Basics of Microsoft Entra ID

 

Microsoft Entra ID

Microsoft Entra ID is Microsoft's cloud-based Identity and Access Management (IAM)

platform that provides authentication, authorization, access control, and security for

Microsoft 365, Azure, and thousands of third-party applications.

Think of Entra ID as the security gatekeeper of Microsoft 365.

 

What is Identity and Access Management (IAM)?

IAM answers two questions:

1. Who are you?

(Authentication)

Example:

Username: ramesh@company.com
Password: ********

Entra ID verifies the identity.

 

2. What can you access?

(Authorization)

Example:

Ramesh
├── SharePoint Access
├── Teams Access
├── Outlook Access
└── HR Portal Access

Entra ID determines permissions.

 

Why Microsoft Entra ID is Important

Without Entra ID:

SharePoint → Separate Login
Teams → Separate Login
Exchange → Separate Login
Power BI → Separate Login

With Entra ID:

Single Sign-On (SSO)

One Login
    ↓
SharePoint
Teams
Exchange
OneDrive
Power BI

 

Core Components of Entra ID

1. Users

Represents employees, contractors, vendors, and service accounts.

Example

ramesh@company.com
john@company.com
vendor@partner.com

PowerShell

Get-MgUser

 

2. Groups

Used to manage permissions efficiently.

Example

HR Team
Finance Team
SharePoint Admins
Project Team

Instead of assigning permissions to 100 users, assign one group.

PowerShell

Get-MgGroup

 

3. Applications

Applications registered in Entra ID.

Examples

• Microsoft Teams
• SharePoint Online
• Salesforce
• ServiceNow

 

4. Devices

Managed corporate devices.

Examples

Windows Laptop
Android Phone
iPhone
MacBook

Benefits

• Device Compliance
• Conditional Access
• Security Enforcement

 

Authentication Methods

 

Password Authentication

Traditional login.

Username + Password

Challenge

Weak passwords.

 

Multi-Factor Authentication (MFA)

Requires additional verification.

Example

Password
    +
Mobile Approval

Benefits

Even if password is stolen, access is blocked.

 

Passwordless Authentication

Methods:

• Microsoft Authenticator
• FIDO2 Security Keys
• Windows Hello

Example

Fingerprint
Face Recognition
PIN

 

Single Sign-On (SSO)

What is SSO?

One login provides access to multiple applications.

Example

Login Once
      ↓
SharePoint
Teams
Exchange
OneDrive
Power BI

Benefits

✅ Better User Experience

✅ Fewer Password Resets

✅ Improved Productivity

 

Conditional Access

One of the most important Entra ID security features.

Purpose

Control access based on conditions.

Example Policy

If User Outside India
          ↓
Require MFA

Example Policy

If Device Non-Compliant
          ↓
Block Access

Example Policy

If High Risk Login
          ↓
Block Login

 

Real-Time Conditional Access Scenarios

Scenario 1

Employee login from office.

Location: Hyderabad
Device: Managed Laptop

Result:
Allow Access

 

Scenario 2

Employee login from unknown country.

Location: Russia

Result:
Require MFA

 

Scenario 3

Unknown device login.

Personal Device

Result:
Limited Access

 

Role-Based Access Control (RBAC)

Assign permissions based on roles.

 

Common Roles

Global Administrator

Highest privilege.

Can manage:

• Users
• Groups
• Licenses
• Security

 

SharePoint Administrator

Manages:

• Sites
• Storage
• Sharing

 

Exchange Administrator

Manages:

• Mailboxes
• Mail Flow
• Email Security

 

Teams Administrator

Manages:

• Teams
• Channels
• Policies

 

User Administrator

Manages:

• User Accounts
• Password Resets

 

Identity Protection

Protects against compromised identities.

 

Risk Detection

Detects:

Impossible Travel
Anonymous IP
Malicious IP
Leaked Credentials

Example

10:00 AM India Login
10:15 AM USA Login

Impossible travel detected.

 

Self-Service Password Reset (SSPR)

Users reset passwords without IT support.

