Chapter 5

SharePoint Administration Guide

This chapter introduces SharePoint Online concepts and describes many of the methods that SharePoint
Administrators may use to control and modify their site collections and sites. The information in this chapter will
allow you to create sites and control access, and to use settings that control various features of SharePoint. We will take
you through creating a sample site with designed permissions.
Note that the control by SharePoint Administrators (and delegates) only applies to the features and structure of
SharePoint. There are separate Administrators for other Office 365 components.
This is not a chapter on using SharePoint. The “user” SharePoint features that are generally available to people
using the system are described in Chapter 2.

SharePoint Administration Chapter Structure

Not every feature of SharePoint Online is described here. Our goal is to provide an overview of the key terms and
features that a SharePoint Administrator will need to configure and control their site. SharePoint is a very large
topic. There are numerous books written about SharePoint. There is also quite a bit of information in the Office 365
community and on the Web in general.
This overview section covers the following topics:
• Introduction to Office 365 SharePoint
• Description of SharePoint (what it is and is not)
• SharePoint definitions
The rest of this chapter is in three parts:
• The “Planning, Governance, and Initial Setup” section introduces planning for a SharePoint
implementation and additional definitions (such as types of Administrators)
• Site-related Administration functions
• Site and Site Collection Administrator functions
The SharePoint site-related Administration functions may be used by the associated Site Administrator or
delegated to a user with permissions. This section has further subsections.
• “Building Your SharePoint Structure”
• “SharePoint Permissions and Groups”
• “Site Editing”
• “Creating a Project Site”

179
Chapter 5 ■ SharePoint Administration Guide

The following sections are for Site and Site Collection Administrators:
• “SharePoint Admin Center”
• “Additional Administrator Concepts and Tools”
• “Initial SharePoint Setup”
The information contained in this chapter is based on the most common questions that we have been asked
about Office 365 SharePoint in our deployments.

Introduction to Office 365 SharePoint

Office 365 Hosted SharePoint (SharePoint Online) is a part of a set of three product families: Small Business, Midsize
Business, and Enterprise Business/Exchange Online/Kiosk (see Figure 5-1). Office 365 Hosted SharePoint is Microsoft
SharePoint. The major difference is that Microsoft administers and maintains all of the back-end servers, operating
systems, SharePoint Server software, interconnects, geo-redundancy, and network structure. SharePoint licensing
is included in the Small Business, Midsize Business, and Enterprise Business E1, E3, and E4 plans (and to a limited
extent in some of the Kiosk plans). The concepts discussed in this chapter generally apply to all of these versions of
Office 365 SharePoint, but these configurations have only been tested with the Enterprise version.

Figure 5-1.  SharePoint plans (courtesy of Microsoft)

180
 Chapter 5 ■ SharePoint Administration Guide

There are several notes with Figure 5-1:

1. SharePoint Plan 1 and Plan 2 and Kiosk K1 and K2 are part of Enterprise.
2. The first license creates a 10GB Team Site. Additional licensed users (except K1 and K2)
add 500MB each to the Team Site storage allocation (you can buy more, up to 25TB).
3. SkyDrive Pro sites are 25 to 100GB per license. SkyDrive Pro is a type of SharePoint site,
allocated and controlled by a particular user.
4. Web editing is allowed for SharePoint Plan 1 and 2 for an additional $2/month.

What is SharePoint?
SharePoint is Microsoft’s document storage and content management tool. SharePoint was first released in 2001.
Originally, SharePoint was used as an enterprise’s on-premises “intranet.” SharePoint was included in Small Business
Server and in the original Microsoft Cloud offering, BPOS. The version with Office 365 is SharePoint Online.
SharePoint is fundamentally a web server that presents web pages to your browser (Internet Explorer, Firefox,
Chrome, Safari, etc.). The SharePoint data (structure, permissions, sites, your documents, etc.) is hosted on SQL
servers that are maintained by Microsoft within their secure environment.
This allows people to read, edit, and create pages and sites and to control administrative settings depending
upon their permissions. Chapter 2 includes descriptions of tasks that everyone will normally do (add documents to
SharePoint, create and edit documents locally or in the cloud). This chapter includes descriptions of how to create
sites, site features, and up to full site collection Administration features.

■■Note  Because your data is present through a URL, you can set a Bookmark or Favorites to go to a particular
SharePoint page.

