2toLead recently worked with one of Atlantic Canada’s largest regional law firms. They reached out to us for guidance on using SharePoint Online to share information with external users, primarily their clients.
They were curious to explore the use of SharePoint Online for their clients and ensure they had easy and secure access while experiencing the platform. The team was particularly interested in the key areas that would help them secure access, ensure sensitive information was protected, and learn how to guarantee the configuration needed for Extranet sites was repeatable to keep compliant and maintain consistency.
The law firm was looking for a team that had the same philosophies around innovating and customer excellence. 2toLead was a great choice given our extensive experience building Intranet and Extranet portals as well as our breadth and depth of knowledge in the Microsoft 365 platform. The client’s primary need was to move towards building an extranet service based on SharePoint Online that integrates with other systems for a more cohesive client experience. Join us in taking a look at the journey we took to better governed and more secure sharing.
To determine the team’s specific needs, we began our journey by holding a series of discovery sessions. These interactive discussions centered on governance, security, and compliance. The team was highly engaged and keen to learn what is possible in the platform, so we peeled back the various layers of Microsoft 365. We did this to ensure we had a common understanding of the platform’s possibilities and gain user needs and insights that would drive our recommendations towards what specific areas needed to be defined and configured.
While the storefront for an extranet based on Office 365 is traditionally a SharePoint Extranet, we reviewed the different areas where the platform is malleable to configure a safe and secure collaboration experience. Along the way, we dove in to discuss Azure Active Directory, Microsoft 365 Groups, SharePoint, and OneDrive external sharing. We also looked at relevant policies and settings in Microsoft Teams to ensure proper coverage of the many ways one can collaborate and share with others.
The team was particularly interested in the platform’s federation and single sign-on capabilities (as they were using a third-party solution to accomplish this goal. A more extensive and organization-specific analysis was done to identify the level of support and effort to migrate the SSO capability from the third-party platform to Azure Active Directory.
In isolation, these capabilities allow us to configure the main pieces. However, we took special consideration in managing the container’s lifecycle, site provisioning, and guest management.
Our findings raised important considerations for managing and automating these crucial processes to establish a repeatable and auditable process that balances business agility and security.
Our compliance discussions highlighted the need for defining a set of policies and labeling that can support users on day one of using their extranet and prevents leakage of sensitive information. On the other hand, the need to define retention based on key document types, locations, automated or manual led to raising awareness and establishing an information governance strategy to support internal and external users as they adopt the new system.
On the security front, we also evaluated the need for defining a clear set of policies to ensure the right people have the proper access to data. Azure Active Directory played a vital role in these discussions. Capabilities such as Multi-Factor Authentication, Conditional Access, Terms of Use, and advanced group management provided the team with the right pieces to strengthen their security posture. These essential pieces would help provide peace of mind, even as they bring guest users into the Extranet environment.
Another important consideration for security was the ability to audit user activity. The unified audit logging capabilities of the platform complement their existing investments on security.
These capabilities support the team by being alerted of critical risks associated with external sharing and other administration related tasks, ensuring prompt detection and mitigation should the need arise.
By performing access reviews using the Azure Active Directory capabilities, the team can ensure the right people have access to resources by periodically triggering reviews and providing the information to the owners of the content to attest to the access granted.
While the journey continues for the law firm, the team now has a roadmap that sets out a clear path to follow based on business needs and prioritized next steps. Key milestones include defining their governance and information architecture needs towards automation of extranet site creation. In parallel, the team works with relevant parties to refine integration points with other systems to further enhance their clients’ experience.
For many organizations, the world of Microsoft 365 is uncharted territory. If you are unsure about what you need for your digital transformation journey, reach out to us. Our strategy services can help you identify the key pieces to consider and set you up for success. Better yet, if you need a team of experts and passionate consultants to walk the path with you, let us tag along and bring the umbrella to protect you from rainy days.
