Skip to main content

Introducing new learning courses and educational videos from Apress. Start watching

Book cover

Office 365 pp 179–275Cite as


SharePoint Administration Guide

  • Chapter
  • Open Access
  • First Online:
  • 44k Accesses


This chapter introduces SharePoint Online concepts and describes many of the methods that SharePoint Administrators may use to control and modify their site collections and sites. The information in this chapter will allow you to create sites and control access, and to use settings that control various features of SharePoint. We will take you through creating a sample site with designed permissions.


  • Site Collection
  • Project Site
  • Site Content
  • Security Group
  • External User

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This chapter introduces SharePoint Online concepts and describes many of the methods that SharePoint Administrators may use to control and modify their site collections and sites. The information in this chapter will allow you to create sites and control access, and to use settings that control various features of SharePoint. We will take you through creating a sample site with designed permissions.

Note that the control by SharePoint Administrators (and delegates) only applies to the features and structure of SharePoint. There are separate Administrators for other Office 365 components.

This is not a chapter on using SharePoint. The “user” SharePoint features that are generally available to people using the system are described in Chapter 2.

SharePoint Administration Chapter Structure

Not every feature of SharePoint Online is described here. Our goal is to provide an overview of the key terms and features that a SharePoint Administrator will need to configure and control their site. SharePoint is a very large topic. There are numerous books written about SharePoint. There is also quite a bit of information in the Office 365 community and on the Web in general.

This overview section covers the following topics:

  • Introduction to Office 365 SharePoint

  • Description of SharePoint (what it is and is not)

  • SharePoint definitions

The rest of this chapter is in three parts:

  • The “Planning, Governance, and Initial Setup” section introduces planning for a SharePoint implementation and additional definitions (such as types of Administrators)

  • Site-related Administration functions

  • Site and Site Collection Administrator functions

The SharePoint site-related Administration functions may be used by the associated Site Administrator or delegated to a user with permissions. This section has further subsections.

  • “Building Your SharePoint Structure”

  • “SharePoint Permissions and Groups”

  • “Site Editing”

  • “Creating a Project Site”

The following sections are for Site and Site Collection Administrators:

  • “SharePoint Admin Center”

  • “Additional Administrator Concepts and Tools”

  • “Initial SharePoint Setup”

The information contained in this chapter is based on the most common questions that we have been asked about Office 365 SharePoint in our deployments.

Introduction to Office 365 SharePoint

Office 365 Hosted SharePoint (SharePoint Online) is a part of a set of three product families: Small Business, Midsize Business, and Enterprise Business/Exchange Online/Kiosk (see Figure 5-1). Office 365 Hosted SharePoint is Microsoft SharePoint. The major difference is that Microsoft administers and maintains all of the back-end servers, operating systems, SharePoint Server software, interconnects, geo-redundancy, and network structure. SharePoint licensing is included in the Small Business, Midsize Business, and Enterprise Business E1, E3, and E4 plans (and to a limited extent in some of the Kiosk plans). The concepts discussed in this chapter generally apply to all of these versions of Office 365 SharePoint, but these configurations have only been tested with the Enterprise version.

Figure 5-1.
figure 1

SharePoint plans (courtesy of Microsoft)

There are several notes with Figure 5-1:

  1. 1.

    SharePoint Plan 1 and Plan 2 and Kiosk K1 and K2 are part of Enterprise.

  2. 2.

    The first license creates a 10GB Team Site. Additional licensed users (except K1 and K2) add 500MB each to the Team Site storage allocation (you can buy more, up to 25TB).

  3. 3.

    SkyDrive Pro sites are 25 to 100GB per license. SkyDrive Pro is a type of SharePoint site, allocated and controlled by a particular user.

  4. 4.

    Web editing is allowed for SharePoint Plan 1 and 2 for an additional $2/month.

What is SharePoint?

SharePoint is Microsoft’s document storage and content management tool. SharePoint was first released in 2001. Originally, SharePoint was used as an enterprise’s on-premises “intranet.” SharePoint was included in Small Business Server and in the original Microsoft Cloud offering, BPOS. The version with Office 365 is SharePoint Online.

SharePoint is fundamentally a web server that presents web pages to your browser (Internet Explorer, Firefox, Chrome, Safari, etc.). The SharePoint data (structure, permissions, sites, your documents, etc.) is hosted on SQL servers that are maintained by Microsoft within their secure environment.

This allows people to read, edit, and create pages and sites and to control administrative settings depending upon their permissions. Chapter 2 includes descriptions of tasks that everyone will normally do (add documents to SharePoint, create and edit documents locally or in the cloud). This chapter includes descriptions of how to create sites, site features, and up to full site collection Administration features.


Because your data is present through a URL, you can set a Bookmark or Favorites to go to a particular SharePoint page.

Microsoft has a stated and executed intention of Cloud First. This means that the SharePoint that is available with Office 365 (Wave 15) is SharePoint 2013 Enterprise with more extensions and features. The limits of SharePoint Online (compared to the on-premises Enterprise version) are related to the fact that the Online version shares the SharePoint farm with other users (shared tenancy). Two examples are limited control of searching (to limit resource consumption) and Sandbox only (no full-trust solutions).

When you add in the feature that you can be up and running in SharePoint Online (in the very latest version) in one day, your SharePoint Online version might be three to six years ahead of your on-premises functionality!

With SharePoint Online:

  • Your data is stored and organized in one place.

  • Your data is available from anywhere you choose.

  • Microsoft takes care of operating details such as sizing the equipment, backups, geo-redundancy, equipment upgrades, equipment failures, software and network failures, software patches, etc.

SharePoint Online provides:

  • Tools for collaboration, synchronization, projects, and robust searching.

  • Tools to maintain the one version of your document, and to make it easy to find and share; no long do you have to chase down who has the latest version of your document.

  • Tools to share your documents and build your team; share your company picnic pictures, your company calendar; engage your employees! Create and share your best practices within your enterprise, or with your suppliers and customers.

  • Tools to build internal web (intranet) portals and public-facing web sites.

  • Familiar Office tools to create and edit your SharePoint documents from anywhere on any device.

SharePoint Online benefits include:

  • Helping your Sales and Marketing teams work together to share ideas and improve your processes.

  • Using SharePoint and Excel Web App to share your spreadsheets so you can work together at one time to create your budgets and reports.

  • Improving your in-house support services such as IT: searchable best practices and known bugs, track requests, even remote support with tools such as Lync and Windows Intune.

  • Support for project planning and reporting; creating tasks, setting priorities, watching for missed milestones. SharePoint is the data storage for huge projects that you may manage with Microsoft Project Professional.

  • Search! Save time and find what you need.

  • Allowing for the controlled combination of security and empowering employees.

  • Dashboards: Data, Power Pivot, and Power View.

  • Workflows for automatic routing of business processes, such as training a new employee: you can use your existing forms, your employee handbook, training videos, contacts to bring new employees up to speed.

  • Using SharePoint and your other Office 365 tools such as eDiscovery to manage, protect, and control access to your critical data. You can create retention schedules. It also supports audits and discovery requests at the lowest cost.

What is SharePoint Not?

SharePoint is a place to store documents and files. SharePoint documents are indexed, backed up, and maintained according to the Office 365 service-level agreement (SLA). You do not use SharePoint for the following:

  1. 1.

    Do not use SharePoint as a place to put backups (there are size and file type limits).

  2. 2.

    Do not place huge working files that have to be moved to edit (SharePoint is a good place for archiving your larger files).

  3. 3.

    There is presently a limit of 5,000 items in a single list or document library view.

SharePoint Definitions

These words are used throughout this chapter and throughout SharePoint documentation in general. Here are summarized definitions:

  • URL: Universal Resource Locator. The specific universal address for a web page. It is essentially a specific location within a domain within the World Wide Web. This doesn’t necessarily mean that you can see it from anywhere; there can be security restrictions. For example, or .

  • Tenant: This is your Office 365 account including Hosted Exchange, Lync, SharePoint, and your Office 365 Active Directory. The first account that you create when you first purchase Office 365 is the “owner” of your tenant. This account should be an admin account, not a person. This account does not normally need an Office 365 license. Relating to SharePoint, all of your site collections are within your tenant. You can have any number of domains within your tenant (with e-mail accounts) but you will have only one root SharePoint URL: . See “Planning, Design, and Governance” for planning notes.

  • Site Collection: This is a collection of sites. With the Enterprise Plan you may have multiple site collections within your tenant. Site collections have sets of properties that are the same for all sites within a site collection, which may be different between site collections.

  • Site: A SharePoint site is a collection of SharePoint “apps” and “Web Parts” (components) such as document libraries, lists, tasks, blogs, pictures, templates, and text that are presented to a user at a particular URL as a page. A site is within a particular site collection. An example is a project site.

  • Subsite: A subsite is just a site under (within) a site. You can nest sites until you confuse yourself.

  • Page: A page is what you see with your web browser. You can have multiple pages within a site. Generally, a site presents a default page that the users will think of as “the site.”

  • Web Part: Components that can be inserted into a page (part of a site). Web Parts are very powerful and can interact with other sites and data outside of SharePoint.

  • App: A component of a site, such as a document library or list. A type of Web Part.

  • List: A set of items within a site. You can think of a list as a bunch of rows and columns with potentially a data value at the intersection, like a spreadsheet. There are specialized lists that have special properties. A list is separate from a page, but usually is displayed on a page. When you select and display a specific list, the page ribbon shows actions that can be performed on the list or items in it, such as set permissions or delete an item. Special list types include task list or calendar list.

  • Document Library: A set of documents within a site. In many ways a document library is a specialized list that contains the document and associated metadata. A document library is separate from a page, but usually is displayed on a page. When you select and display a specific document library, the page ribbon shows actions that can be performed on the document library or folders and documents within it, such as set permissions or delete an item. A document library may contain folders and documents.

  • Folder: Similar to a folder on your PC. Part of a SharePoint document library. Folders may have independent permissions. A folder contains documents.

  • Document: A Word, Excel, PowerPoint, or other type of file within a document library. A document may have independent permissions.

  • Metadata: Additional data stored about/with an item, such as the date and author of a document. The data is searchable.

  • Permissions: The “who can do it” part of SharePoint. Permissions are set on a site, list, document library, etc. Permission levels include None, Read, View, Contribute (Read and Write), and more. A particular user must have the “permission” to do that activity on that item. For example, to be able to update the item.

  • Site Contents: Contents of a site. The Site Contents page shows lists, libraries, and other apps and subsites that are associated with this site. This page is a helpful reference to your site structure. Access to this screen appears as a link on a site page, or as a drop-down choice under the Gear icon at the top right of the screen. Only items that you have permission to see will show.