Process

Forgot Password
      ↓
Verify Mobile
      ↓
Reset Password

Benefits

Reduced helpdesk tickets.

 

External Users (B2B Collaboration)

Invite external users.

Example

vendor@gmail.com
consultant@partner.com

Usage

• SharePoint Collaboration
• Teams Collaboration

 

B2C (Customer Identity)

Customer-facing applications.

Example

E-commerce website login.

Google Login
Facebook Login
Microsoft Login

 

Dynamic Groups

Automatic group membership.

Example Rule

Department = HR

All HR users automatically join HR group.

 

Privileged Identity Management (PIM)

Provides Just-In-Time (JIT) administrative access.

Traditional

Global Admin = Permanent

PIM

User Requests Access
        ↓
Approval
        ↓
Temporary Access

Benefits

Reduces security risk.

 

Microsoft 365 Integration

Entra ID is the backbone of:

• SharePoint Online
• Exchange Online
• Microsoft Teams
• OneDrive for Business
• Microsoft Intune
• Power BI

 

Real-Time SharePoint Online Scenario

Requirement

Only QA team should access GxP documents.

Solution

Create Group:

QA_GxP_Users

Assign group permission:

QA_GxP_Users
       ↓
SharePoint Library

When employee joins QA:

Add User to Group

Access granted automatically.

 

Daily Administrative Tasks

User Management

Get-MgUser
New-MgUser
Update-MgUser
Remove-MgUser

 

Group Management

Get-MgGroup
New-MgGroup
Remove-MgGroup

 

License Management

Get-MgSubscribedSku
Set-MgUserLicense

 

Security Monitoring

Get-MgAuditLogSignIn

 

Conditional Access

Get-MgIdentityConditionalAccessPolicy

 

Advantages of Entra ID

Security

✅ MFA

✅ Conditional Access

✅ Identity Protection

 

Productivity

✅ Single Sign-On

✅ Self-Service Password Reset

 

Governance

✅ RBAC

✅ PIM

✅ Audit Logs

 

Integration

✅ Microsoft 365

✅ Azure

✅ Salesforce

✅ ServiceNow

Thousands of SaaS applications.

 

Limitations and Challenges

Licensing Complexity

Advanced features require:

• Entra ID P1
• Entra ID P2

 

Conditional Access Complexity

Poorly designed policies can lock out users.

 

Guest User Governance

External users require regular review.

 

Large Enterprise Challenges

Managing:

100,000+
Users
Thousands of Groups
Thousands of Applications

requires strong governance.

 

Microsoft 365 Workloads – Daily Used PowerShell Commands

 Microsoft 365 Workloads – Daily Used PowerShell Commands

As an M365 Administrator, SharePoint Administrator, or Collaboration Engineer, these are the most frequently used PowerShell commands across major Microsoft 365 workloads.

 

1. Microsoft Entra ID (Azure AD)

Module:

Microsoft.Graph

Connect

Connect-MgGraph -Scopes "User.Read.All","Group.Read.All"

Get Users

Get-MgUser

Get Specific User

Get-MgUser -UserId user@contoso.com

Create User

New-MgUser

Disable User

Update-MgUser -UserId user@contoso.com -AccountEnabled:$false

Get Groups

Get-MgGroup

Add User to Group

New-MgGroupMember

Remove User from Group

Remove-MgGroupMemberByRef

Get Licenses

Get-MgSubscribedSku

Assign License

Set-MgUserLicense

 

2. SharePoint Online

SharePoint Online

Module:

Microsoft.Online.SharePoint.PowerShell
PnP.PowerShell

Connect

Connect-SPOService -Url https://tenant-admin.sharepoint.com

Get Tenant Settings

Get-SPOTenant

Get All Sites

Get-SPOSite -Limit All

Create Site

New-SPOSite

Remove Site

Remove-SPOSite

Restore Site

Restore-SPODeletedSite

Get Site Admins

Get-SPOUser

Set Site Collection Admin

Set-SPOUser

Lock Site

Set-SPOSite -LockState ReadOnly

External Sharing

Set-SPOSite -SharingCapability Disabled

 

