The document’s journey in SharePoint continues!
In the previous post, I only got started with the reasons why SharePoint is a proper document management system. Let’s dive into a bit deeper on the document management related features of SharePoint.
Let’s talk about reviewing the documents
There are couple of ways to make sure someone is reviewing your documents before they are considered as ready. On the classic days of SharePoint, content approval feature was the most often used for reviews. Basically, users with the contributing rights added a document or modified one, and users with the more rights, such as owners, had to approve the document, before it became visible for rest of the group. A bit cumbersome way that was applied to ALL the documents in the library, with no exceptions. This is still possible in the modern SharePoint as well, but I haven’t seen that much of the feature being used lately.
Nowadays, we also have the lovely, out of the box feature called Request sign-off. With this one, you can send a selected file for approval automatically via Teams, the process will automatically create a status column for the document library where the status of the document will automatically be updated from Pending to either Approved or Rejected, depending on what kind of a day the approver has 😉 I like the fact that the requests go directly to the user’s activity feed in Teams, and open within the Approvals app in Teams. No need to navigate anywhere, and the approver can open the document in question directly from the app in Teams.
Request sign-off workflow that takes the approval process into Teams.
Link to a document & document IDs
In SharePoint, the document’s name is also the link to the document. By clicking the name, you open the document. Within one document library, you cannot have two documents with the same name. If you try to save a document that has the same name as any other document in the library, SharePoint suggests that you can either replace the existing document with the new on (and it creates a new version for the existing document) or keep them both. If you decide to keep them both, SharePoint will just add a number after the name of the document to distinguish the new one from the existing ones.
Each document has its own URL address that consists of the [tenant name][site name][library name][document name]. This way, it’s not necessary to use any kind of document numbering to refer to a document, you can just use the URL. But, in case you are vey fond of document IDs, there is also a feature for that that can be activated on the site settings. Technical details can be found at the Microsoft documentation.
Sharing the documents internally and externally
Behind the three dots of each document, you find a button called Copy link, from where you get the link to the document. Now, at this point, SharePoint makes things a bit complicated and gives you options regarding the link. The most recommended setting is People with existing access can use the link. This way, you don’t end up changing any permissions for the document, you just copy the link to the document.
When getting a link to the document, I recommend to always choose the People with existing access option.
If you need to share the document with someone who doesn’t have access to the document, there are couple of choices, but it’s good to recognise that from the governance perspective, it is the most horrible idea to share individual documents randomly to people. Even though you can see from the document’s details with whom it is shared, you need to check that information from each document separately, or, as an admin, export a report from SharePoint admin center. If you are trying to share the document from the SharePoint library internally with someone who doesn’t already have access, ask yourself first if that is on purpose?
Sending documents as attachments outside your organisation is made pretty simple in Outlook, where you can just type the / in your email and choose the file or simply just drag and drop the file to the email, or choose from the attachment selection… I said pretty simple 😁Multiple choices available there.
There are also options for when you need to work with externals and multiple documents. A dedicated team site (or a team in Teams) is meant for this kind of collaboration. You invite the externals to the site and work together on the documents stored there. This is a quite common scenario in a project work. Other option is to give permissions per document library to external users, but that means that the rest of the site (like information pages and the landing page) would be common content for all the external users. This could be the case in the extranet scenarios, where organisations want to share some common information for all partners or vendors, and then some of the contents (files) have restricted access rights by partner/vendor. It is important that the sharing is done on a library level and not on the folder level.
Wait, is this secure?
What if there are documents that lot of people in your organisation have access to, but that are absolutely not supposed to be shared with externals? The Microsoft Purview compliance portal (https://learn.microsoft.com/en-gb/purview/microsoft-365-compliance-center) has wonderful security & compliance features available. For example, you can configure a label “Internal use only”, apply that label to all those document libraries that have documents that shouldn’t leave the organisation’s virtual borders. Labels start to be more effective when you configure a policy related to them, that can say something like “documents with this label are not allowed to be shared with people outside of our organization”. When anyone tries to share a document with that kind of label either directly from the library or as an email attachment, the policy kicks in and user get a info panel stating that it’s not possible and the reason for it.
Or another policy could be that if the document contains personal information like social security numbers, only certain HR people and managers are allowed to read those documents. Almost any kind of security related policy that the organization can think of (that makes sense) can be configured for SharePoint documents to meet the organisation's security requirements. This usually means that M365 E5 licensing is required, but when it comes to security, you don’t want to mess up with things.
This was the second post of the series of SharePoint document management, the last post, covering the archiving & deletion options, will be published in the near future. But first, CollabDays Finland! 🤗