  • Document Set: Document sets are a feature in SharePoint Server 2013 that enables an organization to manage a single deliverable, or work product, which can include multiple documents or files. A document set is a special kind of folder that combines unique document set attributes, the attributes and behaviors of folders and documents, and provides a user interface (UI), metadata, and object model elements to help manage all aspects of the work product. See the Reference Links page.

  • Content Type: A content type defines the attributes of a list item, a document, or a folder. There is a content type per site collection. It could be considered as a “collection of columns for re-use” in other lists or document libraries. Content types are inherited. See the Reference Links page.

  • Web site: A SharePoint web site is a specialized site collection that can be seen by the outside world (public facing) through a standard URL (such as ). You may only have one web site within your tenant.

SharePoint Planning, Governance, and Initial Setup

SharePoint is a very powerful system. With power comes opportunity and the opportunity for confusion. Thank you for being a person that wants to read about planning! To reward you, this is a short section. One could consider many of these “Best Practices.” Some are just warnings!

The key points are as follows:

  1. 1.

    Your name is your SharePoint site name: . This “xxxx” name was (or will be, if you are reading this in advance) picked at the time you signed up for Office 365. It cannot be changed. (You can get a different name, but you have to migrate your old data to the new tenant. It is not clear that you will even be able to keep your old .onmicrosoft name if you move to a different plan family (Small Business to Midsize or to Enterprise) even though Microsoft has indicated that you will be able to change your plan family. See point 2.

  2. 2.

    At KAMIND we have a few sayings including “Don’t do it” and “Just get started.” For example: “I want to save a buck and get the ‘Small Business’ plan.” Don’t do it. The savings are tiny and the limitations are large. There are even more limits with Midsize Business (no Exchange Only, no Kiosk). Just buy an Enterprise Plan. See the discussion in Chapter 3’s “Office 365 Subscription Plans” section. “Just get started” basically means don’t over-plan. This is especially true when you are implementing Office 365 for the first time and migrating your e-mail; see Chapter 4.

  3. 3.

    Keep your SharePoint structures and permissions as simple as you can. Set permissions at the site level, not at the document library, list, or folder level.

  4. 4.

    There is no included tool that will give you a comprehensive permissions structure. It is important to build a plan (as simple as possible) of who gets to go where and to document it so you don’t accidently create exceptions.

  5. 5.

    Sub-sub-sub…subsites are confusing. Build a structure plan (as simple as possible) of how you want to keep your data and document it so you don’t accidently create exceptions.

  6. 6.

    There is a strong push within the SharePoint community to use Search rather than a folder structure to organize documents. Consider this.

  7. 7.

    One of the nice features of SharePoint is the site-to-site (page-to-page) navigation (this is what shows at the top and side of each page). This is an optional feature of a site collection that has SharePoint Server Publishing Infrastructure activated. This site collection feature “provides centralized libraries, content types, master pages, and page layouts, and enables page scheduling and other publishing functionality for a site collection.” It also allows this form of navigation. This is a planning item because there is no nice way to turn this feature on after you have built a ton of sites. (You have to go back to each site and adjust the settings for that site.) Set this feature when you create a site collection (or on your first or only site collection). See the “SharePoint Admin Center” section.

  8. 8.

    External sharing (sharing a site or other entity with accounts outside of your Office 365 tenant) is very powerful, and a great feature, but it has limitations. These limitations include the following:

    1. a.

      Permissions for these external users must be built within SharePoint. That is, you cannot add an external user to an Active Directory group (if you are using DirSync or ADFS) nor to an Office 365 portal Security Group. You must add the outside user to a SharePoint group (or to an individual site, document library, folder, or file if you like living on the edge).

    2. b.

      You cannot add these external users to Distribution Groups (you cannot e-mail to them as a group). As an aside, they cannot receive alerts (if an item on alert changes).

    3. c.

      Because it is now easier to inadvertently incorrectly share a site, it may be worth having a completely separate site collection to be used for external users.

    4. d.

      There is a bit of activity that the external user has to perform to be able to see your shared data. They must have either an Office 365 account (by far the easiest, and a great reason to get your friends and suppliers and customers on Office 365) or a Microsoft ID (which used to be called a Live ID). A Microsoft ID includes and addresses. They can convert any e-mail address (including Gmail, Yahoo, or any corporate account) into a Microsoft ID. When a site is shared, the external user receives an e-mail and they must sign in with their Office 365 or Microsoft ID. The point is that setting up a Microsoft ID might be more pain than it is worth for some of your external users.

    5. e.

      Consider using a SharePoint Only license (the Plan 1 license is just $3 per month, Enterprise plan; see point 2 above) to share externally if you have a less-than-simple environment. Since it is a regular license within your tenant, you can set the login name, password, and permissions just with any other internal user. You can delete the user and downgrade your license count when the project ends.

    6. f.

      See the section “SharePoint Admin Center” to set up external sharing and Chapter 2 to use sharing and external sharing.


“Governance” is a fancy word to describe the planning associated with who does what and who can do what. For example, who is in charge of adding a site? Is it a specific individual within a department? Or is it anyone in the department? Just IT people for everyone? This is usually a trade-off between control and free market (and to some extent how much training an organization wants to do; in reality, it is not that hard and the training is straightforward).

Permissions may need to be better controlled. If you are storing important, sensitive information (as you should; this is one of the things that SharePoint Online is great for) you may want a security-oriented person to think about the consequences of your permissions structure. SharePoint provides a great deal of granularity in access control. (Do resist the urge to make it too complicated.)

A core governance issue is how Administrator roles are assigned. Various administrators can set permissions for users that control what they can see and edit.

In larger organizations it is very proper to create a site collection with a Site Collection Administrator for a particular department or entity. This allows that group to have complete control over their part of your SharePoint Online. See the sections “SharePoint Administrators” (next) and “SharePoint Admin Center.”

SharePoint Administrators

One of the basic concepts of SharePoint is that control and access are based on a role that you have been assigned. Microsoft creates and maintains the SharePoint Farm in their data centers and retains control of Central Administration (see Figure 5-2). When you buy an Office 365 Subscription, the first account is the root Global Administrator, which is also the first SharePoint tenant Administrator (called a SharePoint Online Administrator).

Figure 5-2.
figure 2

Microsoft Admin structure (courtesy of Microsoft)

Table 5-1 shows a summary of the capabilities of a SharePoint Online Administrator, a Site Collection Administrator, and a Site Level Owner.

Table 5-1. SharePoint Administration Roles

The general roles include types of Administrator and permissions that can be assigned. There are three types of Administrators in Office 365 and a category of User with Permissions:

  • Global Administrator: This is an Office 365 administrator role. A Global Administrator manages users and (Office 365) groups, service licenses, and domains. Chapter 8 describes these functions. The Global Administrator also manages Exchange and Lync. A Global Administrator is also a SharePoint Online Administrator.

  • SharePoint Online Administrator: Uses the SharePoint Online Administration Center to create and manage site collections, designate Site Collection Administrator s, and configure InfoPath, user profiles, BCS, term store, records management, search, secure store, and apps. See the section “SharePoint Admin Center.” Note that you MUST be an Office 365 Global Administrator to be a SharePoint Online Administrator (no lower Office 365 administrator role levels work).

  • Site Collection Administrator: A user with a role assigned by a SharePoint Online Administrator has permissions to manage a site collection, including setting permissions for other users within the site collection. There is one Primary Site Collection Administrator. There can be many Site Collection Administrators.

  • User with Permissions (Site Level Owners): There are a variety of permissions that can be assigned to a user through their group membership (see the section “SharePoint Permissions and Groups”).

Site Collection Administrator Permissions

Table 5-2 shows the permissions given to a Site Collection Administrator.

Table 5-2. SharePoint Site Collection Administrator Permissions

Building Your SharePoint Structure

Now that you have read a bit about SharePoint planning, including SharePoint definitions, let’s build something. This section is designed for people that will be building sites and other structures.

In this section, you are building the Procedures site (one of four sites in your sample small company SharePoint setup) within a site collection with a page, a document library, and in one case a calendar list. Let’s assume that you are using the default (initial) site collection, or that the SharePoint Online Administrator has built a site collection for you. You will also assume that the site collection feature of SharePoint Server Publishing Infrastructure has been activated (see the section “SharePoint Admin Center”).

You will start by defining a sample set of sites with initial permissions for users for your small company. You will also take a look at site navigation.

Tasks (such as site creation and setting permissions) in this section can be performed by anyone with permissions. Again, Chapter 2 contains information aimed at using the sites that you are creating in this section.

Design Your Site and Security Structure

A way to approach SharePoint configuration is to look at your information and organize it based on user roles: what storage locations do you have and who should be able to do what? For the example in this chapter you have a set of sites and a set of roles. Table 5-3 defines who (which roles) should have what access capability (rights) to the sites (where).

There are a number of ways to organize your security structure. A common way is to separate access to your sites by organizational role. You might have a group like SP_Senior_Team that is the CEO, COO, CFO, etc. Generally this team will have at least Read access to everything (although perhaps not Edit). We recommend that you prefix your SharePoint Groups with “SP_”. As your organization grows, you might end up with groups from the Office 365 Portal or from Active Directory (which might have the prefix SG_). This will help you keep track of how permissions flow (see “SharePoint Permissions and Groups”).

Table 5-3. SharePoint Sites Company Example

In Table 5-3, RW represents Read-Write (SharePoint Contribute) access, RO represents Read Only, and None represents no access. Each site will have its own document library.

For example, people in the group SP_Human_Resources can create, delete, and update documents in the Procedures site, see information in the Customers site, but won’t even see the Operations and Board sites. The SP_Senior_Team group has all access to all four sites.

You will implement permissions as discussed in the section “SharePoint Permissions and Groups.” It is a good idea to read both sections before you start building a production site. (Try things as you like; it is easy to delete and start over. This falls in the “just get started” category.)

Initial Site Collection: Top-Level Site

Figure 5-3 shows your top-level site. In this case, it is in a new site collection, but it will look similar if you are using the default first site that is created when you first purchase Office 365.

Figure 5-3.
figure 3

New site collection top-level site

You will modify this site to add the structure described in Table 5-3.

Gear Icon Options

Let’s take a look at the most important icon in SharePoint, the Gear icon. This menu will vary depending upon your permissions. Click the Gear icon at the top right; this will bring up the top level action menu (see Figure 5-4).

Figure 5-4.
figure 4

SharePoint Gear icon options

Site Settings

One of the important functions in the Gear list is site settings (see Figure 5-5). This is a screen of additional links to site-related settings. The list varies based on your permissions and where you are in the structure. For a person with only Read access to a site, this entry does not appear in the Gear list. For a person with Edit permission to the site, the list is reduced.

