issues and demonstrate compliance during audits.

Tracking Label Usage and Analytics

  • Label Activity Explorer:
    • Access the Activity Explorer in the Compliance Center to monitor how sensitivity labels are being used across the organization.
  • Usage Reports:
    • Generate reports that show the distribution of labels, helping identify trends and areas that may require additional attention.

Ensuring Compliance with Organizational Policies

  • Data Loss Prevention (DLP):
    • Integrate MIP with DLP policies to prevent sensitive information from being shared inappropriately.
  • Compliance Score:
    • Utilize Microsoft’s Compliance Score to assess your organization’s compliance posture and identify improvement areas.
  • Regular Audits:
    • Conduct periodic reviews of label usage and policy effectiveness to ensure ongoing compliance with regulations like GDPR or HIPAA.

Reporting Features within MIP for SharePoint

  • Audit Logs:
    • Enable audit logging to track actions such as label application, modification, and removal.
  • Alerts and Notifications:
    • Set up alerts for specific activities, such as attempts to remove a sensitivity label from highly confidential documents.
  • Custom Reports:
    • Create custom reports to meet specific compliance or governance requirements, providing stakeholders with the necessary insights.

The conclusion reiterates the critical role that Microsoft Information Protection plays in safeguarding data within SharePoint. It summarizes the key points discussed throughout the guide, emphasizing the benefits of integrating MIP into an organization’s data protection strategy. The section encourages organizations to take proactive steps in implementing MIP to enhance their security posture and comply with regulatory requirements. It also points readers toward additional resources and references for further exploration of MIP and its features.

Frequently Asked Questions (FAQs)

What is Microsoft Information Protection (MIP)?

MIP is a suite of tools and services provided by Microsoft to help organizations discover, classify, label, and protect sensitive information across various platforms, including SharePoint. It aims to secure data by applying persistent protection that travels with the data wherever it goes.

How does MIP integrate with SharePoint?

MIP integrates with SharePoint by allowing the application of sensitivity labels to documents, libraries, and sites within SharePoint. These labels control access, enforce encryption, and apply protection policies directly within the SharePoint environment, enhancing its native security features.

What are sensitivity labels and how do they function?

Sensitivity labels are tags assigned to data that indicate its level of sensitivity, such as “Confidential” or “Public.” When applied, they can enforce protection actions like encryption, restrict access, add watermarks, and ensure that these protections remain with the data even when it’s shared or moved.

Can sensitivity labels be applied automatically in SharePoint?

Yes, administrators can configure automatic labeling policies that use content inspection and pattern recognition to detect sensitive information and apply appropriate labels without user intervention, ensuring consistent data protection across the organization.

What are the prerequisites for implementing MIP in SharePoint?

 Prerequisites include having a Microsoft 365 subscription that supports MIP features (such as E3 or E5 licenses), sufficient administrative permissions to configure labels and policies, and ensuring that users have updated Office applications to utilize all MIP functionalities.

How does MIP assist with regulatory compliance?

MIP helps organizations comply with regulations like GDPR or HIPAA by providing tools to classify and protect sensitive data, enforce data handling policies, and generate reports and audit logs that demonstrate compliance efforts to regulatory bodies.

What best practices should be followed when setting up sensitivity labels?

Organizations should develop a clear and straightforward labeling strategy, limit the number of labels to avoid user confusion, provide comprehensive training to staff on how to classify data correctly, and regularly review and update labels and policies to adapt to new risks or regulations.

Are there any limitations when using MIP with SharePoint?

Potential limitations include compatibility issues with third-party applications that may not recognize MIP labels, performance impacts due to resource consumption by automatic labeling processes, and considerations regarding data residency and sovereignty in different geographic regions.

Can users change or remove sensitivity labels, and how is this managed?

Administrators can configure policies to allow or restrict users from changing or removing sensitivity labels. If permitted, users may be required to provide a justification for the change, and all label modifications are logged for auditing purposes to maintain accountability.

What future enhancements are expected for MIP in relation to SharePoint?

Future developments may include more advanced analytics, improved integration with other Microsoft services like Teams, and the use of AI and machine learning to enable more intelligent data classification and adaptive policy enforcement, further strengthening data protection capabilities.

Reducing SharePoint Online Costs Doesn’t Have to Be Hard.