Microsoft has a stated and executed intention of Cloud First. This means that the SharePoint that is available
with Office 365 (Wave 15) is SharePoint 2013 Enterprise with more extensions and features. The limits of SharePoint
Online (compared to the on-premises Enterprise version) are related to the fact that the Online version shares the
SharePoint farm with other users (shared tenancy). Two examples are limited control of searching (to limit resource
consumption) and Sandbox only (no full-trust solutions).
When you add in the feature that you can be up and running in SharePoint Online (in the very latest version) in
one day, your SharePoint Online version might be three to six years ahead of your on-premises functionality!
With SharePoint Online:
• Your data is stored and organized in one place.
• Your data is available from anywhere you choose.
• Microsoft takes care of operating details such as sizing the equipment, backups, geo-
redundancy, equipment upgrades, equipment failures, software and network failures,
software patches, etc.
SharePoint Online provides:
• Tools for collaboration, synchronization, projects, and robust searching.
• Tools to maintain the one version of your document, and to make it easy to find and share; no
long do you have to chase down who has the latest version of your document.

181
Chapter 5 ■ SharePoint Administration Guide

• Tools to share your documents and build your team; share your company picnic pictures, your
company calendar; engage your employees! Create and share your best practices within your
enterprise, or with your suppliers and customers.
• Tools to build internal web (intranet) portals and public-facing web sites.
• Familiar Office tools to create and edit your SharePoint documents from anywhere
on any device.
SharePoint Online benefits include:
• Helping your Sales and Marketing teams work together to share ideas and improve your processes.
• Using SharePoint and Excel Web App to share your spreadsheets so you can work together at
one time to create your budgets and reports.
• Improving your in-house support services such as IT: searchable best practices and known
bugs, track requests, even remote support with tools such as Lync and Windows Intune.
• Support for project planning and reporting; creating tasks, setting priorities, watching for
missed milestones. SharePoint is the data storage for huge projects that you may manage with
Microsoft Project Professional.
• Search! Save time and find what you need.
• Allowing for the controlled combination of security and empowering employees.
• Dashboards: Data, Power Pivot, and Power View.
• Workflows for automatic routing of business processes, such as training a new employee: you
can use your existing forms, your employee handbook, training videos, contacts to bring new
employees up to speed.
• Using SharePoint and your other Office 365 tools such as eDiscovery to manage, protect, and
control access to your critical data. You can create retention schedules. It also supports audits
and discovery requests at the lowest cost.

What is SharePoint Not?

SharePoint is a place to store documents and files. SharePoint documents are indexed, backed up, and maintained
according to the Office 365 service-level agreement (SLA). You do not use SharePoint for the following:
1. Do not use SharePoint as a place to put backups (there are size and file type limits).
2. Do not place huge working files that have to be moved to edit (SharePoint is a good place
for archiving your larger files).
3. There is presently a limit of 5,000 items in a single list or document library view.

SharePoint Definitions
These words are used throughout this chapter and throughout SharePoint documentation in general. Here are
summarized definitions:
• URL: Universal Resource Locator. The specific universal address for a web page. It is
essentially a specific location within a domain within the World Wide Web. This doesn’t
necessarily mean that you can see it from anywhere; there can be security restrictions.
For example, https://kamind.sharepoint.com or http://getoffice365now.com.

182
 Chapter 5 ■ SharePoint Administration Guide

• Tenant: This is your Office 365 account including Hosted Exchange, Lync, SharePoint, and
your Office 365 Active Directory. The first account that you create when you first purchase
Office 365 is the “owner” of your tenant. This account should be an admin account, not a
person. This account does not normally need an Office 365 license. Relating to SharePoint, all
of your site collections are within your tenant. You can have any number of domains within
your tenant (with e-mail accounts) but you will have only one root SharePoint URL:
https://xxxx.sharepoint.com. See “Planning, Design, and Governance” for planning notes.
• Site Collection: This is a collection of sites. With the Enterprise Plan you may have multiple site
collections within your tenant. Site collections have sets of properties that are the same for all
sites within a site collection, which may be different between site collections.
• Site: A SharePoint site is a collection of SharePoint “apps” and “Web Parts” (components) such
as document libraries, lists, tasks, blogs, pictures, templates, and text that are presented to a
user at a particular URL as a page. A site is within a particular site collection. An example is a
project site.
• Subsite: A subsite is just a site under (within) a site. You can nest sites until you confuse
yourself.
• Page: A page is what you see with your web browser. You can have multiple pages within a site.
Generally, a site presents a default page that the users will think of as “the site.”
• Web Part: Components that can be inserted into a page (part of a site). Web Parts are very
powerful and can interact with other sites and data outside of SharePoint.
• App: A component of a site, such as a document library or list. A type of Web Part.
• List: A set of items within a site. You can think of a list as a bunch of rows and columns with
potentially a data value at the intersection, like a spreadsheet. There are specialized lists that
have special properties. A list is separate from a page, but usually is displayed on a page. When
you select and display a specific list, the page ribbon shows actions that can be performed on
the list or items in it, such as set permissions or delete an item. Special list types include task
list or calendar list.
• Document Library: A set of documents within a site. In many ways a document library is a
specialized list that contains the document and associated metadata. A document library
is separate from a page, but usually is displayed on a page. When you select and display
a specific document library, the page ribbon shows actions that can be performed on the
document library or folders and documents within it, such as set permissions or delete an
item. A document library may contain folders and documents.
• Folder: Similar to a folder on your PC. Part of a SharePoint document library. Folders may have
independent permissions. A folder contains documents.
• Document: A Word, Excel, PowerPoint, or other type of file within a document library.
A document may have independent permissions.
• Metadata: Additional data stored about/with an item, such as the date and author of a
document. The data is searchable.
• Permissions: The “who can do it” part of SharePoint. Permissions are set on a site, list,
document library, etc. Permission levels include None, Read, View, Contribute (Read and
Write), and more. A particular user must have the “permission” to do that activity on that item.
For example, to be able to update the item.