Figure 5-5.
figure 5

Site Settings - Edit Permissions

Even if a link is present, the person may not have permissions to edit the item.

Site Settings: The Subsite List

The site settings for a person with full control viewing a subsite refers to this subsite (see Figure 5-6). There is a link to the site collection-level site settings. Click this link to go to the top-level site collection settings.

Figure 5-6.
figure 6

Site settings: subsite

Site Settings: The Full List

Figure 5-7 shows the full set of site settings, for the top level site and the site collection. The full list only appears for Site Collection Administrators.

Figure 5-7.
figure 7

Full site settings

Some interesting links are marked in Figure 5-7, such as:

  • Users and Permissions

    • People and Groups: Manage Groups: This is used in permissions

    • Site Permissions: Manage the site: This is used for permissions

  • Web Designer Galleries: More detailed site control links

  • Site Administration

    • Popularity Trends: A chart of usage for this site

  • Look and Feel

    • Title, description, and logo: Site logo for top left of screen

    • Navigation: Manage Top Links and Quick Links; see below

  • Site Actions

    • Manage site features: See the section “SharePoint Admin Center”

    • Delete this site

  • Site Collection Administration

    • Recycle bin (for the site collection): Includes documents, folders, etc.

    • Site Collection Features: See the section “SharePoint Admin Center”

    • Popularity and Search Reports: A wide variety of reports

Site Contents

Before you create the Procedures subsite, let’s take a look at what is in your new or default site in your site collection. Click the Gear icon at the top right, then Site Contents or the Site Contents link at the left of the screen. You will see the Site Contents page, as shown in Figure 5-8.

Figure 5-8.
figure 8

Site contents

There are a number of interesting things on Site Contents page, including the following:

  • Share, Follow and Full Screen: These links are on most every page. Share is a way to share this site (also a way to expand permissions to more people), Follow is connected to Newsfeed and is a way to link something interesting for yourself.

  • Search this site.

  • Top Link Bar: Not yet filled out.

  • Quick Links: Links at the left edge, with an EDIT LINKS option.

  • Site Workflows, Settings, and the Site Recycle Bin: See below for Site Settings page description.

  • Each blue square item also includes an item count and a modified date/time.

  • “add an app”: The new-with-SharePoint 2013 model for adding parts to a web page.

  • Documents: Created by default for a new team site. This is the default site document library.

  • Form Templates, MicroFeed, Site Assets, Site Pages and Style Library: Created by default for a new team site.

  • The items marked “new!” in green were created by activating the SharePoint Server Publishing Infrastructure.

  • Subsites: A list of subsites and the + icon to create a new subsite. You will use this button.

Create the Site Structure Defined Above

Follow these steps to create the structure defined above. Reference information is interspersed with the steps.

Step 1: Create the Subsite Procedures

Let’s create your first subsite. Click the Site Contents option (or the Gear icon and then Site Contents). Click “New subsite” (see Figure 5-9).

Figure 5-9.
figure 9

Create a new subsite called Procedures

You will name this subsite Procedures and give it a description. You will also give the URL name Procedures. Since this web site address is a URL, spaces will be replaced with %20 (hex for the space character). Since this is ugly, it is common to replace the spaces in the title with underscores (“_”). It is possible to change both the title and site URL later.

Pick your language. Template Team Site is fine. The pick “Use same Permissions as Parent” (you will change this in the next section). This is a change from the default: Click Yes for “Use the top link bar from the parent site?” This will, guess what, use the top link bar from the parent site. Unless you are building a very separate site, or you have specific reasons to hide the navigation or create a specialized navigation, it is usually simpler for the user to see the same top link bar on the various pages. This kind of consistency is less likely to confuse your users. (You can change this later if needed.) Click Create.

You will note that the new site does not show up automatically in your top link bar or Quick Links. Let’s set navigation to show your new site.

Site Settings: Navigation

Site settings is a rather jumbled list of tasks and settings for this site. At this moment you are going to start by looking at Navigation under Look and Feel to set up the “mother” site to show your new subsite. Navigate to your mother site; in this case it is Sample_New_Site_Collection. Click Gear ➤ Site Settings (Figure 5-10).

Figure 5-10.
figure 10

Site settings subset

Click Navigation. This will bring up the Navigation Settings screen for this particular site (see Figure 5-11). As you recall, Navigation only appears as part of Site Collection Features ➤ SharePoint Server Publishing Infrastructure, which was listed as an assumption for this site collection. If there is no Navigation link, check with your Site Collection Administrator.

Figure 5-11.
figure 11

Navigation settings


It is easy to lose track of which site that you are editing; to see, hover over the Web Browser tab to see exactly what you are editing.

Step 2: Edit Top Level Navigation

Now you will continue to set navigation for your top-level site.

Select your top-level site (Sample_New_Site_Collection) and click Gear ➤ Site Settings ➤ Navigation.

  • Under Global Navigation, click “Structural Navigation: Display the navigation items below the current site” and then check the “Show subsites” option.

  • Under Current Navigation, click “Structural Navigation: Display only the navigation items below the current site” and then check the “Show subsites” option (see Figure 5-12).

Figure 5-12.
figure 12

Top-level site navigation

Step 3: Edit Subsite Navigation for Procedures

Now you will set navigation for your subsite procedures. Select your new site Procedures and click Gear ➤ Site Settings ➤ Navigation.

  • Under Global Navigation, click “Display the same navigation items as the parent site” should be set (from the Site Creation screen)” and check the “Show subsites” option.

  • Under Current Navigation, click “Structural Navigation: Display the current site, the navigation items below the current site, and the current site’s siblings” and then check the “Show subsites” option (see Figure 5-13).

Figure 5-13.
figure 13

Next level site navigation

Step 4: Create the Subsite Operations

Create the subsite operations. To do so, see Step 1, with title and URL operations.

Step 5: Edit Subsite Navigation for Operations

Edit the navigation for the subsite operations by referring to Step 3.

Step 6: Add a Sub-Subsite Turnover

Navigate to Site Operations ➤ Site Contents ➤ New site. See Step 1, with title and URL turnover. This will create a subsite turnover under the subsite operations. You will next adjust the navigation to show Turnover under Operations on the top-level menu.

Step 7: Edit Sub-Subsite Navigation for Operations/Turnover

Edit navigation for sub-subsite operations/turnover. Navigate to Operations ➤ Turnover. See Step 3 to set Navigation options.

Step 8: Verify Your Structure

If all of the steps above have been performed, you should see a top-level web site as shown in Figure 5-14.

Figure 5-14.
figure 14

Structure verification

On the top link bar are the two subsites that you have created: Operations and Procedures; they’re also shown in the Quick Links at the left. The site Turnover that is a subsite of Operations is indented at the left and as a drop-down under the small triangle at the top (Figure 5-14).

The Board and Customer sites for your company example can be created in the same manner. In the next section, we will discuss permissions and groups, and you’ll set permissions for your company example. Later, you will edit the pages and the links.

SharePoint Permissions and Groups

In this section, we are going to cover the basics of creating and using SharePoint permissions. You will continue to work on your example structure: you will set permissions per the company example. You will start with basics about permissions and groups and inheritance, Active Directory and Office 365 Security Groups, SharePoint Groups, and inheritance. Next are sections about setting permissions.

The general flow of this section is that we will introduce concepts and then intermix activities to accomplish a goal. We hope that you, as the reader, will extrapolate a particular action from one of these examples to the problem that you are trying to solve. At least you should see that certain functions and screens exist!

As mentioned above in “Planning, Governance and Initial Setup” it is easiest (and least likely to confuse people in the future) to set unique permissions at Site (or subsite) level (instead of the document library, folder, or document level).


Interactions with SharePoint, including setting permissions, are done through a web browser. This means that you can set Bookmarks/Favorites for both locations (a page or site) and commands (an action). You can also edit the URL to change locations or to open a command for a new site.

Permissions Basics and Groups

Permissions are essentially defined for each individual login. The effective permissions for an individual account are the least restrictive of any permissions that an individual has for a site, page, document library, list, folder, document, etc. This means that you should consider how to test the permissions that you assign.

It is too cumbersome to assign more than one or two individuals to all of the proper items that they should have access to, so the answer is groups. There are several types of groups available to set SharePoint permissions. These include the following:

  • Without DirSync: Office 365 security groups created in the Office 365 Portal

  • With DirSync: These groups appear in the Office 365 Portal as groups, but cannot be edited in Office 365.

    • Active Directory security groups

    • Active Directory mail-enabled security groups

    • Active Directory distribution groups are NOT eligible to be used.

  • SharePoint groups

For discussion about creating and maintaining Office 365 security groups and Active Directory synchronization, please see Chapters 8 and 11.

There are tradeoffs between using Office 365/AD security groups and SharePoint groups. The differences between the types of groups are explained below.

  • Office 365/Active Directory Synchronized Security Groups:

    • Generally more closely tied to business processes such as adding and changing user accounts (logins); the account management people that deal with logins can add or change their group membership at the same time in the same place.

    • For Active Directory (DirSync’ed) groups the same security information is consistent across the whole organization.

    • An Active Directory security group can contain a security group.

    • CANNOT contain externally shared user logins; see the section “Planning, Governance and Initial Setup” item “External Sharing.”

    • You cannot see the members of an Office 365/Active Directory group from within SharePoint (without using PowerShell). That is, if an Office 365/Active Directory group is a member of a SharePoint group, you cannot see the members when viewing through People and Groups. (Check if permissions are still accurate.)

  • SharePoint Groups:

    • More closely tied to SharePoint operation (part of SharePoint); the contents of Office 365/AD groups are synchronized with a slight time delay.

    • Editing of permissions can be done entirely by local SharePoint site owners without editing Office 365 Portal security groups or Active Directory.

    • Can contain externally shared userids (see the section “Planning, Governance and Initial Setup”).

    • Can contain Office 365, AD security groups, and AD mail-enabled security groups.

    • A SharePoint group cannot contain another SharePoint group.

There are no out-of-the-box SharePoint tools to review permissions. (There are outside vendors that supply such tools.)

The closest things to reports are:

  • Site Settings/People and Groups (see SharePoint “People and Groups” Tasks/ Settings: View Group Permissions”)

  • Check Permissions (one person at a time)

It is important to plan and document your permissions structure!

With SharePoint 2013 there are SharePoint groups that are automatically created, specifically Owners, Members, and Visitors Groups for each site collection that is created, and for each site (or other entity) that has permission inheritance removed. This can help you keep track of where to place users needing permissions.