PnP PowerShell

Connect

Connect-PnPOnline -Url https://tenant.sharepoint.com -Interactive

Get Libraries

Get-PnPList

Create Library

New-PnPList

Upload File

Add-PnPFile

Download File

Get-PnPFile

Create Column

Add-PnPField

Create Content Type

Add-PnPContentType

 

3. Exchange Online

Exchange Online

Module:

ExchangeOnlineManagement

Connect

Connect-ExchangeOnline

Get Mailboxes

Get-Mailbox

Get Mailbox Statistics

Get-MailboxStatistics

Create Shared Mailbox

New-Mailbox -Shared

Get Shared Mailboxes

Get-Mailbox -RecipientTypeDetails SharedMailbox

Add Mailbox Permission

Add-MailboxPermission

Remove Mailbox Permission

Remove-MailboxPermission

Create Distribution Group

New-DistributionGroup

Get Distribution Groups

Get-DistributionGroup

Add Group Member

Add-DistributionGroupMember

Mail Trace

Get-MessageTrace

Mail Flow Rules

Get-TransportRule

 

4. Microsoft Teams

Microsoft Teams

Module:

MicrosoftTeams

Connect

Connect-MicrosoftTeams

Get Teams

Get-Team

Create Team

New-Team

Add User

Add-TeamUser

Remove User

Remove-TeamUser

Get Team Members

Get-TeamUser

Get Channels

Get-TeamChannel

Create Channel

New-TeamChannel

Get Teams Policies

Get-CsTeamsMeetingPolicy

 

5. OneDrive for Business

OneDrive for Business

Uses SPO commands because OneDrive is built on SharePoint.

Get OneDrive Sites

Get-SPOSite -IncludePersonalSite $true

Get Specific OneDrive

Get-SPOSite -Identity https://tenant-my.sharepoint.com/personal/user

Set Storage Quota

Set-SPOSite

Restore OneDrive

Restore-SPODeletedSite

 

6. Microsoft Purview (Compliance Center)

Microsoft Purview

Module:

ExchangeOnlineManagement
IPPSSession

Connect

Connect-IPPSSession

Get Retention Policies

Get-RetentionCompliancePolicy

Get Retention Labels

Get-ComplianceTag

Get DLP Policies

Get-DlpCompliancePolicy

Get DLP Rules

Get-DlpComplianceRule

Content Search

Get-ComplianceSearch

Start Search

Start-ComplianceSearch

Audit Log Search

Search-UnifiedAuditLog

 

7. Microsoft Intune

Microsoft Intune

Module:

Microsoft.Graph

Connect

Connect-MgGraph

Managed Devices

Get-MgDeviceManagementManagedDevice

Compliance Policies

Get-MgDeviceManagementDeviceCompliancePolicy

Configuration Profiles

Get-MgDeviceManagementDeviceConfiguration

Remote Wipe

Invoke-MgDeviceManagementManagedDeviceWipe

 

8. Power Platform

Power Apps

Module:

Microsoft.PowerApps.Administration.PowerShell

Connect

Add-PowerAppsAccount

Get Apps

Get-AdminPowerApp

Get Environments

Get-AdminPowerAppEnvironment

Get Connectors

Get-AdminPowerAppConnector

 

9. Power Automate

Get Flows

Get-AdminFlow

Get Flow Details

Get-Flow

Disable Flow

Disable-AdminFlow

 

10. Microsoft 365 Groups

Get Groups

Get-UnifiedGroup

Create Group

New-UnifiedGroup

Add Member

Add-UnifiedGroupLinks

Remove Member

Remove-UnifiedGroupLinks

 

11. Licensing

View Licenses

Get-MgSubscribedSku

View User Licenses

Get-MgUserLicenseDetail

Assign License

Set-MgUserLicense

Remove License

Set-MgUserLicense

 

12. Security & Defender

Microsoft Defender for Office 365

Connect

Connect-ExchangeOnline

Safe Attachments

Get-SafeAttachmentPolicy

Safe Links

Get-SafeLinksPolicy

Anti-Spam Policies

Get-HostedContentFilterPolicy

Quarantine Messages

Get-QuarantineMessage

 