183
Chapter 5 ■ SharePoint Administration Guide

• Site Contents: Contents of a site. The Site Contents page shows lists, libraries, and other apps
and subsites that are associated with this site. This page is a helpful reference to your site
structure. Access to this screen appears as a link on a site page, or as a drop-down choice
under the Gear icon at the top right of the screen. Only items that you have permission to see
will show.
• Document Set: Document sets are a feature in SharePoint Server 2013 that enables an
organization to manage a single deliverable, or work product, which can include multiple
documents or files. A document set is a special kind of folder that combines unique document
set attributes, the attributes and behaviors of folders and documents, and provides a user
interface (UI), metadata, and object model elements to help manage all aspects of the work
product. See the Reference Links page.
• Content Type: A content type defines the attributes of a list item, a document, or a folder. There is
a content type per site collection. It could be considered as a “collection of columns for re-use”
in other lists or document libraries. Content types are inherited. See the Reference Links page.
• Web site: A SharePoint web site is a specialized site collection that can be seen by the outside
world (public facing) through a standard URL (such as http://getoffice365now.com). You
may only have one web site within your tenant.

SharePoint Planning, Governance, and Initial Setup

SharePoint is a very powerful system. With power comes opportunity and the opportunity for confusion. Thank you
for being a person that wants to read about planning! To reward you, this is a short section. One could consider many
of these “Best Practices.” Some are just warnings!
The key points are as follows:
1. Your xxxx.onmicrosoft.com name is your SharePoint site name: xxxx.sharepoint.com.
This “xxxx” name was (or will be, if you are reading this in advance) picked at the time
you signed up for Office 365. It cannot be changed. (You can get a different name, but you
have to migrate your old data to the new tenant. It is not clear that you will even be able
to keep your old .onmicrosoft name if you move to a different plan family (Small Business
to Midsize or to Enterprise) even though Microsoft has indicated that you will be able to
change your plan family. See point 2.
2. At KAMIND we have a few sayings including “Don’t do it” and “Just get started.” For
example: “I want to save a buck and get the ‘Small Business’ plan.” Don’t do it. The savings
are tiny and the limitations are large. There are even more limits with Midsize Business
(no Exchange Only, no Kiosk). Just buy an Enterprise Plan. See the discussion in
Chapter 3’s “Office 365 Subscription Plans” section. “Just get started” basically means
don’t over-plan. This is especially true when you are implementing Office 365 for the first
time and migrating your e-mail; see Chapter 4.
3. Keep your SharePoint structures and permissions as simple as you can. Set permissions at
the site level, not at the document library, list, or folder level.
4. There is no included tool that will give you a comprehensive permissions structure. It is
important to build a plan (as simple as possible) of who gets to go where and to document
it so you don’t accidently create exceptions.
5. Sub-sub-sub…subsites are confusing. Build a structure plan (as simple as possible) of how
you want to keep your data and document it so you don’t accidently create exceptions.