Permissions Inheritance

In SharePoint, permissions are inherited from the parent site. This is normally what you want. For your company example, the various sites have different permissions needs. You will “break inheritance” to meet these needs.


It is easy to lose track of where you are setting permissions. To see this, hover over the Web Browser tab, or check the URL to see exactly where you are editing.

The Two Sides of Permissions: Sites and Groups

Permissions are set as the combination of:

  • Sites (where)

  • Groups, which contain people (who)

  • What can be done (Read, Edit, etc.)

The two different screens that deal with the two sides are summarized in Table 5-4.

Table 5-4. SharePoint Permissions: Sites and Groups Summary

Permissions: Site Permissions

This section describes the key steps to set permissions for a site (for other entities see “Set document library Permissions” and “Set a Document’s Permissions” below). Permissions are set for a site by:

  • Adding users to new or existing SharePoint groups associated with the site.

  • Adding Office 365 Portal/AD groups to new or existing SharePoint groups associated with the site.

  • Adding users directly to the site permissions (not recommended).

To set permissions, follow these steps:

  1. 1.

    Navigate to the site.

  2. 2.

    Click Gear ➤ Site Settings.

  3. 3.

    Click Site Permissions (see Figure 5-15).

  4. 4.

    See the Site Permissions screen (Figure 5-16).

  5. 5.

    Perform one of the sets of Permissions Actions described below, based on your needs.

Figure 5-15.
figure 15

Site Settings ➤ Site Permissions

Click “Site permissions” for the next screen (Figure 5-16).

Figure 5-16.
figure 16

Site Permissions screen

The Site Permission screen is a main control point for setting permissions. There is a similar screen for document libraries, folders, documents, etc. Note that this screen is slightly different if the site inherits permissions from its parent: item 2 will say “Manage Parent” (to go to where the permissions are set) and items 7, 8, 9, and 10 do not appear.

The following is a description of Permissions Screen by number.

  1. 1.

    “Where you are” information: In the title bar, the URL and the tab itself (“Permissions: Sample…”) and if you hover over the tab. It is very easy to be in the wrong place. It is always a good idea to glance up to see where you are.

  2. 2.

    Icon Grant Permissions: Add permissions for a user or group to this list (add permissions to “where you are”).

  3. 3.

    Icon Create Group: You can create a SharePoint group.

  4. 4.

    Icon Edit User Permissions.

  5. 5.

    Icon Remove User Permissions.

  6. 6.

    Icon Check Permissions.

  7. 7.

    Link Manage: Permission Levels.

  8. 8.

    Link Manage: Access Request Settings.

  9. 9.

    Link Manage: Site Collection Administrators.

  10. 10.

    Link “Some content on this site has different permissions”: This warning is generally because of SharePoint structure (see Figure 5-17).

  11. 11.

    Type: SharePoint Group, User, Domain Group

  12. 12.

    Permission Levels: Edit, Full Control, Read are normally used.

  13. 13.

    Automatic SharePoint Groups: Members (Edit), Owners (Full Control) and Visitors (Read) for the (top level) Site Sample_New_Site_Collection were created when the site was created.


Click the hyperlink that is the name of a group to get to the permissions: People and Groups screen for that group. Also, click “Browse” to see the top link bar again.

Figure 5-17.
figure 17

Permissions screen for different permissions

Icon 2: Grant Permissions

This is the core activity of permissions: to give someone or some group access. In general, you will add an individual to a group on this page (such as one of the groups highlighted in Item 13 in Figure 5-16). You can also add a user or SharePoint Group or Office 365 group with a specific permission level directly to this list. This is an example of power and confusion. It is best for you to pick a mechanism, document it, and use it consistently. Here are your choices:

  1. 1.

    Add the user or group to an existing “standard” group (those ending in Members, Owners, and Visitors). These SharePoint groups have predefined permission levels (Edit, Full Control, and Read, respectively) and are automatically created when the Site is created (or optionally when inheritance is broken; see “Breaking Inheritance” below).

  2. 2.

    Use Office 365 Portal/Active Directory Groups. Add them directly to the list with the appropriate permission level.

  3. 3.

    Use the SharePoint groups that you have created. Add them directly to the list with the appropriate permission level.

  4. 4.

    Add individual users directly to this list. Someone will hate you for this in the future. Because there is no easy permissions cross reference, someone will have to check each site to see where someone has permissions.

There is a new “sharing” mechanism that sets permissions. Share shows up as a user-level function. See Chapter 2 and also the “Set Document Library Permissions” section below.

Icon 3: Create Group

You can create a SharePoint group on a Site Settings screen or a People and Groups screen. The groups are global to the site collection. That is, once created, they can be used anywhere within the site collection. You don’t create a group just for this site, but for all sites in the site collection.

To create a group from a Site Settings screen, follow these steps:

  1. 1.

    Navigate to a site in the proper site collection.

  2. 2.

    Click Gear ➤ Site Settings.

  3. 3.

    Click Site Permissions (see Figure 5-18).

  4. 4.

    Click the Create Group icon.

  5. 5.

    On the next screen, fill in the fields as described.

  6. 6.

    Click Create.

Figure 5-18.
figure 18

Permissions Ribbon Create Group

To create group notes, follow these steps.

  1. 1.

    Give your new group a name. It is a good convention to start SharePoint groups with “SP_”. You will appreciate this when you have an environment of mixed SharePoint and Office 365/AD security groups. It helps to know where to look to edit the members. Good luck on getting the editors of the other groups to adopt a standard! (Usually these things have been going on for years and there have been several different people that have an idea of the correct standard.) Underscores are not important here, but you might want to be consistent; either use them or not. The auto-generated group names will have a space before “Members” and such.

  2. 2.

    Document this group’s usage.

  3. 3.

    The group owner defaults to the creator.

  4. 4.

    Do you want to allow requests to join/leave the group? Generally you want to know if you have left someone out (or a new person has joined the firm but has not been added to all of the proper groups). This sends an e-mail to you (or whoever you designate) saying that this person would like access. They can give you a reason. Generally you don’t want auto-accept, except perhaps for a company calendar or some such.

  5. 5.

    Since groups are created in a site collection, this item tells you the site collection in which you are creating the group.

  6. 6.

    Select the permission level(s). We selected “View Only” in this case. These values can be changed; see “Icon 4: Edit User Permissions for Existing Group.” Some selections are redundant. These permissions belong to the group; when you add a group to a site, the members of this group will have these permissions at that site. Having unique permissions on the site does not affect this relationship.

  7. 7.

    Click Create.

Icon 4: Edit User Permissions for Existing Group

Since you have a nice list of groups, the SharePoint designers decided to put “Edit the Permissions of an existing group” here; see Figure 5-19. (This function is in Site Permissions rather than People and Groups.)

Figure 5-19.
figure 19

Edit permissions level for existing group

To change the permissions for an existing group, follow these steps:

  1. 1.

    Navigate to a site that uses the group.

  2. 2.

    Click Gear ➤ Site Settings.

  3. 3.

    Click Site Permissions (see Figure 5-19).

  4. 4.

    Select the group by marking the checkbox to the left.

  5. 5.

    Click the Edit User Permissions icon.

  6. 6.

    On the next screen, check and uncheck permissions as you desire (see Figure 5-20).

  7. 7.

    Click OK.

Figure 5-20.
figure 20

Set group permissions

Icon 5: Remove User Permissions

You can remove permissions for one or more users or groups by following these steps.

  1. 1.

    Navigate to the site (or item) from which you wish to remove permissions.

  2. 2.

    Click Gear ➤ Site Settings.

  3. 3.

    Click Site Permissions.

  4. 4.

    Verify that you are in the right place!

  5. 5.

    Mark the items (see Figure 5-21).

  6. 6.

    Click the Remove User Permissions icon.

  7. 7.

    Click OK on the warning message.

Figure 5-21.
figure 21

Remove user permissions

Icon 6: Check Permissions

Check permissions for a person at this site. See “Check Company Permissions” below for a usage example.

Link 7: Manage Permission Levels

This link documents the particular permission levels. Clicking a link at left shows the exact details.

Link 8: Manage Access Request Settings

Figure 5-22 shows the way to set the e-mail address that will receive requests to access this site.

Figure 5-22.
figure 22

Manage Access Request Settings

Link 9: Manage Site Collection Administrators

This is another way to be able to edit the list of Site Collection Administrators. This link only appears when you are on the top site of a site collection and you are a Site Collection Administrator (Figure 5-23).

Figure 5-23.
figure 23

Edit Site Collection Administrators

Permissions: People and Groups

The People and Groups screen describe access to the SharePoint groups for a particular site collection (Figure 5-24).

Figure 5-24.
figure 24

Site Settings ➤ People and Groups

Click “People and groups” for the next screen (Figure 5-25).

Figure 5-25.
figure 25

Permissions: People and Groups

A nice feature of the People and Groups/specific group screen (Figure 5-26) is that if you hover over the small presence indicator (by the name) a floating menu with a link for a contact card appears.

Figure 5-26.
figure 26

SharePoint People and Groups menus

To perform “People and Groups” tasks, follow these steps:

  1. 1.

    Navigate to any site in the appropriate site collection.

  2. 2.

    Click Gear ➤ Site Settings.

  3. 3.

    Click “People and Groups” (see Figure 5-24).

  4. 4.

    If you do not select a specific group, you have these tasks (or select “Groups” at the top left):

    1. a.

      New ➤ New Group ➤ Create a New SharePoint Group: This is the same as Icon 3: Create Group (see Figure 5-18).

    2. b.

      Settings ➤ Edit Group Quick Launch: Edit list of groups that appear at the left edge.

    3. c.

      You can edit many things about a group (except the permissions) with the small Edit icon in the Edit column. (To edit an existing group’s permissions, see “Icon 4: Edit User Permissions for Existing Group”).

  5. 5.

    If you wish to work with a specific group, at the left edge, click a group (click More to see more groups). Once you have selected a group you have a choice of several tasks.

    1. a.

      New: Add Users (to this group).

    2. b.

      Actions: E-Mail Users.

    3. c.

      Actions: Call/Message Selected Users (Lync Message/Call).

    4. d.

      Actions: Remove Users from Group.

    5. e.

      Actions: Leave Group (remove yourself from the group).

    6. f.

      Settings: Group Settings (manage settings such as group name and permissions).

    7. g.

      Settings: View Group Permissions (view permissions this group has on sites, lists, and items).

    8. h.

      Settings: Make Default Group (make this group the default group for this site).

    9. i.

      Settings: List Settings (manage settings such as columns and views).

