Bill Baer /bɛːr/

Skip to main content

Banner

 
Bill Baer /bɛːr/
Bill Baer is a Senior Product Manager for Microsoft 365 at Microsoft in Redmond, Washington.

A primer on SharePoint Advanced Management

A primer on SharePoint Advanced Management

A primer on SharePoint Advanced Management

  SharePoint Advanced Management Purview E5

About SharePoint Advanced Management

Microsoft Syntex - SharePoint Advanced Management is a Microsoft 365 add-on that provides a suite of features that help:

  • Manage and govern SharePoint and OneDrive
  • Enhance Microsoft 365 secure collaboration capabilities

Comparing compliance options in Microsoft 365

SharePoint Advanced Management and Microsoft 365 compliance capabilities both provide comprehensive compliance and data governance solutions to help manage risk, protect and govern sensitive data, and respond to regulatory requirements; however, differ in scope and intended audience.

When compared to Purview or compliance capabilities in E5, SharePoint Advanced Management is intended to provide fine grain control at the specific content level such as Document Libraries or Sites – which are typically the responsibility of SharePoint/site administrators and/or site owners within an organization. The most common use case scenarios are management of content spawl, oversharing of content, and content lifecycle etc., at a granular level such as documents, document libraries, etc. Purview or compliance capabilities in Microsoft 365 differ in that their intent is meant for coarse grain control at the tenant level and fall under the scope of security and compliance admins within the organization.

SharePoint Advanced Management addresses the discrete scenarios the exist between native SharePoint controls and advanced compliance capabilities in Microsoft 365. For example:

SharePoint management capabilitiesw/o SAMW/ SAM
SharePoint active sites managementXX
External sharing policyXX
Restoring deleted sitesXX
Sharing SettingsXX
Allow access only from specific IP addressesXX
Manage user profilesXX
Restrict access from devices that aren’t compliant or joined to a domainXX
Automatically sign out users from inactive browser sessionsXX
Block access from apps can’t enforce device-based restrictionsXX
SharePoint data access governance (DAG) insightsX
Restricted access control (RAC) policy for Sites and OneDriveX
Restricted access control (RAC) policy for OneDriveX
Block download policy for SharePoint sites and OneDriveX
Recent SharePoint admin actionsX
Conditional access policy for SharePoint sitesX
Secure SharePoint document librariesX

SharePoint Advanced Management capabilities with E3 and E5 compliance capabilities in Microsoft 365:

SAME3E5 or E5 Compliance or E3 + Advanced Compliance
SharePoint data access governance (DAG) insightsXX
Restricted access control (RAC) policy for Sites and OneDriveXX
Restricted access control (RAC) policy for OneDriveXX
Block download policy for SharePoint sites and OneDriveXX
Recent SharePoint admin actionsXX
Conditional access policy for SharePoint sites through SPO Admin PowerShellX (Requires AAD P1 as pre-requisite)X (Requires AAD P1 as pre-requisite) *
Secure SharePoint document librariesX

* If you have E5 or E5 compliance, you can configure this policy through sensitivity labels too.

Who needs a license to use SharePoint Advanced Management SharePoint Advanced Management is a per-user license. To use SharePoint Advanced Management, you must have a license for each user in your organization. (It’s not required for guests.) Users must also be licensed for SharePoint K, P1, or P2 via standalone or a Microsoft 365 suite.

SharePoint Advanced Management is available for Commercial, WW Commercial Public Sector, Education, Charity, and US GCC, GCC-High, and DoD customers. To use Microsoft SharePoint Advanced Management, you must have a license for each user.

What happens if you remove SharePoint Advanced Management licenses?

If you remove all SharePoint Advanced Management licenses from your tenant at a future date (or your trial expires), users will no longer be able to generate data access governance reports, restrict OneDrive access by security group, review recent SharePoint site actions, manage site access based on security label, configure a default sensitivity label for a SharePoint document library, restrict access control for SharePoint sites or block the download of files from a SharePoint site or OneDrive.

Data access governance reports and anything SharePoint Advanced Management has previously processed will remain available.

Resources

Learn more about SharePoint Advanced Management at https://learn.microsoft.com/sharepoint/advanced-management.

Learn more about Microsoft 365 E5 Compliance at https://www.microsoft.com/security/business/compliance/e5-compliance?activetab=pivot%3aoverviewtab.

| | Permalink to this article
Fingerprint for this article370602912cec83227f3845733c1f835e
 
 

Comments

 
 
Skip to footer

Social Links