184
 Chapter 5 ■ SharePoint Administration Guide

6. There is a strong push within the SharePoint community to use Search rather than a folder
structure to organize documents. Consider this.
7. One of the nice features of SharePoint is the site-to-site (page-to-page) navigation (this is
what shows at the top and side of each page). This is an optional feature of a site collection
that has SharePoint Server Publishing Infrastructure activated. This site collection feature
“provides centralized libraries, content types, master pages, and page layouts, and enables
page scheduling and other publishing functionality for a site collection.” It also allows
this form of navigation. This is a planning item because there is no nice way to turn this
feature on after you have built a ton of sites. (You have to go back to each site and adjust
the settings for that site.) Set this feature when you create a site collection (or on your first
or only site collection). See the “SharePoint Admin Center” section.
8. External sharing (sharing a site or other entity with accounts outside of your Office 365
tenant) is very powerful, and a great feature, but it has limitations. These limitations
include the following:
a. Permissions for these external users must be built within SharePoint. That is, you
cannot add an external user to an Active Directory group (if you are using DirSync or
ADFS) nor to an Office 365 portal Security Group. You must add the outside user to a
SharePoint group (or to an individual site, document library, folder, or file if you like
living on the edge).
b. You cannot add these external users to Distribution Groups (you cannot e-mail to
them as a group). As an aside, they cannot receive alerts (if an item on alert changes).
c. Because it is now easier to inadvertently incorrectly share a site, it may be worth
having a completely separate site collection to be used for external users.
d. There is a bit of activity that the external user has to perform to be able to see
your shared data. They must have either an Office 365 account (by far the easiest,
and a great reason to get your friends and suppliers and customers on Office 365)
or a Microsoft ID (which used to be called a Live ID). A Microsoft ID includes
hotmail.com and outlook.com addresses. They can convert any e-mail address
(including Gmail, Yahoo, or any corporate account) into a Microsoft ID. When a site
is shared, the external user receives an e-mail and they must sign in with their Office
365 or Microsoft ID. The point is that setting up a Microsoft ID might be more pain
than it is worth for some of your external users.
e. Consider using a SharePoint Only license (the Plan 1 license is just $3 per month,
Enterprise plan; see point 2 above) to share externally if you have a less-than-simple
environment. Since it is a regular license within your tenant, you can set the login
name, password, and permissions just with any other internal user. You can delete the
user and downgrade your license count when the project ends.
f. See the section “SharePoint Admin Center” to set up external sharing and Chapter 2
to use sharing and external sharing.

Governance
“Governance” is a fancy word to describe the planning associated with who does what and who can do what. For
example, who is in charge of adding a site? Is it a specific individual within a department? Or is it anyone in the
department? Just IT people for everyone? This is usually a trade-off between control and free market (and to some
extent how much training an organization wants to do; in reality, it is not that hard and the training is straightforward).

185
Chapter 5 ■ SharePoint Administration Guide

Permissions may need to be better controlled. If you are storing important, sensitive information (as you should;
this is one of the things that SharePoint Online is great for) you may want a security-oriented person to think about
the consequences of your permissions structure. SharePoint provides a great deal of granularity in access control.
(Do resist the urge to make it too complicated.)
A core governance issue is how Administrator roles are assigned. Various administrators can set permissions for
users that control what they can see and edit.
In larger organizations it is very proper to create a site collection with a Site Collection Administrator for a
particular department or entity. This allows that group to have complete control over their part of your SharePoint
Online. See the sections “SharePoint Administrators” (next) and “SharePoint Admin Center.”

SharePoint Administrators
One of the basic concepts of SharePoint is that control and access are based on a role that you have been assigned.
Microsoft creates and maintains the SharePoint Farm in their data centers and retains control of Central Administration
(see Figure 5-2). When you buy an Office 365 Subscription, the first account is the root Global Administrator, which is
also the first SharePoint tenant Administrator (called a SharePoint Online Administrator).

Figure 5-2.  Microsoft Admin structure (courtesy of Microsoft)

186
 Chapter 5 ■ SharePoint Administration Guide

Table 5-1 shows a summary of the capabilities of a SharePoint Online Administrator, a Site Collection
Administrator, and a Site Level Owner.

Table 5-1.  SharePoint Administration Roles

SharePoint Online Administrator Site Collection Administrator Site Level Owner

• Create and manage site collections
• Site Delete and Undo (Recycle Bin)
• Review site properties
• Designate Site Collection
Administrators
• Set site sharing options
• Manage settings including site
quotas
• Configure web site domains
• Manage InfoPath, user profiles,
BCS, term store, records
management, search, apps
• Manage tenant settings
• Manage site collection features • Settings that only affect
(this site only) the single site they own
• Add more Site Collection Administrator s (no cross-site actions)
• Create new subsites, new document • Manage site features
libraries and lists • Save site as template
• Manage permissions and groups • Manage site columns
• Manage the look and feel (title, navigation, and site content types
theme, master pages) • Site deletion
• Save site as template • Manage user alerts,
• Manage site columns and site content types RSS settings
• Site deletion • Adjust default regional
• Manage user alerts, RSS settings and language settings
• Adjust default regional and language • And more…
settings
• Invite internal or external groups/users via
e-mail to share your site