Squirrel simply reduces your SharePoint Online costs by moving files that havent been accessed or modified set by your own lifecycle policies to cheaper Azure Blob Storage.

Squirel Storage Comparison

Archive SharePoint Online Documents without reducing user functionality with Squirrel

Want to Reduce your SharePoint Costs?

Contact Us Today

Securing External Sharing in SharePoint Online

Securing External Sharing in SharePoint Online

by | Sep 12, 2024 | SharePoint

A Comprehensive Guide to sharing with external parties in SharePoint Online

In today’s interconnected business world, external collaboration is essential. SharePoint Online provides the flexibility to share documents with external partners, clients, and vendors, but this can also expose organizations to data security risks. Securing external sharing while ensuring smooth collaboration is key to maintaining trust and protecting sensitive information. Here’s how you can achieve that balance.

Squirrel Main Dashboard
Sharepoint External Sharing

Best Practices for Secure External Sharing in SharePoint Online

SharePoint Online enables powerful collaboration with partners, vendors, and clients—but it must be done securely. This guide outlines seven critical best practices that will help you safeguard sensitive information while enabling productivity.

1. Define Organization-Wide Sharing Policies

Set boundaries on what can be shared, who can share it, and how sharing happens across departments. Limit permissions for sensitive areas like HR while enabling flexibility for teams like marketing.

  • Restrict sharing to authenticated users only
  • Use site-level permissions for sensitive departments

2. Enforce MFA and Conditional Access

Multi-Factor Authentication (MFA) and Conditional Access provide layered security. Use them to restrict access based on location, device type, or sign-in behavior.

  • Require MFA for all external collaborators
  • Use conditional rules to block access from unmanaged devices

3. Use Sensitivity Labels and Microsoft Information Protection

Protect sensitive data using Microsoft Information Protection (MIP) tools. Sensitivity labels classify content and apply security policies automatically.

  • Auto-encrypt confidential documents
  • Limit forwarding and editing via access controls

4. Use Specific People Sharing & Set Expiration Dates

Avoid using “Anyone with the link.” Instead, choose “Specific people” to control exactly who can access files. Always set link expiration dates for time-bound access.

5. Monitor and Audit External Sharing

Use SharePoint audit logs and alerts to monitor unusual file-sharing behavior. Investigate mass downloads or access from unrecognized locations.

  • Enable alerting for risky sharing events
  • Conduct monthly audits of external access logs

6. Leverage Azure AD B2B for Guest Management

Use Azure AD B2B to manage external users as guests. Apply the same policies you do for internal users—MFA, device restrictions, and more.

  • Secure onboarding/offboarding of external users
  • Centralize control and automate access provisioning

7. Use Access Reviews and Guest Expiration Policies

Review guest access quarterly and revoke accounts that are no longer needed. Set expiration timelines for guest access to automate offboarding.

Decision Matrix

Scenario Best Practice
Temporary vendor access Specific people link + expiration + MFA
Long-term partner collaboration Azure B2B + sensitivity labels + access reviews
One-time file delivery Specific people link + expiration
Tip: Squirrel can help reduce risks and storage bloat by archiving externally shared files based on policy. Learn how Squirrel supports secure governance →

Conclusion

Secure external sharing in SharePoint Online is achievable with a layered, policy-driven approach. By using built-in Microsoft tools like MFA, Conditional Access, and Sensitivity Labels—plus managing guest access with Azure AD—you can keep data safe while supporting collaboration.

Adopt these seven steps to build a SharePoint environment that’s both collaborative and secure.

FAQs: Secure External Sharing in SharePoint Online

1. Can I disable external sharing entirely?

Yes, SharePoint Online allows you to disable external sharing at both the tenant and site level.

2. Is using ‘Anyone with the link’ ever safe?

This option is not recommended for sensitive content. Use “Specific People” links with expiration dates for better control.

3. What happens when a guest user’s access expires?

The guest account is automatically removed based on the expiration policy you configure.

4. How often should I run access reviews?

Quarterly access reviews are recommended to ensure external access remains current and justified.

5. Can I track who accessed a shared document?

Yes, SharePoint provides detailed audit logs that track document access and sharing activity.

Managing Your SharePoint Online Costs Doesn’t Have to Be Hard.