Next are the descriptions of these tasks.

New: Add Users

This task adds a person (user), or an Office 365/Active Directory security group to the selected SharePoint group. The new person or group will have immediate permissions wherever this group is used.

To add a User or Office 365/Active Directory security group, follow these steps:

  1. 1.

    Select the group.

  2. 2.

    Click New ➤ Add Users (the only choice).

  3. 3.

    In the menu box, verify that you are in the group that you intended. Note that the title is “Share …”. In this case you are adding a user, but the effect is that the new user will have access to wherever the group is used. (See “Settings: View Group Permissions” below.)

  4. 4.

    Enter names, e-mail addresses, or “Everyone” into the box. As you start typing a name or e-mail address, the system looks for matches. Select a name from the drop-down list. Type the next name.

  5. 5.

    Click SHOW OPTIONS; if you wish to send e-mail to the new members leave the “Send an e-mail invitation” box checked.

  6. 6.

    Enter a custom message if you wish.

  7. 7.

    Click Share (see Figure 5-27).

Figure 5-27.
figure 27

Add users to a group/share a site

Actions: E-Mail Users

Open an Outlook window to build an e-mail to the names that you select.

Actions: Call/Message Selected Users

Open a Lync communication with the names that you select.

Actions: Remove Users from Group

Remove the names you select from the Group.

Settings: Group Settings

Change this group’s settings including name, About Me, group owner, etc. You might wish to set an e-mail address if you wish to accept member ship requests to the group (see Figure 5-28).

Figure 5-28.
figure 28

Change group settings

Settings: View Group Permissions

This People and Groups ➤ Settings: View Group Permissions option is a hidden gem (see Figure 5-29).

Note the note: “Use this page to view the permission assignments that this SharePoint group has in this site collection. In addition to the listed URLs, this group has access to any sites, lists, or items that inherit permissions from these URLs.”

The resulting web page dialog box shows the name of the group and each URL (site) to which the group has been assigned and the permission level. (The second part of the note is a warning that all subsites that inherit from these sites also have the same permissions.)

The URLs are hyperlinks to the sites. Click OK to exit.

Figure 5-29.
figure 29

Group Task Settings: View Group Permissions

Settings: Make Default Group

Click to make this group the default group.

Settings: List Settings

Set the settings for the User Information List (Figure 5-30).

Figure 5-30.
figure 30

User Information List ➤ Settings

Set Top Level Permissions to Read Only

When a site collection is created, no one is given permission, but default SharePoint groups are created. You will add Read Only for all users to allow everyone to see the top-level site. This will allow a safe landing space for users that click Team Site. This permission will be inherited for subsites (unless they have unique permissions).

Here you will set the default permission to Read. With Read, users can view pages and list items and download documents. Follow these steps.

  1. 1.

    Navigate to the top level site, such as Sample_New_Site_Collection.

  2. 2.

    Click Gear ➤ Site Settings.

  3. 3.

    Click Site Permissions (see Figure 5-15).

  4. 4.

    Click Sample_New_Site_Collection Visitors or your Visitors group (see Figure 5-16, item 13).

  5. 5.

    Type “every” into the “Add people” box; pick one of the Everyone options depending upon your needs.

  6. 6.

    Click SHOW OPTIONS; you probably want to turn off “Send an e-mail to everyone.”

  7. 7.

    Click Share. This will add everyone to the group Visitors with permissions Read.

  8. 8.

    Check Permissions (see Figure 5-31).

Figure 5-31.
figure 31

Set top-level permissions to Read Only

Set Document Library Permissions

We recommended above to use sites as your basic level of special permissions. In this method, the document libraries within a site would inherit these special permissions. In some cases it is appropriate to set unique permissions for a document library. You will use the document library that is part of the top level site as an sample.

To set unique permissions for a document library, follow these steps:

  1. 1.

    Navigate to the site.

  2. 2.

    Click the title part of the documents (Figure 5-32).

  3. 3.

    Click Library on the Ribbon bar to open the Library ribbon (Figure 5-33).

  4. 4.

    Click Library Settings on the open Library ribbon to show options (Figure 5-34).

  5. 5.

    In Documents ➤ Settings, click “Permissions for this document library” (Figure 5-35).

  6. 6.

    Click “Stop Inheriting Permissions” (Figure 5-36).

  7. 7.

    Accept the message (Figure 5-37).

  8. 8.

    Delete any extra SharePoint groups; add any required groups (grant permissions); undo unique permissions by clicking “Delete unique permissions” (Figure 5-38).

As you can see, there are quite a few steps.

It is important, if you use unique permissions for a document library, that you recognize that Site Settings ➤ Site Permissions work on the SITE, not the document library that you are looking at when you click the Gear icon. You must use most of the steps above to change permissions for a document library.

Figure 5-32.
figure 32

Set unique document library permissions part 1

Click “Documents” to open the next screen.

Figure 5-33.
figure 33

Set unique document library permissions part 2

Click LIBRARY to open the ribbon (Figure 5-34).

Figure 5-34.
figure 34

Set unique document library permissions part 3

Click “Library Settings” to open the next screen.

Figure 5-35.
figure 35

Set unique document library permissions part 4

Click “Permissions for this document library” to open the next screen (Figure 5-36).

Figure 5-36.
figure 36

Set unique document library permissions part 5

Click “Stop Inheriting Permissions.” You will have the message box in Figure 5-37.

Figure 5-37.
figure 37

Set unique document library permissions part 6

Click OK to accept the warning and to open the next screen (Figure 5-38).

Figure 5-38.
figure 38

Set unique document library permissions part 7

Set a Document’s Permissions

We recommended above to use sites as your basic level of special permissions. In this method, the documents within libraries within a site would inherit these special permissions. In some cases, it is appropriate to set unique permissions for a document. You will use the document that is part of the document library of the site Operations/Turnover as an example.

To set unique permissions for a document, follow these steps:

  1. 1.

    Navigate to the document.

  2. 2.

    Click the “…” beside the document (Figure 5-39).

  3. 3.

    A preview of the document shows. Click the “…” at the bottom of the pop-up (Figure 5-40).

  4. 4.

    Click “Shared with” (Figure 5-41).

  5. 5.

    Click ADVANCED (Figure 5-42).

  6. 6.

    Click “Stop Inheriting Permissions” (Figure 5-43).

  7. 7.

    Accept the message.

  8. 8.

    Delete any extra SharePoint groups; add any required groups (grant permissions); undo unique permissions by clicking “Delete unique permissions” (Figure 5-43).

As you can see, there are quite a few steps.

It is important, if you use unique permissions for a document (or folder), that you recognize that Site Settings ➤ Site Permissions work on the SITE, not the document or document library that you are looking at when you click the Gear icon. You must use most of the steps above to change permissions for a document (or folder).

Figure 5-39.
figure 39

Set unique document permissions part 1

Click the ellipses to open the next screen.

Figure 5-40.
figure 40

Set unique document permissions part 2

Click the ellipses to open the next screen.

Figure 5-41.
figure 41

Set unique document permissions part 3

Click “Shared With” to open the next screen (Figure 5-42).

Figure 5-42.
figure 42

Set unique document permissions part 4

Click “ADVANCED” to open the next screen (Figure 5-43).

Figure 5-43.
figure 43

Set unique document permissions part 5

Click “Stop Inheriting Permissions” to stop using the permissions of the parent for this document.

Setting Permissions for Your Company Example

We discussed your objectives for this simple company site with specialized permissions above. You are now ready to set the permissions for the sites that you created above. Here are your permissions objectives from Table 5-3 (reproduced here as Table 5-5).

Table 5-5. SharePoint Sites Company Example

To implement the permissions designed above, for each site you will:

  • Navigate to the site.

  • Select Gear ➤ Site Settings ➤ Site Permissions.

  • Click “Stop Inheriting Permissions” (see Figure 5-44).

  • This will automatically create new SharePoint groups (see Figure 5-46).

  • Fill the new groups with the Roles SP_ groups from Table 5-5.

Stop Inheriting Permissions

As discussed above, a site or library by default inherits permissions from its parent. In this security model, you stop inheriting permissions to be able to cleanly start over with specific security groups that have Read Only or Read/Write permission. This model makes it simple to add new users to the correct groups, and minimizes incorrect permission risks.

To stop inheriting permissions, follow these steps:

  1. 1.

    Navigate to the site.

  2. 2.

    Click Gear ➤ Site Settings ➤ Site Permissions.

Figure 5-44.
figure 44

Stop inheriting permissions

  1. 3.

    Note the warning that “This library inherits permissions from its parent.” Click “Stop Inheriting Permissions” (see Figure 5-44).

  2. 4.

    Click OK to accept the warning (Figure 5-45).

Figure 5-45.
figure 45

Accept unique permissions

  1. 5.

    SharePoint automatically gives you the chance to make new groups for your newly un-inheriting site! It wants to build three types of groups: [name] Visitors for people that will have Read Only, [name] Members for Read-Write access, and [name] Owners that have full control, including who will have the ability to add more members to these groups (see Figure 5-46).

  2. 6.

    You will create the standard groups for this site: Procedures Visitors, Procedures Members, and Procedures Owners. You can, using the radio buttons, use other existing groups. Commonly the proper Owners group will already exist; in this case, for example, you might want the same Owners group for all of the sites (the same owners for Procedures, Operations, Board, and Customers). By default the group’s creator name is added to Members and Owners.

  3. 7.

    Click OK to create the groups.

Figure 5-46.
figure 46

New company groups

  1. 8.

    You now add the defined SharePoint groups to the proper groups that you just created. As an alternative, you can add the proper people to each of the groups that you just created. It is more about consistency and your long-term plan.

  2. 9.

    Return to the site (Procedures) and select Gear ➤ Site Settings ➤ Site Permissions.

  3. 10.

    As discussed above, you probably want to delete the extra groups, such as Sample_New_Site_Collection Members and Sample_New_Site_Collection Visitors. Leave just Procedures Visitors, Procedures Members, and Procedures Owners.

  4. 11.

    Populate the new groups with the security groups

    1. a.

      Add SP_Senior_Team, SP_Management and SP_Human_Resources to Procedures Members (for RW access).

    2. b.

      Add SP_Manufacturing and SP_Customer_Support to Procedures Visitors (for RO access).

  5. 12.

    At some point, fill the SP_ groups with the appropriate people (or other groups).

  6. 13.

    Repeat for the other three sites: Operations, Board, and Customers.

Check Company Permissions

While most people do everything carefully and correctly, it is always a good idea to check. In this procedure you will check the permissions for one of your users, John Q. Demo. He should have Read/Write access to the Procedures document library (from your company security design above).