The general roles include types of Administrator and permissions that can be assigned. There are three types of
Administrators in Office 365 and a category of User with Permissions:
• Global Administrator: This is an Office 365 administrator role. A Global Administrator
manages users and (Office 365) groups, service licenses, and domains. Chapter 8 describes
these functions. The Global Administrator also manages Exchange and Lync. A Global
Administrator is also a SharePoint Online Administrator.
• SharePoint Online Administrator: Uses the SharePoint Online Administration Center to
create and manage site collections, designate Site Collection Administrator s, and configure
InfoPath, user profiles, BCS, term store, records management, search, secure store, and apps.
See the section “SharePoint Admin Center.” Note that you MUST be an Office 365 Global
Administrator to be a SharePoint Online Administrator (no lower Office 365 administrator role
levels work).
• Site Collection Administrator: A user with a role assigned by a SharePoint Online
Administrator has permissions to manage a site collection, including setting permissions
for other users within the site collection. There is one Primary Site Collection Administrator.
There can be many Site Collection Administrators.
• User with Permissions (Site Level Owners): There are a variety of permissions that can be
assigned to a user through their group membership (see the section “SharePoint Permissions
and Groups”).

187
Chapter 5 ■ SharePoint Administration Guide

Site Collection Administrator Permissions

Table 5-2 shows the permissions given to a Site Collection Administrator.

Table 5-2.  SharePoint Site Collection Administrator Permissions

Permission Description
Manage Permissions Create and change permission levels on the web site and assign permissions to
users and groups.
View Web Analytics Data View reports on web site usage.
Create Subsites Create subsites such as team sites, Meeting Workspace sites, and Document
Workspace sites.
Manage Web Site Grants the ability to perform all administration tasks for the web site as well as
manage content.
Add and Customize Pages Add, change, or delete HTML pages or Web Part Pages, and edit the web site
using a Microsoft SharePoint Foundation-compatible editor.
Manage Lists Create and delete lists, add or remove columns in a list, and add or remove
public views of a list.
Apply Themes and Borders Apply a theme or borders to the entire web site.
Apply Style Sheets Apply a style sheet (.CSS file) to the web site.
Override List Behaviors Discard or check in a document that is checked out to another user, and
change or override settings that allow users to read/edit only their own items
Manage Personal Views Create, change, and delete personal views of lists.
Add/Remove Personal Web Parts Add or remove personal Web Parts on a Web Part Page.
Update Personal Web Parts Update Web Parts to display personalized information.
Add Items Add items to lists and add documents to document libraries.
Edit Items Edit items in lists, edit documents in document libraries, and customize Web
Part Pages in document libraries.
Delete Items Delete items from a list and documents from a document library.
Create Groups Create a group of users that can be used anywhere within the site collection.
Browse Directories Enumerate files and folders in a web site using SharePoint Designer and Web
DAV interfaces.
Approve Items Approve a minor version of a list item or document.
Enumerate Permissions Enumerate permissions on the web site, list, folder, document, or list item.
Delete Versions Delete past versions of a list item or document.
Manage Alerts Manage alerts for all users of the web site.
Edit Personal User Information Allow a user to change his or her own user information, such as adding
a picture.

188
 Chapter 5 ■ SharePoint Administration Guide

Building Your SharePoint Structure

Now that you have read a bit about SharePoint planning, including SharePoint definitions, let’s build something.
This section is designed for people that will be building sites and other structures.
In this section, you are building the Procedures site (one of four sites in your sample small company SharePoint
setup) within a site collection with a page, a document library, and in one case a calendar list. Let’s assume that you
are using the default (initial) site collection, or that the SharePoint Online Administrator has built a site collection
for you. You will also assume that the site collection feature of SharePoint Server Publishing Infrastructure has been
activated (see the section “SharePoint Admin Center”).
You will start by defining a sample set of sites with initial permissions for users for your small company. You will
also take a look at site navigation.
Tasks (such as site creation and setting permissions) in this section can be performed by anyone with
permissions. Again, Chapter 2 contains information aimed at using the sites that you are creating in this section.

Design Your Site and Security Structure

A way to approach SharePoint configuration is to look at your information and organize it based on user roles:
what storage locations do you have and who should be able to do what? For the example in this chapter you have a
set of sites and a set of roles. Table 5-3 defines who (which roles) should have what access capability (rights) to the
sites (where).

Table 5-3.  SharePoint Sites Company Example

Roles Procedures Operations Board Customers

SP_Senior_Team RW RW RW RW
SP_Management RW RW None RO
SP_Human_Resources RW None None RO
SP_Manufacturing RO RO None RO
SP_Customer_Support RO None None RW
Subsite: Turnover; same
permissions as Operations

There are a number of ways to organize your security structure. A common way is to separate access to your sites
by organizational role. You might have a group like SP_Senior_Team that is the CEO, COO, CFO, etc. Generally this
team will have at least Read access to everything (although perhaps not Edit). We recommend that you prefix your
SharePoint Groups with “SP_”. As your organization grows, you might end up with groups from the Office 365 Portal or
from Active Directory (which might have the prefix SG_). This will help you keep track of how permissions flow
(see “SharePoint Permissions and Groups”).
In Table 5-3, RW represents Read-Write (SharePoint Contribute) access, RO represents Read Only, and None
represents no access. Each site will have its own document library.
For example, people in the group SP_Human_Resources can create, delete, and update documents in the
Procedures site, see information in the Customers site, but won’t even see the Operations and Board sites.
The SP_Senior_Team group has all access to all four sites.
You will implement permissions as discussed in the section “SharePoint Permissions and Groups.” It is a good
idea to read both sections before you start building a production site. (Try things as you like; it is easy to delete and
start over. This falls in the “just get started” category.)