With Squirrel, you can reduce your SharePoint Online Storage cost without reducing deleting a file. Intelligent Archiving for SharePoint made easy with Squirrel.

Squirrel for SharePoint Site Size Reporting

Archive SharePoint Online without reducing Functionality with Squirrel

Ready To Get Saving?

Contact Us Today

Best Practices with Microsoft 365 Compliance Center

Best Practices with Microsoft 365 Compliance Center

by | Sep 5, 2024 | SharePoint, Squirrel

Maximizing Archiving in SharePoint Online

As businesses continue to generate and store massive amounts of data, effective document management becomes increasingly important. SharePoint Online, one of Microsoft 365’s core collaboration tools, allows organisations to store, share, and manage documents effortlessly. However, simply storing data isn’t enough—effective archiving is essential to ensure compliance, optimize storage costs, and preserve critical information for the long term.

Squirrel Main Dashboard
Archiving is not just about saving space; it’s about maintaining control over your data’s lifecycle, ensuring that documents are retained or removed according to legal, regulatory, and operational requirements. Microsoft provides built-in archiving tools within the Microsoft 365 Compliance Center, which help organisations manage data retention, govern compliance, and enable efficient document lifecycle management. This post will explore how you can leverage these features and how Squirrel—an automated document archiving solution for SharePoint—can further enhance your archiving strategy.
Key Takeaway Description
Retention Labels Classify and manage document lifecycles in SharePoint Online for compliance purposes. Labels can be applied manually or automatically.
Retention Policies Apply broad retention rules across entire SharePoint sites to ensure consistency in document management and compliance.
Microsoft Information Protection (MIP) Use MIP to classify and protect sensitive documents through encryption and restricted access, ensuring only authorised users can view or edit documents.
Squirrel Integration Squirrel enhances SharePoint Online by automatically archiving documents to Azure Blob Storage, optimising costs and storage management.
Stub Files Squirrel leaves stub files in place of archived documents, allowing users to easily rehydrate files with one click, maintaining a seamless user experience.
Version Control Squirrel preserves document versions and metadata, ensuring full restoration of documents with their complete history.
Cost Savings Archiving older or inactive documents to Azure Blob Storage with Squirrel reduces SharePoint storage costs significantly.
Compliance and Security Combining Microsoft 365 Compliance Center with Squirrel ensures compliance with regulatory requirements while maintaining secure and encrypted document archives.
Best Practices Regularly test your archiving strategy, ensure encryption keys are managed correctly, and adjust archiving policies to match evolving business and legal requirements.

Microsoft 365 Compliance Center Overview

The Microsoft 365 Compliance Center is your command center for managing data retention, information protection, and compliance across all Microsoft 365 services, including SharePoint Online. It is designed to help organisations address a range of data governance needs, from basic archiving and retention to advanced compliance requirements such as legal holds and information governance.

Through this centralized interface, you can configure policies that determine how long your content is kept, when it is deleted, and how you can ensure compliance with both internal policies and external regulations. Let’s dive into two of the most important tools offered by the Compliance Center for archiving and retention in SharePoint Online: Retention Labels and Retention Policies.

Retention Labels

Retention labels are one of the primary ways you can classify and manage the lifecycle of documents in SharePoint Online. By applying retention labels, you essentially instruct SharePoint on how to handle a document over its lifetime—whether that means retaining it for a specified period, archiving it, or deleting it after it’s no longer needed.

Key Features of Retention Labels:

  • Classification and Lifecycle Control: Retention labels allow organisations to classify documents based on predefined criteria such as document type, content, or sensitivity. This classification directly informs how long the document will be retained, when it should be archived, and when it should be deleted.
  • Automatic and Manual Application: Labels can be applied manually by users or automatically based on rules that examine the document’s content or metadata. For example, you could configure a rule to automatically apply a retention label to all documents containing sensitive information, like financial data or client records.
  • Retention Without Deletion: One of the standout features of retention labels is the ability to preserve documents without necessarily deleting them. This means you can configure a document to be retained and archived beyond its active use, ensuring it is still accessible for legal or compliance reasons while not cluttering up active document libraries.
  • Label Policies: Retention labels are part of a larger retention strategy where you can define policies that group multiple labels together, helping ensure that documents across various departments, such as HR, Finance, or Legal, are archived or retained according to specific rules.