Daily Commands Used Most by M365 Administrators

Workload	Daily Commands
Entra ID	Get-MgUser, Get-MgGroup, Set-MgUserLicense
SharePoint Online	Get-SPOSite, Get-SPOUser, Set-SPOSite
Exchange Online	Get-Mailbox, Get-MessageTrace, Add-MailboxPermission
Teams	Get-Team, Add-TeamUser, Get-TeamChannel
OneDrive	Get-SPOSite -IncludePersonalSite
Purview	Search-UnifiedAuditLog, Get-DlpCompliancePolicy
Intune	Get-MgDeviceManagementManagedDevice
Power Apps	Get-AdminPowerApp
Power Automate	Get-AdminFlow
Licensing	Get-MgSubscribedSku
Security	Get-QuarantineMessage

Daily - SharePoint Online PowerShell Tasks

 Daily - SharePoint Online PowerShell Tasks

SharePoint Online PowerShell Tasks with Real-Time Examples

For SharePoint Online administration, the most commonly used modules are:

1. SharePoint Online Management Shell
2. PnP PowerShell (Recommended by Microsoft)
3. Microsoft Graph PowerShell (for advanced M365 administration)

 

1. Connect to SharePoint Online Admin Center

Task

Connect to the SharePoint Online tenant.

Connect-SPOService -Url https://contoso-admin.sharepoint.com

Verify Connection

Get-SPOTenant

Real-Time Use

Daily administration tasks require connecting to the tenant before executing commands.

 

2. List All SharePoint Sites

Task

Retrieve all site collections.

Get-SPOSite

Large Environment

Get-SPOSite -Limit All

Output

HR Site
Finance Site
IT Site
Projects Site

Real-Time Use

Site inventory and governance audits.

 

3. Create a New Site Collection

Task

New-SPOSite `
-Url https://contoso.sharepoint.com/sites/HR `
-Owner admin@contoso.com `
-StorageQuota 1024 `
-Title "HR Portal"

Real-Time Use

Creating department sites.

 

4. Get Site Storage Usage

Get-SPOSite | Select URL, StorageUsageCurrent

Real-Time Use

Monitor storage consumption.

 

5. Find Sites Larger Than 50 GB

Get-SPOSite -Limit All |
Where-Object {$_.StorageUsageCurrent -gt 51200}

Real-Time Use

Capacity planning.

 

6. Change Site Collection Administrator

Set-SPOUser `
-Site https://contoso.sharepoint.com/sites/HR `
-LoginName admin@contoso.com `
-IsSiteCollectionAdmin $true

Real-Time Use

Ownership changes.

 

7. Add Site Collection Admin

Set-SPOUser `
-Site https://contoso.sharepoint.com/sites/Projects `
-LoginName manager@contoso.com `
-IsSiteCollectionAdmin $true

 

8. Remove Site Collection Admin

Set-SPOUser `
-Site https://contoso.sharepoint.com/sites/Projects `
-LoginName manager@contoso.com `
-IsSiteCollectionAdmin $false

 

9. Lock a Site Collection

Read Only

Set-SPOSite `
-Identity https://contoso.sharepoint.com/sites/Finance `
-LockState ReadOnly

Real-Time Use

Compliance audits.

 

10. Unlock Site Collection

Set-SPOSite `
-Identity https://contoso.sharepoint.com/sites/Finance `
-LockState Unlock

 

11. Enable External Sharing

Set-SPOSite `
-Identity https://contoso.sharepoint.com/sites/Vendors `
-SharingCapability ExternalUserSharingOnly

Real-Time Use

Vendor collaboration.