To check permissions, follow these steps:

  1. 1.

    Navigate to the site (Procedures, in this case).

  2. 2.

    Go to Gear ➤ Site Settings ➤ Site Permissions.

  3. 3.

    Click “Check Permissions” in the Permission Tools ribbon.

  4. 4.

    Enter part of the name, let it autofill, and click the result (see Figure 5-47)

  5. 5.

    Click Check Now.

  6. 6.

    Check results (see Figure 5-48). Note that John Q has permissions via two other groups. They are not higher permissions, so it doesn’t matter. It is good to delete John from these two other groups. (You see that we checked Permissions before we deleted the extra groups in Step 10 above).

  7. 7.

    Check the permissions for the other people.

Figure 5-47.
figure 47

Check document library permissions part 1

After you find the person or group that you wish to check permissions for, click Check Now. The next screen shows the results of the check: John Q. Demo the listed permission on this site as given by the listed groups.

Figure 5-48.
figure 48

Check document library permissions part 2

Site Editing

This is a brief introduction to page (site) editing. It is really not too complicated. One important point to note is that when you save your work, it is live to your users!

Edit Your Site Page

You can change the look of the pages that are displayed through the web browser. You will edit the default page for the top-level site in your new site collection. Follow these steps:

  1. 1.

    Navigate to the page that you wish to edit. (You will need permission.)

  2. 2.

    You may choose to remove the “Get started with your site” by clicking REMOVE THIS. You can also use it to add your first app or to make the other changes listed. It is a good introduction to the new SharePoint 2013 features.

  3. 3.

    Click Page to show the Edit ribbon.

  4. 4.

    Click Edit (1) or Check Out (2), then Edit (Figure 5-49).

  5. 5.

    Your page becomes editable (Figure 5-50). This page is pretty self-explanatory, but here are a few points.

    1. a.

      Save and Check In when you are done.

    2. b.

      This is the FORMAT TEXT Ribbon; click INSERT for the Insert ribbon (see Figure 5-50).

    3. c.

      The text layout (Figure 5-51) changes the overall look, such as the number of columns and headers, etc.

    4. d.

      Click on a part of the screen and start editing!

    5. e.

      You might want to practice on a test site.

  6. 6.

    Review the INSERT ribbon (Figure 5-52).

    1. a.

      You can insert the various items listed onto your page such as a table, picture, video and audio, a hyperlink, a file, an app, a Web Part, or direct code. These are all pretty straightforward except the app part.

    2. b.

      The Insert an App part has two steps.

      1. i.

        See “Add an App” below for the first step.

      2. ii.

        Determine where (on the screen) your app should go.

      3. iii.

        Click (INSERT) App Part (see Figure 5-51).

      4. iv.

        Find the app that you added previously (Procedures_Library in this case) and click Add. The app will be added to the place that you selected on the screen (see Figure 5-53).

  7. 7.

    Click Save and Check In when you are done; your page is immediately published.

Figure 5-49.
figure 49

Prepare to edit a page

Click PAGE to open the Edit ribbon.

Figure 5-50.
figure 50

Edit Page overview

There are various controls on the ribbon. Click “Text Layout” for the Text Layout menu.

Figure 5-51.
figure 51

Text layout options

Click the INSERT tab for the Insert ribbon.

Figure 5-52.
figure 52

Edit Page Insert ribbon

Click “App Part” for the Apps submenu. Select the app that you wish, “Procedures_Library” in this case. Click Add.

Figure 5-53.
figure 53

Edit page for the Add an App part

Add an App

The new SharePoint 2013 model has added “Add an App” in addition to Web Parts. You now add an app first, and then add it to a web (site) page.

To create an app to be added, follow these steps.

  1. 1.

    Go to Gear ➤ Add an App (Figure 5-54). Click the document library app. This is the type of the app; you actually name it to add it as an app later (above).

  2. 2.

    Name your app (Figure 5-55).

  3. 3.

    Your app is added (Figure 5-56). You can add it to your page now.

Figure 5-54.
figure 54

Add an app part 1

Click Gear ➤ Add an app, then select the Document Library ➤ Adding document library option.

Figure 5-55.
figure 55

Add an app part 2

Enter the name of your new document library, then click Create. Your new document library has been added to your site.

Figure 5-56.
figure 56

Add an app part 3

Edit Links: Edit the Top link Bar

The top link bar is designed for easy access to other parts of your system. You can add a link to another page that will be propagated to other pages (when you have a top link bar in lower sites).

Navigate to your top site. Click EDIT LINKS to edit the links. You can move them around and add a link to any URL (such as your web site). Be sure to click Save when you are done (Figure 5-57).

Figure 5-57.
figure 57

Edit the top link bar

Edit Links: Edit the Quick Links Bar

This editing is the same as the top link bar. Click EDIT LINKS to edit the links. You also may wish to edit the links in Gear, Site Settings, and Navigation. This allows you to change the order of the Quick Links in a different way.

Create a Project Site

This section describes how to create a SharePoint project site in your SharePoint Online site collection. This is simply another example of a site that can be created.

Office 365 offers several levels of projects, including a hosted project server and an individual project subscription. Data for these services is stored in SharePoint. SharePoint also offers a simple project site with documents, tasks, calendar, and e-mail specific to the project site. The steps to create this simple site are described below. There is also can be a Project Web App in the SharePoint admin center (see Figure 5-58).

Figure 5-58.
figure 58

Project Web App in SharePoint admin center

Step 1: Sign On to Your SharePoint Site

You must sign on as a user with full control for the parent site to be able to create a site. Go to ➤ Sites ➤ Team Site. As a shortcut you can use your “onmicrosoft” name; for example, for us it is .

Step 2: Navigate to “Parent” of Where You Want to Create Your Project Site

Choose where you want your new project site.

Step 3: Create a Project Subsite

Click Gear ➤ Site Contents (see Figure 5-59).

Figure 5-59.
figure 59

Gear ➤ Site Contents

At the bottom of the Site Contents screen, click “new subsite” (see Figure 5-60).

Figure 5-60.
figure 60

New subsite

You will see the New SharePoint Site screen (see Figure 5-61).

Figure 5-61.
figure 61

Create New Project screen

Set title, description, URL, and language. Since spaces are translated as %20 in the URL, it is common to use “_” in place of spaces. This is much prettier, as mentioned before.

Select a template: click Collaboration, Team Site, or use a template that you have saved before. Click the Custom tab (there will be a Custom tab if you have any saved templates).

Choose permissions: “Use same permissions as parent site” or “Use unique permissions.” If you choose “Use unique permissions” you will have a chance to create SharePoint groups unique for this site.

Choose Yes or No for “Use the top link bar from the parent site?” Normally you will have set up navigation and you will want to choose Yes. Click Create.

Step 4: Alter Your Site

Your initial project site can now be altered to fit your needs (see Figure 5-62).

Figure 5-62.
figure 62

Initial SharePoint project site

If you are planning to use a similar project site setup in the future, you probably want to set your style (or use the default) and your logo before you save the template (see Figure 5-63).

Figure 5-63.
figure 63

Set title, description, and logo

Your logo can be referenced either from your local computer (a copy will be made in SharePoint) or from another SharePoint location. You can also use this screen to change the title, etc. that you set when you created the site. Quick navigation: Gear ➤ Site Settings ➤Title, Description, and Logo under Look and Feel.

Step 5: Save Your Project Site Template

If you will create more (similar) sites, now would be a good time to save the project site as a template.


Save as a template BEFORE adding any project specific tasks or calendar entries!

Click Gear ➤ Site Settings ➤ Save site as template (see Figure 5-64).

Figure 5-64.
figure 64

Save as Template screen

Pick a name for your template and fill in the other fields. Pick a very descriptive name, perhaps even with a version number. You will have to recognize it the next time that you create a site.

The logo is included in the template (if you specify “Include Content”). See the note relating to “Include Content.” Click OK. You will get an “Operation Completed Successfully” message. Your template is now available as a custom template the next time that you wish to create a site.

Step 6: Clean Up Your Site and Add Apps as Appropriate

Return to your new site. Now it is time to adjust it to your specific needs for this project. In the center of the site are some editing buttons (unless you have removed them already); see Figure 5-65.

Figure 5-65.
figure 65

Site Edit buttons

A very common addition is project E-mail. This creates a special Exchange Mailbox just for this project, with a special e-mail address. E-mail copied to this address will appear in the site (project) mailbox. This allows you to keep all project e-mail together in one place, along with documents, calendar entries, and the task list.

To create a project site mailbox (or actually for any kind of site), click the “Keep e-mail in context” button at the right of Figure 5-65. You will see a screen to add a site mailbox; click ADD IT. It may take up to 30 minutes for the mailbox to be provisioned. This mailbox is unique to this site. The email address will be SMO- plus the name of the Site plus The KAMIND project site mailbox is in this example.

This action will create a Site Mailbox app. You may wish to add this app to the links at left. This action is the same as adding a Mailbox app. Quick navigation: Gear ➤ Site Contents ➤ add an app (upper left).

“Share our site” is the same as the SHARE button at the top right. See Chapter 2 for more information.

“Working on a deadline?” is a chance to add more calendar and task list apps. “Add lists, libraries and other apps” adds apps. You can do both of these later with “Add an App.”

You probably set your style and your brand before you created a template. You can alter them again if you wish. Most people remove the “Get started with your site” buttons (click the REMOVE THIS button in Figure 5-65).

You may also wish to edit links (at left) to match your design (in addition to adding the Site Mailbox app). Quick navigation: Gear ➤ Site Contents ➤ Edit Link, and then drag any apps (including Site Mailbox) into the Links area. You can edit the site for any other customization that you wish. (You may want to customize before creating a template, or create another template.)

Step 7: Set Permissions

Depending upon your needs, you may wish to have special permissions for your project site. If you are planning to share your entire site with internal or external users (outside of your organization), you have a choice of Read Only or Edit. If you have documents or other apps that you do NOT wish to share with others, you can create a subsite (in this site or another site) with unique permissions that are not visible to others.

You had a chance to create unique permissions when the site was created; you can also change permissions later. You can create unique permissions for a site. See “Permissions: People and Groups” for more details.

Figure 5-66.
figure 66

Set up groups for this site

Step 8: Using Your Project Site

Your site can now be used by people with Read or Edit (Contribute) permissions to your site. You can control whether others can upload and edit documents, calendar entries, or tasks with permissions.

Using Project E-mail

If you created a site mailbox (see above), you can use it to keep e-mail about your project. This is a great way to keep e-mail about your project in one place.