How Retention Labels Work in SharePoint Online:

Retention labels work seamlessly within SharePoint Online by attaching directly to documents or entire libraries. For instance, you could apply a retention label to every document within a particular site collection or document library to ensure that all documents are kept for a period of 7 years (a common legal requirement) before being archived or deleted.

Once the label is applied, SharePoint enforces the retention period defined by the label. If a document needs to be archived after 5 years, the system ensures that the document is preserved in its archived state and is either automatically moved to an archive library or retained in place for further compliance purposes.

Retention Policies

While retention labels are highly useful for classifying and managing individual documents, Retention Policies provide a broader, more holistic approach to data retention across entire SharePoint Online environments. These policies allow you to define retention rules that apply to entire site collections or even across multiple services within Microsoft 365, such as Exchange or OneDrive.

Key Features of Retention Policies:

  • Site-Wide Application: Retention policies apply to all content within a specific site, ensuring that every document, list, or library is managed under a single set of retention rules. This is particularly helpful when you need to ensure compliance across an entire department or project.
  • Consistent Retention Across Workloads: One of the most powerful aspects of retention policies is their ability to govern retention across multiple Microsoft 365 services. This means you can apply a single retention policy that ensures consistency across SharePoint, OneDrive, and Exchange—important for organisations with complex workflows that span multiple platforms.
  • Archiving and Deletion Triggers: Retention policies can be configured to trigger document archiving or deletion based on various conditions. For instance, documents might be archived after a set period of inactivity, or they might be retained for legal reasons until a case is closed. These automated triggers help organisations stay compliant without requiring constant manual intervention.

How Retention Policies Work in SharePoint Online:

Retention policies in SharePoint Online work by monitoring the activity of documents and applying the rules defined in the policy. For example, a retention policy might specify that all documents within a specific project site must be archived after 3 years of inactivity. SharePoint automatically applies these rules, ensuring that the documents are moved to a more cost-effective archive location or deleted once the retention period has ended.

Microsoft Information Protection (MIP)

In addition to retention labels and policies, organisations often need to go a step further when it comes to protecting sensitive data, especially in industries that require strict compliance with regulations like GDPR or HIPAA. This is where Microsoft Information Protection (MIP) comes into play. MIP helps organisations classify, label, and protect sensitive information across SharePoint Online, as well as other Microsoft 365 services.

How MIP Works in SharePoint Online:

MIP allows organisations to classify and label documents based on sensitivity. For example, documents that contain financial data, intellectual property, or personally identifiable information (PII) can be labelled as “Confidential” or “Highly Sensitive.” These sensitivity labels can then trigger various protection measures, such as encryption or restricted access, to ensure that only authorised users can view or edit the document.

MIP integrates directly with Azure Information Protection (AIP) to apply encryption and other protections to files. Once a sensitivity label is applied, the file is protected, regardless of where it is stored or shared. This is particularly important for SharePoint Online, where documents are often shared widely across teams and departments.

Encryption and Compliance with MIP:

When it comes to archiving, MIP adds another layer of complexity due to its encryption capabilities. Files that are encrypted by MIP are secured with a set of encryption keys managed either by Microsoft or by the customer (in cases where Customer Key is used). This can introduce challenges when archiving encrypted files, as organisations must ensure that the encryption keys remain accessible for the duration of the archive period.

Potential Challenges:

  • Key Rollover: Encryption keys can change over time, a process known as “key rollover.” If a document is archived for several years, and the encryption key is rolled over or no longer accessible, it may become difficult—or even impossible—to decrypt the document when it is needed in the future.
  • Decryption Limitations: While MIP ensures that sensitive data remains protected, it can also limit how and when documents can be decrypted. For instance, if a document is archived with Squirrel but has MIP encryption applied, Squirrel will not be able to decrypt the document because it cannot access the MIP encryption keys.

To mitigate these challenges, it’s crucial for organisations to carefully manage their encryption policies and key lifecycles, ensuring that they remain in sync with archiving strategies.

How Squirrel Complements SharePoint Online Archiving

While Microsoft provides robust tools for retention and protection, these features alone may not be sufficient for organisations managing large-scale SharePoint environments. This is where Squirrel steps in, offering a powerful, automated archiving solution designed specifically for SharePoint Online.