 

12. Disable External Sharing

Set-SPOSite `
-Identity https://contoso.sharepoint.com/sites/HR `
-SharingCapability Disabled

 

13. Get Site Owners

Using PnP PowerShell:

Connect-PnPOnline -Url https://contoso.sharepoint.com/sites/HR -Interactive

Get-PnPGroup

 

14. List All Site Members

Get-PnPGroupMembers -Identity "Members"

 

15. Create SharePoint Group

New-PnPGroup -Title "HR Approvers"

 

16. Add User to Group

Add-PnPGroupMember `
-LoginName user@contoso.com `
-Identity "HR Approvers"

 

17. Remove User from Group

Remove-PnPGroupMember `
-LoginName user@contoso.com `
-Identity "HR Approvers"

 

18. Get All Document Libraries

Get-PnPList |
Where-Object {$_.BaseType -eq "DocumentLibrary"}

Real-Time Use

Library audits.

 

19. Create Document Library

New-PnPList `
-Title "SOP Documents" `
-Template DocumentLibrary

 

20. Upload File

Add-PnPFile `
-Path "C:\Documents\SOP001.docx" `
-Folder "Shared Documents"

 

21. Download File

Get-PnPFile `
-Url "/sites/HR/Shared Documents/SOP001.docx" `
-Path "C:\Backup" `
-AsFile

 

22. Create Custom Column

Add-PnPField `
-DisplayName "Department" `
-InternalName Department `
-Type Choice

 

23. Create Content Type

Add-PnPContentType `
-Name "SOP Document" `
-Group "Corporate Content Types"

Real-Time Use

ECM implementations.

 

24. Get List Items

Get-PnPListItem `
-List "SOP Documents"

 

25. Delete List Item

Remove-PnPListItem `
-List "SOP Documents" `
-Identity 10

 

26. Get Site Permissions

Get-PnPWebPermission

 

27. Export Site Permissions

Get-PnPWebPermission |
Export-Csv "C:\Reports\Permissions.csv" -NoTypeInformation

Real-Time Use

Security audits.

 

28. Get All Site Collections Report

Get-SPOSite -Limit All |
Select URL, Title, Owner, StorageUsageCurrent |
Export-Csv "C:\Reports\AllSites.csv" -NoTypeInformation

 

29. Find Inactive Sites

Get-SPOSite -Limit All |
Select Url, LastContentModifiedDate

Real-Time Use

Site lifecycle management.

 

30. Delete Site Collection

Remove-SPOSite `
-Identity https://contoso.sharepoint.com/sites/TestSite

 

31. Restore Deleted Site

Restore-SPODeletedSite `
-Identity https://contoso.sharepoint.com/sites/TestSite

 

32. Get Deleted Sites

Get-SPODeletedSite

 

33. Enable Versioning on Library

Set-PnPList `
-Identity "Documents" `
-EnableVersioning $true

 

34. Enable Major and Minor Versions

Set-PnPList `
-Identity "Documents" `
-EnableMinorVersions $true

 

35. Bulk Add Site Collection Admin

$Sites = Get-SPOSite -Limit All

foreach($Site in $Sites)
{
    Set-SPOUser `
    -Site $Site.Url `
    -LoginName admin@contoso.com `
    -IsSiteCollectionAdmin $true
}

Real-Time Scenario

Emergency administrative access across all sites.

 

36. Generate Storage Report

Get-SPOSite -Limit All |
Select Url,
StorageQuota,
StorageUsageCurrent |
Export-Csv "C:\Reports\Storage.csv" -NoTypeInformation

 

37. Bulk Check External Sharing

Get-SPOSite -Limit All |
Select Url, SharingCapability

 

38. Connect Using Modern Authentication

Connect-PnPOnline `
-Url https://contoso.sharepoint.com `
-Interactive

 

39. Get Hub Sites

Get-PnPHubSite

 

40. Register Hub Site

Register-PnPHubSite `
-Site https://contoso.sharepoint.com/sites/Corporate

 

Top 10 Most Frequently Used SPO Admin Tasks in Production

Task	Frequency
Site Creation	Daily
Permission Management	Daily
Site Collection Admin Changes	Daily
Storage Monitoring	Weekly
External Sharing Review	Weekly
Library Administration	Weekly
Metadata Management	Weekly
Site Reports	Weekly
Compliance Audits	Monthly
Site Cleanup	Monthly

SharePoint online Advantages , Features , Limitations and Challenges

 

SharePoint Online (SPO) – Detailed Explanation

SharePoint Online is Microsoft's cloud-based collaboration, content management, document management, and intranet platform that is part of Microsoft 365.

