Control 4.5: SharePoint Security and Compliance Monitoring - Portal Walkthrough
This playbook provides portal configuration guidance for Control 4.5.
Prerequisites
Before starting, ensure you have:
- SharePoint Admin role assigned
- SharePoint Advanced Management license (for Agent insights)
- Unified audit logging enabled in Microsoft Purview
Step 1: Enable Reporting Access
Ensure appropriate access for monitoring personnel:
- Assign SharePoint Admin role for full admin center access
- For read-only access: Assign Reports Reader role
- Verify access to SharePoint Admin Center at admin.sharepoint.com
Step 2: Configure Agent Insights Monitoring
Establish agent monitoring:
- Navigate to SharePoint Admin Center
- Go to Reports > Agent insights
- Click View reports under "SharePoint agents"
- Review agent list and document findings
- Click View reports under "Agent access"
- Identify agents accessing sensitive sites
- Cross-reference with governance approval records
Step 3: Establish Data Access Governance Baseline
Create baseline reports:
- Navigate to Reports > Data access governance
- Click Get started to run initial assessment
- Generate all snapshot reports:
- Site permissions across your organization
- User permissions
- Sensitivity labels
- Export reports for baseline documentation
- Identify immediate remediation items
Step 4: Configure Advanced Management Assessments
Run Copilot readiness assessment:
- Navigate to Advanced management > Overview
- Click Start assessment
- Review Site lifecycle results:
- Site inactivity
- Missing site ownership
- Review Oversharing results:
- Broken permission inheritance
- Org-wide site permissions
- Organization and anyone sharing links
- Click View recommendations for remediation guidance
Step 5: Review Home Dashboard
The SharePoint Admin Center home dashboard provides at-a-glance metrics:
- Navigate to Home in SharePoint Admin Center
- Review dashboard cards:
- Sensitivity labels across sites (labeled vs. unlabeled)
- Information barriers status
- OneDrive file activity
- Message center announcements
- Subscribe to relevant message center notifications
Step 6: Establish Monitoring Cadence
Create monitoring schedule:
| Activity | Frequency | Responsible Role |
|---|---|---|
| Dashboard review | Daily | SharePoint Admin |
| Agent insights review | Weekly | AI Governance Lead |
| Data access reports | Monthly | Compliance |
| Advanced assessments | Quarterly | Governance Committee |
| Comprehensive audit | Annually | Internal Audit |
Governance Level Configurations
Baseline (Level 1)
| Setting | Value |
|---|---|
| Agent activity monitoring | Monthly review of Agent insights |
| Dashboard review | Weekly review of Home dashboard |
| Security event awareness | Subscribe to Message center |
Recommended (Level 2-3)
| Setting | Value |
|---|---|
| Agent access review | Weekly Agent access report |
| Data access governance | Monthly permissions/sharing review |
| Oversharing assessments | Quarterly |
| Compliance dashboard | Custom monitoring dashboard |
Regulated (Level 4)
| Setting | Value |
|---|---|
| Real-time threat monitoring | Microsoft Sentinel integration |
| SOC integration | Alert SOC on security events |
| Automated response | Containment actions configured |
| Audit trail | Per-regulation retention |
Validation
After completing the configuration, verify:
- SharePoint Admin and Reports Reader roles assigned to monitoring personnel
- Agent insights reports accessible in SharePoint Admin Center > Reports
- Data Access Governance baseline reports generated and exported
- Monitoring cadence documented with responsible roles assigned
Expected Result: SharePoint monitoring dashboards provide visibility into agent access patterns, oversharing risks, and security posture.
Back to Control 4.5 | PowerShell Setup | Verification Testing | Troubleshooting
Updated: January 2026 | Version: v1.2