Squirrel extends and complements Microsoft’s native archiving capabilities, providing additional flexibility, cost savings, and features that make managing the document lifecycle more efficient.

Here’s how Squirrel adds value:

Squirrel’s Seamless Integration with SharePoint Online

Squirrel is built to work hand-in-hand with SharePoint Online, leveraging Microsoft’s APIs to ensure a seamless and transparent experience for administrators and users alike. The integration with SharePoint allows Squirrel to automatically archive documents based on predefined policies, moving them to more cost-effective storage without requiring manual intervention from users or IT teams.

Unlike Microsoft’s native retention labels and policies, which primarily focus on compliance and governance, Squirrel is designed to optimise storage costs by moving older, inactive documents to Azure Blob Storage, freeing up valuable SharePoint storage space.

Squirrel’s Key Features for SharePoint Online Archiving

  • Automated Document Archiving: Squirrel allows organisations to set up lifecycle policies that automatically archive documents from SharePoint Online based on various criteria such as document age, inactivity, or size. Once archived, the documents are moved to Azure Blob Storage, significantly reducing storage costs while maintaining accessibility.
  • Stub Files for Easy Rehydration: One of Squirrel’s standout features is its use of “stub files.” When a document is archived, Squirrel replaces the original file in SharePoint with a small placeholder (stub file) that maintains the file’s original name and location. Users can simply click the stub file to “rehydrate” the document back to its original state, restoring all versions and metadata in the process. This creates a seamless experience for users, as they can retrieve archived documents with minimal effort.
  • Version Control and Metadata Preservation: When Squirrel archives a document, it doesn’t just move the current version—it archives all versions of the document along with its metadata (e.g., tags, permissions, audit logs). This ensures that when the document is rehydrated, it retains all the historical information that may be required for legal or regulatory purposes.  
  • Data Encryption and Security: Like Microsoft, Squirrel takes data security seriously. All documents archived by Squirrel are encrypted and stored securely in Azure Blob Storage. Importantly, Squirrel manages its own encryption layer, which means that while MIP-encrypted documents can still be archived, Squirrel does not handle their decryption. Instead, it stores these documents in their encrypted state, ensuring compliance without compromising security.  
  • Cost-Effective Storage: By archiving inactive or infrequently accessed documents to Azure Blob Storage, Squirrel helps organisations significantly reduce their SharePoint storage costs. Given that Azure Blob Storage is much cheaper than SharePoint storage, this can result in substantial savings for organisations managing large volumes of data.  
  • Compliance and Retention: Squirrel works in tandem with Microsoft’s retention policies, ensuring that documents are archived according to legal or regulatory requirements. This dual approach ensures that documents are both securely stored and accessible when needed.

Best Practices for Archiving SharePoint Documents

Effectively managing your SharePoint Online environment requires a comprehensive archiving strategy that addresses both storage optimisation and regulatory compliance. By combining the capabilities of Microsoft 365 Compliance Center with a dedicated archiving solution like Squirrel, organisations can create a more efficient, secure, and cost-effective data management system.

Here are some best practices to help you get the most out of both tools:

1. Leverage Retention Labels and Policies for Compliance

Start by establishing clear data retention policies that align with your organisation’s compliance requirements. Microsoft 365 Compliance Center’s retention labels and policies are powerful tools that help ensure your documents are managed according to internal guidelines and external regulations.

Best Practice: Use retention labels to classify documents based on content sensitivity, legal requirements, or department-specific needs (e.g., legal, HR, or finance documents). For example:

  • Apply retention labels to documents that must be archived for a specific period (e.g., 7 years) before deletion.
  • Use retention policies to enforce document retention and archival for entire SharePoint sites or libraries, ensuring consistency across your environment.

Retention labels and policies should be reviewed regularly to ensure they remain up-to-date with evolving compliance regulations and business needs.

2. Implement Sensitivity Labels for Additional Security

For organisations dealing with sensitive information, such as personally identifiable information (PII), financial data, or intellectual property, Microsoft Information Protection (MIP) is essential. Sensitivity labels not only classify data but also protect it through encryption and restricted access.

Best Practice: Apply sensitivity labels to protect sensitive files and ensure only authorised users can access them. If you archive documents with Squirrel, be aware that MIP encryption will remain intact, and you’ll need to manage encryption keys carefully to ensure access during the archiving period.