Organizations use SharePoint Online to store, manage, secure, share, and collaborate on documents and business information from anywhere.

 

What is SharePoint Online?

SharePoint Online is a SaaS (Software as a Service) offering where Microsoft manages:

• Infrastructure
• Servers
• Storage
• Security updates
• Patching
• High Availability
• Disaster Recovery

Unlike on-premises SharePoint, organizations do not maintain servers or databases.

 

Major Business Use Cases

1. Enterprise Content Management (ECM)

Store and manage:

• SOPs
• Policies
• Procedures
• Quality Documents
• Training Documents
• Regulatory Documents

Example

Pharmaceutical company:

Quality Management System
 ├── SOPs
 ├── Work Instructions
 ├── Training Records
 └── Regulatory Documents

 

2. Document Management System (DMS)

Manage:

• Version Control
• Approvals
• Check-In/Check-Out
• Metadata
• Retention

Example

Document Lifecycle:

Draft
 ↓
Review
 ↓
Approval
 ↓
Published
 ↓
Archived

 

3. Intranet Portal

Employee Portal containing:

• Company News
• HR Policies
• Announcements
• Events
• Training Materials

Example

Corporate Intranet:

Home
 ├── HR
 ├── IT
 ├── Finance
 ├── Operations
 └── Learning Center

 

4. Collaboration Platform

Teams collaborate on:

• Documents
• Projects
• Meetings
• Discussions

 

Core Features of SharePoint Online

 

1. Document Libraries

Central repository for files.

Features

• Versioning
• Metadata
• Search
• Permissions
• Co-authoring

Example

Clinical Documents Library
 ├── Protocols
 ├── SOPs
 ├── Reports
 └── Training Records

 

2. Version Control

Tracks document changes.

Example

Version 1.0 Draft
Version 2.0 Review
Version 3.0 Approved
Version 4.0 Updated

Benefits

• Auditability
• Rollback capability
• Compliance support

 

3. Metadata Management

Instead of folders, documents can be categorized using metadata.

Example

Document	Department	Status
SOP001	QA	Approved
SOP002	QA	Draft
SOP003	IT	Approved

Benefits

• Better Search
• Faster Retrieval
• Easier Classification

 

4. Content Types

Standardize document structures.

Example

Content Type:

SOP
 ├── SOP Number
 ├── Department
 ├── Effective Date
 └── Review Date

 

5. Search

Enterprise-wide search capability.

Search by:

• Keywords
• Metadata
• Author
• Content
• Site

Benefits

• Quick document discovery
• Productivity improvement

 

6. Co-Authoring

Multiple users edit documents simultaneously.

Example

Three users editing:

Policy.docx

at the same time without conflicts.

 

7. Site Collections and Sites

Types

• Communication Sites
• Team Sites
• Hub Sites

Example

Corporate Hub
 ├── HR Site
 ├── Finance Site
 ├── IT Site
 └── QA Site

 

8. Power Automate Integration

Workflow automation.

Example

Document Approval Workflow:

Upload Document
       ↓
Manager Review
       ↓
QA Approval
       ↓
Publish

 

9. Microsoft Teams Integration

Documents stored in Teams channels are actually stored in SharePoint Online.

Benefits

• Collaboration
• Document Management
• Versioning

 

10. Microsoft Purview Integration

Supports:

• DLP
• Retention
• Records Management
• Sensitivity Labels

Example

Confidential document automatically receives:

Highly Confidential Label

 

Advantages of SharePoint Online

 

1. No Infrastructure Management

Microsoft handles:

• Servers
• Storage
• SQL Databases
• Patching

Benefit

Reduced operational overhead.

 

2. High Availability

Microsoft provides highly available cloud infrastructure.

Benefit

Minimal downtime.

 

3. Automatic Updates

New features are delivered automatically.