189
Chapter 5 ■ SharePoint Administration Guide

Initial Site Collection: Top-Level Site

Figure 5-3 shows your top-level site. In this case, it is in a new site collection, but it will look similar if you are using the
default first site xxxx.sharepoint.com that is created when you first purchase Office 365.

Figure 5-3.  New site collection top-level site

You will modify this site to add the structure described in Table 5-3.

Gear Icon Options

Let’s take a look at the most important icon in SharePoint, the Gear icon. This menu will vary depending upon your
permissions. Click the Gear icon at the top right; this will bring up the top level action menu (see Figure 5-4).

190
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-4.  SharePoint Gear icon options

Site Settings
One of the important functions in the Gear list is site settings (see Figure 5-5). This is a screen of additional links to
site-related settings. The list varies based on your permissions and where you are in the structure. For a person with
only Read access to a site, this entry does not appear in the Gear list. For a person with Edit permission to the site,
the list is reduced.

Figure 5-5.  Site Settings - Edit Permissions

Even if a link is present, the person may not have permissions to edit the item.

Site Settings: The Subsite List

The site settings for a person with full control viewing a subsite refers to this subsite (see Figure 5-6). There is a link to
the site collection-level site settings. Click this link to go to the top-level site collection settings.

191
Chapter 5 ■ SharePoint Administration Guide

Figure 5-6.  Site settings: subsite

Site Settings: The Full List

Figure 5-7 shows the full set of site settings, for the top level site and the site collection. The full list only appears for
Site Collection Administrators.

192
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-7.  Full site settings

193
Chapter 5 ■ SharePoint Administration Guide

Some interesting links are marked in Figure 5-7, such as:

• Users and Permissions
• People and Groups: Manage Groups: This is used in permissions
• Site Permissions: Manage the site: This is used for permissions
• Web Designer Galleries: More detailed site control links
• Site Administration
• Popularity Trends: A chart of usage for this site
• Look and Feel
• Title, description, and logo: Site logo for top left of screen
• Navigation: Manage Top Links and Quick Links; see below
• Site Actions
• Manage site features: See the section “SharePoint Admin Center”
• Delete this site
• Site Collection Administration
• Recycle bin (for the site collection): Includes documents, folders, etc.
• Site Collection Features: See the section “SharePoint Admin Center”
• Popularity and Search Reports: A wide variety of reports

Site Contents
Before you create the Procedures subsite, let’s take a look at what is in your new or default site in your site collection.
Click the Gear icon at the top right, then Site Contents or the Site Contents link at the left of the screen. You will
see the Site Contents page, as shown in Figure 5-8.

194
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-8.  Site contents

There are a number of interesting things on Site Contents page, including the following:
• Share, Follow and Full Screen: These links are on most every page. Share is a way to share this
site (also a way to expand permissions to more people), Follow is connected to Newsfeed and
is a way to link something interesting for yourself.
• Search this site.
• Top Link Bar: Not yet filled out.
• Quick Links: Links at the left edge, with an EDIT LINKS option.
• Site Workflows, Settings, and the Site Recycle Bin: See below for Site Settings page description.
• Each blue square item also includes an item count and a modified date/time.
• “add an app”: The new-with-SharePoint 2013 model for adding parts to a web page.
• Documents: Created by default for a new team site. This is the default site document library.
• Form Templates, MicroFeed, Site Assets, Site Pages and Style Library: Created by default for a
new team site.
• The items marked “new!” in green were created by activating the SharePoint Server Publishing
Infrastructure.
• Subsites: A list of subsites and the + icon to create a new subsite. You will use this button.

Create the Site Structure Defined Above

Follow these steps to create the structure defined above. Reference information is interspersed with the steps.

195
Chapter 5 ■ SharePoint Administration Guide

Step 1: Create the Subsite Procedures

Let’s create your first subsite. Click the Site Contents option (or the Gear icon and then Site Contents). Click
“New subsite” (see Figure 5-9).

