IT Consulting
Cloud Migration Services
IT Infrastructure Projects
Business Continuity Planning
IT Procurement
Managed IT Services
IT Support Services
Managed Cloud Services
Managed SharePoint Services
End User Computing
Unified Communications
Connectivity
Virtual CIO
Managed Security Services
Cybersecurity Risk Assessment
Cloud Backup and Disaster Recovery
Cyber Security Connect and Protect Program
IT Strategy
Digital Transformation
Microsoft 365 Consulting Services
Power BI
Awards and Certifications
Management Team
Client Case Studies
Our Commitment to the Environment
CSAT Charity Donations
Media Kit
Sydney
Collaboration vs Security in SharePoint – Practical Ways to Share Without Risk
In this third episode of the SharePoint Focus series, Alyssa Blackburn from AvePoint and Mia Tate, Microsoft 365 Practice Lead at First Focus, examine the balance between enabling collaboration and protecting sensitive data. They share practical approaches to configuring sharing in SharePoint and reveal how poor practices can create security risks that impact compliance and productivity across Australian organisations.
Key takeaways
- Balance collaboration and security by setting tenant-wide rules and refining at the site level.
- Use groups for access control; avoid individual permissions to prevent drift.
- Set safer link defaults such as “People with existing access,” and add expiries for external shares.
- Distinguish clearly between site/library permissions and ad-hoc file or folder links.
- Leverage visibility tools (e.g., Guard with Policies and Insights) to see what is shared and with whom.
- Train staff regularly; Privacy Act changes require ongoing education.
- Address AI risks by defining what can be shared with AI tools and how that data is handled.
- Make oversight continuous with scheduled reviews, reports and owner notifications.
Watch the episode
Getting your house in order
Effective sharing starts with strong foundations. Organisations must consolidate their data, understand where it lives and classify it by sensitivity and relevance. With that baseline in place, SharePoint’s powerful controls can be tailored to real-world use cases without overwhelming teams or creating unnecessary risk.
Setting tenant-wide rules
Tenant-wide settings act as an umbrella across SharePoint, Teams and OneDrive. They determine the base level of permissiveness and can be adjusted for specific sites and departments. Examples include:
- Turning off “Anyone with the link” as a default option.
- Setting default link sharing to “People with existing access.”
- Restricting group creation to defined roles.
- Applying restrictions to content containing personally identifiable information.
The delicate balance between collaboration and security
Too much restriction stifles collaboration. Too little exposes sensitive information. The answer lies in striking a balance. Each business is different, and each department may require different controls. Security measures should support collaboration, not block it. Defaults should be logical and users should be educated on when and how to share safely.
Avoiding the trap of individual permissions
Granting access to individuals rather than groups seems convenient but quickly becomes unmanageable. Permissions drift, policies are broken, and IT loses visibility. Group-based permissions are easier to manage, review and audit. If decentralised administration is preferred, it must be supported with training, clear parameters and monitoring tools such as AvePoint Workspace Management.
Understanding link sharing vs folder or site permissions
Many breaches come from confusion between site permissions, folder sharing and file links. For example, when default links are set to “People in this organisation,” staff can unintentionally expose content to the entire company. The safer approach is to use “People with existing access” so that sharing respects established permissions.
Setting link expiries for external parties ensures access does not continue indefinitely. This protects sensitive data while still enabling collaboration with partners, suppliers and clients.
Using Guard and Policies + Insights
Visibility is critical. Guard, which incorporates AvePoint Policies and Insights, provides reporting across SharePoint, OneDrive and Teams. It shows what has been shared, with whom, and how. This allows IT managers to put appropriate policies in place, remediate risks and monitor sharing activity. Good information enables good decisions.
How poor sharing habits lead to breaches
Oversharing internally can be just as dangerous as external leaks. Without training, staff often do not realise they are exposing sensitive information. The risks multiply when AI tools are introduced. The case of Samsung engineers uploading test plans into ChatGPT demonstrates how quickly intellectual property can leave the organisation if clear policies and training are not in place.
Training, the Privacy Act and ongoing education
Technology alone cannot solve the problem. Ongoing education is essential. Simulated phishing campaigns, reminders about link types and simple playbooks for sharing are all practical ways to raise awareness. Importantly, new provisions in the Privacy Act now require organisations to train staff regularly in data security and responsibilities. Education is not optional – it is mandatory.
Oversight as a continuous responsibility
Information management is not set and forget. Oversight must be continuous, with regular reviews, automated reports and alerts to owners. By keeping users engaged in access reviews and providing tools that surface risky behaviour, businesses can keep permissions accurate while enabling collaboration to continue smoothly.
Conclusion
Episode 3 reinforces that collaboration and security do not have to be at odds. With the right tenant-wide settings, group-based permissions, visibility tools and ongoing education, Australian businesses can strike the balance. The result is a SharePoint environment that supports teamwork, protects sensitive data and complies with changing regulations.