Example

Users receive new Microsoft 365 features without upgrade projects.

 

4. Anywhere Access

Access from:

• Laptop
• Mobile
• Tablet

using internet connectivity.

 

5. Strong Security

Includes:

• MFA
• Conditional Access
• Encryption
• Compliance Controls

through Microsoft Entra ID and Microsoft Purview.

 

6. Scalability

Can support:

• Small businesses
• Large enterprises
• Global organizations

 

7. Enterprise Search

Find content quickly across:

• Sites
• Libraries
• Pages
• Documents

 

8. Seamless Microsoft 365 Integration

Works with:

• Microsoft Teams
• OneDrive for Business
• Power Automate
• Power Apps
• Power BI

 

9. Compliance Ready

Supports:

• GDPR
• GxP
• HIPAA
• ISO 27001
• FDA 21 CFR Part 11 (with proper controls)

 

10. Cost Optimization

No need for:

• SharePoint Servers
• SQL Servers
• Storage Infrastructure
• DR Datacenters

 

Limitations of SharePoint Online

 

1. Limited Server-Level Access

Administrators cannot access:

• SharePoint Servers
• SQL Databases
• IIS

Impact

Cannot perform custom server-level troubleshooting.

 

2. No Farm Solutions

Full Trust Solutions are not supported.

Example

Legacy SharePoint 2010 custom solutions cannot be migrated directly.

 

3. Large List Threshold

Typically around 5,000-item view threshold considerations.

Impact

Poorly designed lists may face performance issues.

Mitigation

• Index Columns
• Metadata Navigation
• Filtered Views

 

4. Limited Customization

Compared to on-premises SharePoint.

Not Allowed

• Server-side code
• Direct database changes
• Custom timer jobs

 

5. Microsoft Controlled Updates

Updates are automatic.

Challenge

Unexpected UI or functionality changes.

 

6. Dependency on Internet

No internet means limited access.

Impact

Remote locations may face issues.

 

7. Storage Costs

Large repositories can increase Microsoft 365 storage costs.

Example

TBs of historical documents.

 

Real-World Challenges in SharePoint Online

 

Challenge 1: Migration from Legacy Systems

Source Systems

• File Shares
• SharePoint 2010
• SharePoint 2013
• Documentum
• OpenText

Issues

• Metadata mapping
• Permissions migration
• Broken links

Solution

Tools such as:

• ShareGate
• Microsoft Migration Manager

 

Challenge 2: Poor Information Architecture

Problem

Users create many sites without governance.

Site1
Site2
Site3
Site1000

Impact

Search becomes ineffective.

Solution

• Hub Sites
• Taxonomy
• Governance Policies

 

Challenge 3: Permission Sprawl

Problem

Unique permissions everywhere.

Library
  ↓
Folder
    ↓
Document

Impact

Difficult auditing.

Solution

Role-based access model.

 

Challenge 4: Metadata Adoption

Problem

Users prefer folders.

Impact

Poor search experience.

Solution

Training and mandatory metadata.

 

Challenge 5: Compliance Requirements

Industries:

• Pharma
• Healthcare
• Banking

need strict controls.

Solution

• Retention Labels
• DLP Policies
• Sensitivity Labels
• Audit Logging

 

Challenge 6: Large Repository Performance

Example

Millions of documents.

Issues

• Search delays
• Indexing delays
• User complaints

Solution

• Content partitioning
• Metadata architecture
• Hub-based design

 

Challenge 7: External Sharing Risks

Risk

Users sharing sensitive files externally.

Solution

• Conditional Access
• DLP
• Guest Access Controls
• Sensitivity Labels

 

SharePoint Online Best Practices

Governance

• Naming Standards
• Site Lifecycle Policies
• Ownership Assignment

Security

• Least Privilege Access
• MFA
• Conditional Access

Performance

• Metadata instead of deep folders
• Indexed columns
• Smaller libraries where practical

Compliance

• Retention Policies
• DLP
• Sensitivity Labels
• Audit Logging

Operations

• Storage Monitoring
• Permission Reviews
• Site Usage Reports