Figure 5-9.  Create a new subsite called Procedures

196
 Chapter 5 ■ SharePoint Administration Guide

You will name this subsite Procedures and give it a description. You will also give the URL name Procedures.
Since this web site address is a URL, spaces will be replaced with %20 (hex for the space character). Since this is ugly,
it is common to replace the spaces in the title with underscores (“_”). It is possible to change both the title and site
URL later.
Pick your language. Template Team Site is fine. The pick “Use same Permissions as Parent” (you will change this
in the next section). This is a change from the default: Click Yes for “Use the top link bar from the parent site?” This
will, guess what, use the top link bar from the parent site. Unless you are building a very separate site, or you have
specific reasons to hide the navigation or create a specialized navigation, it is usually simpler for the user to see the
same top link bar on the various pages. This kind of consistency is less likely to confuse your users. (You can change
this later if needed.) Click Create.
You will note that the new site does not show up automatically in your top link bar or Quick Links. Let’s set
navigation to show your new site.

Site Settings: Navigation

Site settings is a rather jumbled list of tasks and settings for this site. At this moment you are going to start by looking
at Navigation under Look and Feel to set up the “mother” site to show your new subsite. Navigate to your mother site;
in this case it is Sample_New_Site_Collection. Click Gear ➤ Site Settings (Figure 5-10).

Figure 5-10.  Site settings subset

Click Navigation. This will bring up the Navigation Settings screen for this particular site (see Figure 5-11).
As you recall, Navigation only appears as part of Site Collection Features ➤ SharePoint Server Publishing
Infrastructure, which was listed as an assumption for this site collection. If there is no Navigation link, check with
your Site Collection Administrator.

197
Chapter 5 ■ SharePoint Administration Guide

Figure 5-11.  Navigation settings

■■Note It is easy to lose track of which site that you are editing; to see, hover over the Web Browser tab to see exactly
what you are editing.

198
 Chapter 5 ■ SharePoint Administration Guide

Step 2: Edit Top Level Navigation

Now you will continue to set navigation for your top-level site.
Select your top-level site (Sample_New_Site_Collection) and click Gear ➤ Site Settings ➤ Navigation.
• Under Global Navigation, click “Structural Navigation: Display the navigation items below the
current site” and then check the “Show subsites” option.
• Under Current Navigation, click “Structural Navigation: Display only the navigation items
below the current site” and then check the “Show subsites” option (see Figure 5-12).

Figure 5-12.  Top-level site navigation

Step 3: Edit Subsite Navigation for Procedures

Now you will set navigation for your subsite procedures. Select your new site Procedures and click Gear ➤ Site
Settings ➤ Navigation.
• Under Global Navigation, click “Display the same navigation items as the parent site” should
be set (from the Site Creation screen)” and check the “Show subsites” option.
• Under Current Navigation, click “Structural Navigation: Display the current site, the navigation
items below the current site, and the current site’s siblings” and then check the “Show
subsites” option (see Figure 5-13).

199
Chapter 5 ■ SharePoint Administration Guide

Figure 5-13.  Next level site navigation

Step 4: Create the Subsite Operations

Create the subsite operations. To do so, see Step 1, with title and URL operations.

Step 5: Edit Subsite Navigation for Operations

Edit the navigation for the subsite operations by referring to Step 3.

Step 6: Add a Sub-Subsite Turnover

Navigate to Site Operations ➤ Site Contents ➤ New site. See Step 1, with title and URL turnover. This will create a
subsite turnover under the subsite operations. You will next adjust the navigation to show Turnover under Operations
on the top-level menu.

Step 7: Edit Sub-Subsite Navigation for Operations/Turnover

Edit navigation for sub-subsite operations/turnover. Navigate to Operations ➤ Turnover. See Step 3 to set
Navigation options.

200
 Chapter 5 ■ SharePoint Administration Guide

Step 8: Verify Your Structure

If all of the steps above have been performed, you should see a top-level web site as shown in Figure 5-14.

Figure 5-14.  Structure verification

On the top link bar are the two subsites that you have created: Operations and Procedures; they’re also shown in
the Quick Links at the left. The site Turnover that is a subsite of Operations is indented at the left and as a drop-down
under the small triangle at the top (Figure 5-14).
The Board and Customer sites for your company example can be created in the same manner. In the next section,
we will discuss permissions and groups, and you’ll set permissions for your company example. Later, you will edit the
pages and the links.

SharePoint Permissions and Groups

In this section, we are going to cover the basics of creating and using SharePoint permissions. You will continue to
work on your example structure: you will set permissions per the company example. You will start with basics about
permissions and groups and inheritance, Active Directory and Office 365 Security Groups, SharePoint Groups,
and inheritance. Next are sections about setting permissions.
The general flow of this section is that we will introduce concepts and then intermix activities to accomplish a
goal. We hope that you, as the reader, will extrapolate a particular action from one of these examples to the problem
that you are trying to solve. At least you should see that certain functions and screens exist!
As mentioned above in “Planning, Governance and Initial Setup” it is easiest (and least likely to confuse people
in the future) to set unique permissions at Site (or subsite) level (instead of the document library, folder,
or document level).