The e-mail address for your site will be SMO- plus the name of the site plus The KAMIND Project Site mailbox is in this example (Figure 5-67). Anyone on the Internet can send to this address. If you reply to a message in the project inbox, the e-mail will be sent from your email (your Office 365 login address). Send a copy to your project e-mail address.

When you click on the Mailbox link, you will start Outlook Web App. This is the same app that you use to process your personal e-mail on the Web. The first time that you use Outlook Web App, you will need to set your language and time zone. The first e-mail contains a link describing how to use your site mailbox.

You may wish to change from CONVERSATIONS BY DATE to ITEMS BY DATE (click the item above the inbox list).

Figure 5-67.
figure 67

Outlook Web App site mailbox

Uploading and Creating Documents

The project site, by default, has a document library. Just drag a file from Windows Explorer onto “drag files here” to upload one or more documents. Click “+ new document” to create a new Word, Excel, PowerPoint document or OneNote notebook, or a new folder. You can also choose to UPLOAD EXISTING FILE, which gives you the opportunity to browse to a file on your computer that you want to upload.

You can view or edit documents with the appropriate web app or with a locally installed version of Word, Excel, etc. Just click on the document name. See Chapter 2 for more information.

Add Tasks and Task Management

The project site automatically includes a Tasks app. Click Edit in the “Get organized” box (see Figure 5-68) or Tasks on the left links. You can then add tasks (task name, due date, assigned to) and add columns (such as comment).

Figure 5-68.
figure 68

Task list to get organized

A task is a line in a SharePoint list, with all of that flexibility. The list can also be shown as a calendar or Gantt chart (click Tasks, then “…” just to the left of the “Find and item” box to see the choices). You can show completed or late tasks. See Figure 5-69 for choices and below for sample screens.

Figure 5-69.
figure 69

View choices

After you have added some task, the project summary will have more information (see Figure 5-70). You now have the + ADD TASK and EDIT LIST links.

Figure 5-70.
figure 70

Project Summary timeline

To add a task, click “+ ADD TASK” on the project home page or click Tasks at left, then “+ new task” to get to the new task screen (see Figure 5-71. Note that this figure is after clicking SHOW MORE to see the additional fields, including % Complete, Description, Predecessors, Priority, Task Status and the one that we added called Comment).

Figure 5-71.
figure 71

Add a task

Enter values in the fields as required and click Save. Note that “Assigned to” will be an e-mail address. You can use the small calendar to set a date. If you wish to set a date and time use the format “9/23/13 9:00am”. You may also wish to alter the date format (see Figure 5-72). Note the tabs such as BROWSE, TASKS, LIST, and TIMELINE that show depending upon what you have selected.

Figure 5-72.
figure 72

Set timeline date format

Note that after you add a task, you must click the ellipses by the item to ADD TO TIMELINE (you can also remove tasks to simplify your timeline). The ellipses also allow you to perform additional tasks including Edit Item, Alert me, and Delete Item (see Figure 5-73).

Figure 5-73.
figure 73

Task details

Click the checkbox to mark a task complete. The small green star shows new tasks.

As mentioned above (see Figure 5-69), there are other standard views including

  • Calendar (see Figure 5-74)

  • Gantt Chart (see Figure 5-75)

All tasks show, even if they are not on the timeline.

You can create any number of specialized SharePoint views (see Figure 5-76).

Figure 5-74.
figure 74

Task Calendar

Figure 5-75 is an example of a Gantt chart, set as described above.

Figure 5-75.
figure 75

Gantt chart

To add a column to your Tasks list, click the EDIT LIST link on the project home page or Tasks then “edit this list.” (see Figure 5-76). Click the + at right of the columns. This will show the types of columns that you can create.

Figure 5-76.
figure 76

Add a Task list column

Because the Task list is a SharePoint list you have all of the power of SharePoint, including creating new views. See Figure 5-77 for the SharePoint List ribbon.

Figure 5-77.
figure 77

SharePoint List ribbon

Add Calendar Entries

The calendar that is added to the project site by default is a standard SharePoint calendar. It is not linked to the Tasks calendar that you saw previously; see Figure 5-78. Click New Event to add an event to the calendar. The CALENDAR tab allows you to change the calendar formatting and other connection activities.

Figure 5-78.
figure 78

SharePoint calendar

One Note Notebook

A One Note notebook is created by default. Click the link at left to open the One Note Web App.

Start a Newsfeed Conversation

A newsfeed conversation helps you share information about your project. See Chapter 2.

Share Your Project Site

You may choose to share your project site with others in your organization, or with people outside your organization. See k02_07v01_KAMIND_Office_365_SharePoint_Sharing or the appropriate section in Chapter 2.

Sync Your Site with SkyDrive Pro

You may sync the document libraries in your project site with SkyDrive Pro. See k02_04_v05_KAMIND_Office_365_Using_SkydrivePro or the appropriate section in Chapter 2.

SharePoint Admin Center

This section describes tasks and settings that are normally executed by your (top level) SharePoint Online Administrator(s). Site Collection Features are available to a Site Collection Administrator; Site Features are available to User with Full Control.

We will describe settings and actions in

  • SharePoint admin center: Site Collections ribbon

  • SharePoint admin center: Other menus (InfoPath, etc.)

  • SharePoint admin center: Settings

  • Site Collection Features settings (settings for a site collection)

  • Site Feature settings (settings for a site)

  • Initial SharePoint Setup

A few of these settings will need to be checked or changed for a newly purchased Office 365 tenant (see Table 5-7) since the initial defaults may not match your needs. See the “Initial SharePoint Setup” section below.

Not all settings and features are described in this section. Again, this is a chapter, not a book! There are links to additional information in the Links section. There are a large number of books that are entirely dedicated to the details of SharePoint.

SharePoint Admin Center

The SharePoint admin center is the “home page” for SharePoint Administration. To access your SharePoint admin center, sign on as an Office 365 Global Administrator. Select the Admin drop-down, then SharePoint (Figure 5-79).

Figure 5-79.
figure 79

Admin drop-down list

Figure 5-80.
figure 80

SharePoint admin center

The SharePoint Admin Center (Figure 5-80) includes the following submenus with functions:

  • Site Collections ribbon (New, Delete, Properties, Owners, Sharing, Quotas, etc.)

  • SkyDrive Pro settings

  • InfoPath (InfoPath configuration options)

  • User profiles (settings for People, Organizations, and My Sites)

  • BCS (Business Connectivity Services): manage connectivity to other data sources)

  • Term store (define and configure your metadata taxonomy)

  • Records management (Send To Connections – Content Organizer configuration)

  • Search (search administration: schema, dictionaries, reports, etc.)

  • Secure store (configure a secure store target application)

  • Apps (configure apps: catalog, purchase, licenses, permissions, etc.)

  • Settings (Enterprise Social Collaboration, External Sharing, Global Experience Version Settings, Information Rights Management (IRM), Start a Site, Office on Demand, Preview Features)

If you get the “Sorry, something went wrong” error message shown in Figure 5-81, it generally means that your permissions for the SharePoint admin center page has timed out. Return to the SharePoint admin center, click Refresh, and try again.

Figure 5-81.
figure 81

Sorry, something went wrong

SharePoint Admin Center Site Collections Ribbon

Click “Site Collections” in SharePoint Admin Center to manage site collections. The Site Collections Ribbon (Figure 5-82) will display, along with your list of site collections. Select one (or more, depending upon the action that you wish to perform) to activate the Ribbon icons. These icons are described below.

Figure 5-82.
figure 82

SharePoint Admin Center Site Collections ribbon

The Site Collection icons include the following:

  1. 1.

    New: Create a new site collection or public web site.

  2. 2.

    Delete: One or more site collections (select a site collection to activate icon).

  3. 3.

    Properties: Show properties of one site collection.

  4. 4.

    Owners: Set owners (“Manage Administrators” and “Add Support Partner”) for one or more site collections.

  5. 5.

    Sharing: Set external sharing options on one or more site collections.

  6. 6.

    Storage Quota: Set quantity and a notification e-mail at limit.

  7. 7.

    Server Resource Quota: Set quantity and a notification e-mail at limit.

  8. 8.

    Upgrade: Site collection upgrade settings (for one site) and upgrade notifications.

  9. 9.

    Website: Settings for public-facing web site.

  10. 10.

    Recycle Bin: site collections in the Recycle Bin.

Icon 1: New

sCreate private site collection or a public web site. There can only be one public web site, which is created by default, so the public web site will be grayed out. Select “Private Site Collection” (Figure 5-83).

Figure 5-83.
figure 83

Create new site collection

Figure 5-84.
figure 84

New site collection screen

Title your new site collection as you choose (see Figure 5-84). It is a good idea to use the same title as the web site address. This will be less confusing in the future. Since the web site address is a URL, spaces will be replaced with %20 (hex for the space character). Since this is ugly, it is common to replace the spaces in the title with underscores (“_”). It is easy to change the title for the top site in a site collection: navigate to the Site ➤ Gear ➤ Site Settings ➤ Title, Description, and Logo, but to change the web address you must create the new address and copy your data to it.

Template Selection: Normally you will only have 2013 experience as a version (until the next time!). Select a language for your site. Select a site collection template. “Team Site” is fine; you can change this later. This is the template for the first site created in your new site collection. Figure 5-85 shows alternate templates.

Figure 5-85.
figure 85

New site collection templates

Select a time zone. You can change this later in site collection Settings/Regional Settings. Set your Site Collection Administrator. You can add more administrators later. Set the storage quota and resource quota (you can change these later, and it is a good idea to set an e-mail notification when you are approaching the limit). Click OK.

Your new site collection will take a few minutes to be configured. You will have a site (of the template that you selected above). You can edit your new site page as described in the section “Building Your SharePoint Structure.”

Icon 2: Delete

You can delete a selected site collection by clicking the Delete icon. There is a confirmation screen. You can recover a deleted site collection within 30 days (see “Icon Recycle Bin” below).

Icon 3: Properties

Double-click a site collection or select a site and click Properties to see properties for the site (Figure 5-86). You can click the web site address hot link to go to the actual site.

Figure 5-86.
figure 86

Site collection properties

Icon 4: Owners

The Owners icon is used to manage Site Administrators and to set a support partner for a site collection (see Figure 5-87).

Figure 5-87.
figure 87

Site Collection ribbon ➤ Owners

Click Owners ➤ Manage Administrators to see the screen shown in Figure 5-88.

Figure 5-88.
figure 88

Manage administrators

The primary Site Collection Administrator was set when the site collection was created. You can add other Site Collection Administrators. Type the first part of their name, or log in and click People Finder, or select from the Browse “select people and groups.” Click OK.