Key Consideration: Before archiving, ensure you have a process in place to maintain access to encryption keys, especially if your organisation rotates encryption keys or enforces key rollover policies. Failure to maintain these keys may result in an inability to decrypt archived documents when they are restored.

3. Use Squirrel for Cost-Effective Archiving

While Microsoft 365 Compliance Center provides robust data governance, it does not directly address storage cost optimisation. This is where Squirrel’s automated archiving solution comes into play, enabling you to move large volumes of inactive or infrequently accessed documents from SharePoint to Azure Blob Storage, where the cost of storage is significantly lower.

Best Practice: Configure Squirrel to automatically archive documents based on criteria such as:

  • Document age (e.g., archive documents older than 1 year).
  • Inactivity (e.g., archive documents that haven’t been accessed in 6 months).
  • File Type (e.g. archive files based on file extension)

By archiving these documents to Azure Blob Storage, you’ll free up SharePoint storage, potentially saving your organisation thousands of dollars annually.

Bonus Tip: Monitor your SharePoint storage usage and adjust Squirrel’s archiving policies regularly to ensure that only the most relevant data remains in active storage. You can also archive entire site collections or large document libraries that are no longer actively used but need to be retained for compliance purposes.

4. Maintain Metadata and Version History with Squirrel

One common challenge when archiving documents is the risk of losing important metadata and version history. Fortunately, Squirrel ensures that all versions and metadata associated with a document are preserved during the archiving process. This is especially useful when dealing with legal or regulatory requirements where version history must be maintained.

Best Practice: Enable Squirrel’s version control feature to ensure that when a document is archived, all versions are stored and can be restored alongside the original document. This allows your team to easily rehydrate a document back to its original state without losing any historical context.

This level of detail is essential for audit trails, legal discovery, or compliance checks, where the full history of a document’s changes must be available.

5. Use Squirrel’s Stub Files for Seamless Rehydration

Squirrel’s use of stub files makes it easy for users to access archived documents without disrupting their workflow. When a file is archived, a lightweight placeholder remains in SharePoint Online, allowing users to rehydrate the file with a single click. This eliminates the need for manual document retrieval, making the process transparent to end users.

Best Practice: Leverage stub files to create a seamless experience for your users. When Squirrel archives a document, users won’t even notice it’s been moved to Azure Blob Storage. They can simply click the stub file when they need access, and the document will be rehydrated with all its versions and metadata intact.

This feature can be especially useful in environments where users frequently need access to older documents but don’t want the hassle of navigating an archiving system.

6. Regularly Test and Validate Your Archiving Strategy

A successful archiving strategy isn’t something you “set and forget.” Regular testing and validation are crucial to ensure that your retention policies, sensitivity labels, and archiving workflows are functioning as expected.

Best Practice: Perform regular checks to:

  • Ensure that documents are being archived according to your retention policies.
  • Verify that archived documents can be successfully rehydrated using Squirrel’s stub files.
  • Test the accessibility of MIP-encrypted documents to ensure that encryption keys are still valid and accessible during the archiving period.

Incorporating these tests into your data governance routine will help avoid surprises when you need to restore critical documents or meet regulatory audits.

Conclusion

Effectively managing the lifecycle of your SharePoint Online documents requires a balance between compliance, security, and storage optimisation. Microsoft 365 Compliance Center offers powerful tools for retention and protection, but integrating a dedicated archiving solution like Squirrel can significantly enhance your organisation’s ability to manage large volumes of data cost-effectively.

By using Microsoft’s retention labels, policies, and sensitivity labels in tandem with Squirrel’s automated archiving, version control, and stub file rehydration features, you can create a comprehensive archiving strategy that meets your organisation’s needs for both compliance and efficiency.

Whether you’re archiving to reduce storage costs, retain documents for regulatory reasons, or secure sensitive data, combining these tools ensures that your organisation stays compliant, secure, and cost-effective—all while providing a seamless experience for end users.

Reduce SharePoint Storage Costs with Squirrel

Squirrel automatically archives inactive documents to Azure Blob Storage, which is significantly cheaper than storing them within SharePoint Online. By optimising storage costs, organisations can save thousands annually without compromising data accessibility.

Squirel Storage Comparison

Cost-Efficient Archiving for SharePoint Online with Squirrel

Curious about Squirrel?

CONTACT US