The second icon choice of “Add Support Partner” is to add support partner privileges for a Microsoft representative or your Office 365 License Advisor.

Icon 5: Sharing (External Sharing)

The Sharing icon is used to set sharing options for one or more site collections. Select a site collections(s) and click Sharing (Figure 5-89).

Figure 5-89.
figure 89

Site Collection ribbon ➤ Sharing

There are two classes of sharing: internal (within your tenant) and external (outside your Office 365 tenant).

Internal sharing is controlled by permissions. If a user has a link (URL) to a page but does not have permission to view the page, it cannot be seen.

External sharing is very powerful, and a great feature, but has limitations. Please see the item “External sharing” in the section “Planning, Governance, and Initial Setup” for limitations. A Site Collection Administrator must enable external sharing within “Settings” (see below) and external sharing for each appropriate site collection. It can take a few minutes for changes in menu settings to take effect (see Figures 5-90 and 5-91).

Figure 5-90.
figure 90

Site Collection ribbon ➤ Sharing

Figure 5-91.
figure 91

Site Collection ribbon ➤ Sharing screen with error

The external sharing choices include the following parameters:

  • Don’t allow sharing outside your organization,

  • Allow external users who accept sharing invitations and sign in as authenticated users.

  • Allow both external users who accept sharing invitations and anonymous guest links. You usually want this third choice.

Icon 6: Storage Quota

Generally it is a good idea to set “Send e-mail to site collection administrators when a site collection’s storage” and to set the “reaches:” percent to 85 or so. This will warn you before you run out of allocated (or available) space (Figures 5-92 and 5-93).

Figure 5-92.
figure 92

Site Collection ribbon ➤ Storage Quota

Figure 5-93.
figure 93

Set storage quota values

Icon 7: Server Resource Quota

Generally it is a good idea to set “Send e-mail when each selected site collection resource usage reaches warning level at:” and to set the “reaches:” percent to 85 or so. This will warn you before you run out of resources (Figures 5-94 and 5-95).

Figure 5-94.
figure 94

Site Collection ribbon ➤ Server Resource Quota

Figure 5-95.
figure 95

Set server resource quota values

Icon 8: Upgrade

Normally your site collections will be created in the SharePoint 2013 version. If not, you may wish to force site upgrades. This button really only applies when Microsoft is doing a major change, as from Wave 14 to Wave 15. You can see the version of your site collections on the SharePoint admin center (see Figure 5-79).

Icon 9: Web Site

The information for your public-facing web site is set here. See Chapter 6 for the specific details.

Icon 10: Recycle Bin/Deleted Item Recovery

SharePoint Online users have a Recycle Bin where deleted content is stored. This Recycle Bin contains site collections that can be recovered. Items in the Recycle Bin are retained for 30 days.

The following data types are captured by the various Recycle Bins:

  • Site collections (this Recycle Bin)

  • Sites

  • Lists

  • Libraries

  • Folders

  • List items

  • Documents

  • Web Part pages

SharePoint Admin Center Menus

There are additional menus to control more of the features of SharePoint at the left of the SharePoint admin center page:

  • InfoPath (InfoPath configuration options)

  • SkyDrive Pro settings

  • User profiles (settings for People, Organizations, and My Sites)

  • BCS (manage connectivity to other data sources)

  • Term store (define and configure your metadata taxonomy)

  • Records management (Send To Connections – Content Organizer configuration)

  • Search (search administration: schema, dictionaries, reports, etc.)

  • Secure store (configure Secure Store Target Applications)

  • Apps (configure apps: catalog, purchase, licenses, permissions, etc.)

  • Settings (Enterprise Social Collaboration, External Sharing, Global Experience Version Settings, Information Rights Management (IRM), Start a Site, Office on Demand, Preview Features)


Configure InfoPath options. This is outside the scope of this chapter.

SkyDrive Pro Settings

This screen controls adding additional SkyDrive Pro (personal SharePoint storage) to particular users (see Figure 5-96). Choose particular logins and set them all to 25GB, 50GB, or 100GB storage limit.

Figure 5-96.
figure 96

SkyDrive Pro settings

User Profiles

User profiles are used to preset values for your users, and include promoted sites.


Manage Business Connectivity Services. This is outside the scope of this chapter.

Term Store

Term store is global for entire SharePoint tenant. Term Store values are used in metadata fields. This is outside the scope of this chapter.

Records Management

Manage features associated with Content Organizer.


Manage Search parameters.


Settings includes a selection of global settings (for all of your SharePoint Office 365 tenants) including (see Figure 5-97) the following:

  • Enterprise Social Collaboration (Yammer or Newsfeed)

  • External sharing (control how users invite people outside your organization to access content)

  • Global Experience version settings (control which version of site collections can be created)

  • Information Rights Management (IRM) (set IRM capabilities for SharePoint)

  • Start a Site (give users a shortcut to create new team sites at a defined location)

  • Office on Demand (enable/disable links to launch Office On Demand)

  • Preview Features (enable/disable; see item for list of features)

Figure 5-97.
figure 97

SharePoint Admin Center Menu settings

Site Collection Settings: Site Collection Features

Site Collection settings, as you might presume, apply to an entire site collection. You must be a Site Collection Administrator for the specific site (or an Office 365 Global Administrator/ SharePoint Online Administrator) to edit these features.

There are many, many features for a site collection. They are listed alphabetically, by titles that were made up by people with a specific idea of what the feature includes. Figures 5-98 through 5-100 show the default values when a site collection is created. We will discuss some (not all!) of the important site collection features. Click Activate/ Deactivate to change the status of a feature. Some features take a while to activate.

Figure 5-98.
figure 98

Site collection features part 1

Figure 5-99.
figure 99

Site collection features part 2

Figure 5-100.
figure 100

Site collection features part 3

Important Site Collection Settings: Site Collection Features

This list is somewhat arbitrary (Table 5-6). Some features depend upon what you are intending to accomplish in your site collection. See Reference Links for a link to other descriptive material.

Table 5-6. Site Collection Settings

Site Settings: Site Features

Site settings, as you might presume, apply to a specific site. You must be a Site Collection Administrator for the specific site (or an Office 365 Global Administrator/SharePoint Online Administrator) or have full control permission on the site to edit these features.

There are many, many features for a site. They are listed alphabetically, by titles that were made up by people with a specific idea of what the feature includes. Figures 5-101 through 5-103 show the default values when a Site is created. We will discuss some (not all!) of the important site features. Click Activate/Deactivate to change the status of a feature. Some features take a while to activate.

Figure 5-101.
figure 101

Site features part 1

Figure 5-102.
figure 102

Site features part 2

Figure 5-103.
figure 103

Site features part 3

Important Site Settings: Site Features

This list is somewhat arbitrary (Table 5-7). Some features depend upon what you are intending to accomplish in your Site. See Reference Links for a link to other descriptive material.

The Site Features page looks very similar to the Site Collection Features page; be sure that you are on the correct page.

Table 5-7. SharePoint Site Features

Additional Administrator Concepts and Tools

This section mentions some additional concepts and tools. Detailed descriptions of these items are outside the scope of this chapter.

Document Sets

Document sets are a special kind of library valuable for documentation projects.

Document Versioning

It is possible to configure major and minor versions of documents, and control how many versions are kept. Select a document library and then LIBRARY tab ➤ Library Settings ➤ Versioning Settings.


Workflows are processes started by an activity that can perform such functions as getting document approval from multiple people at the same time. Select a document library and then LIBRARY tab ➤ Library Settings ➤ Workflow Settings.

Apps for SharePoint

SharePoint has built-in apps, such as document libraries; it is also possible to build custom apps.

SharePoint Designer 2013

SharePoint Designer 2013 is the screen designer for the visible web pages plus additional features; “the tool of choice for the rapid development of SharePoint applications”. You can find more information at the following links:

You can also find great information on SharePoint Designer 2013 and the new Workflow architecture at: )

You can find the download of SharePoint Designer 2013 here (be sure to look for updates as well):

PowerShell for SharePoint Online

There is a set of PowerShell commands for SharePoint Online. Here is more information:

Initial SharePoint Setup

Initial setup includes setting owners, sharing, storage quota, and server resource quota. These items should be set for the first (initial) site collection. They can also be set for each additional site collection. See Table 5-8.

Table 5-8. Initial SharePoint Administration Functions

Reference Links

There is a large amount of information about Office 365 on the Web. The difficulty is finding the right information. The information contained in this chapter is a combination of our experiences in doing deployments and support information that has been published by third parties. There are additional links in the “Additional Administrator Concepts and Tools” section above.

SharePoint Permissions – Best Practices (login required)

User Level Permissions in SharePoint

Office 365 Technology Blog

SharePoint Online Planning Guide

TechNet – Plan for SharePoint Online

Assigning Administration Roles in SharePoint Online

Manage External Sharing for Your SharePoint Online Environment

Next Steps

Your basic Office 365 SharePoint system has been configured. At this point your (first) site collection is 100% functional. You have been introduced to important parts of SharePoint structure, permissions, and other details needed to create and maintain sites and their subparts and permissions. One obvious next step is to read about how to use SharePoint. (These two chapters really need to be read in conjunction.) However, your work is not yet complete. There is much more to do depending on your Office 365 configuration. The key chapters that you need to review for your Office 365 deployment are as follows:

  • Chapter 7 – Windows Intune Administration

    • The secret to an optimal Office 365 site is the management of the desktop to ensure that updates are current, and the user antivirus is functioning. Windows Intune is a desktop management tool that addresses these issues and reduces the administrators’ effort in desktop management, and improves the user’s experience.

  • Chapter 8 – Office 365 Administration

    • The administrator’s job is never complete. This chapter contains information for common tasks such as configuring SharePoint permissions, using different types of PowerShell scripts for configuration of the Office 365 sites and other tips and tracks what we use to make Office 365 work without any support calls.

  • Chapter 9 – Compliance and Data Loss Prevention

    • Businesses must adapt their mail document storage systems to correctly process the electronic communications, based on regulatory oversight. The compliance and data loss prevention (DLP) provides this capability to allow businesses to manage their communications and protect from simple mistakes in their electronic communications. Office 365 includes integrated discovery that supports legal discovery and audit requirements.

Author information

Authors and Affiliations


Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (, which permits any noncommercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this chapter or parts of it.

The images or other third party material in this chapter are included in the chapter’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the chapter’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and Permissions

Copyright information

© 2013 Matthew Katzer

About this chapter

Cite this chapter

Katzer, M., Crawford, D. (2013). SharePoint Administration Guide. In: Office 365. Apress, Berkeley, CA.

Download citation

We’re sorry, something doesn't seem to be working properly.

Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.