■■Note Interactions with SharePoint, including setting permissions, are done through a web browser. This means that
you can set Bookmarks/Favorites for both locations (a page or site) and commands (an action). You can also edit the
URL to change locations or to open a command for a new site.

201
Chapter 5 ■ SharePoint Administration Guide

Permissions Basics and Groups

Permissions are essentially defined for each individual login. The effective permissions for an individual account are
the least restrictive of any permissions that an individual has for a site, page, document library, list, folder, document,
etc. This means that you should consider how to test the permissions that you assign.
It is too cumbersome to assign more than one or two individuals to all of the proper items that they should have
access to, so the answer is groups. There are several types of groups available to set SharePoint permissions. These
include the following:
• Without DirSync: Office 365 security groups created in the Office 365 Portal
• With DirSync: These groups appear in the Office 365 Portal as groups, but cannot be edited in
Office 365.
• Active Directory security groups
• Active Directory mail-enabled security groups
• Active Directory distribution groups are NOT eligible to be used.
• SharePoint groups
For discussion about creating and maintaining Office 365 security groups and Active Directory synchronization,
please see Chapters 8 and 11.
There are tradeoffs between using Office 365/AD security groups and SharePoint groups. The differences
between the types of groups are explained below.
• Office 365/Active Directory Synchronized Security Groups:
• Generally more closely tied to business processes such as adding and changing user
accounts (logins); the account management people that deal with logins can add or
change their group membership at the same time in the same place.
• For Active Directory (DirSync’ed) groups the same security information is consistent
across the whole organization.
• An Active Directory security group can contain a security group.
• CANNOT contain externally shared user logins; see the section “Planning, Governance
and Initial Setup” item “External Sharing.”
• You cannot see the members of an Office 365/Active Directory group from within
SharePoint (without using PowerShell). That is, if an Office 365/Active Directory group
is a member of a SharePoint group, you cannot see the members when viewing through
People and Groups. (Check if permissions are still accurate.)
• SharePoint Groups:
• More closely tied to SharePoint operation (part of SharePoint); the contents of
Office 365/AD groups are synchronized with a slight time delay.
• Editing of permissions can be done entirely by local SharePoint site owners without
editing Office 365 Portal security groups or Active Directory.
• Can contain externally shared userids (see the section “Planning, Governance and
Initial Setup”).
• Can contain Office 365, AD security groups, and AD mail-enabled security groups.
• A SharePoint group cannot contain another SharePoint group.

202
 Chapter 5 ■ SharePoint Administration Guide

There are no out-of-the-box SharePoint tools to review permissions. (There are outside vendors that supply
such tools.)
The closest things to reports are:
• Site Settings/People and Groups (see SharePoint “People and Groups” Tasks/ Settings: View
Group Permissions”)
• Check Permissions (one person at a time)
It is important to plan and document your permissions structure!
With SharePoint 2013 there are SharePoint groups that are automatically created, specifically Owners, Members,
and Visitors Groups for each site collection that is created, and for each site (or other entity) that has permission
inheritance removed. This can help you keep track of where to place users needing permissions.

Permissions Inheritance
In SharePoint, permissions are inherited from the parent site. This is normally what you want. For your company
example, the various sites have different permissions needs. You will “break inheritance” to meet these needs.

■■Note It is easy to lose track of where you are setting permissions. To see this, hover over the Web Browser tab,
or check the URL to see exactly where you are editing.

The Two Sides of Permissions: Sites and Groups

Permissions are set as the combination of:
• Sites (where)
• Groups, which contain people (who)
• What can be done (Read, Edit, etc.)
The two different screens that deal with the two sides are summarized in Table 5-4.

Table 5-4.  SharePoint Permissions: Sites and Groups Summary

Title Site Permissions People and Groups

Section Title Permissions: Site Settings
Gear, Site Settings Link Site Settings/Site Permissions
Screen Figure Figure 5-16
Refers to Specific site
Special Actions • Create Group
• Check Permissions (for a person at
this site via which groups)
• Change Permissions for an existing
Group (see Icon 4, Edit User
Permissions for Existing Group)
Permissions: People and Groups
Site Settings/People and Groups
Figure 5-25
Entire site collection
• New Group (same as Create Group)
• Settings ➤ View Group Permissions
(sites for which this group has what
level of permissions)
• Change Group Settings (such as
Name and Group Owner, other than
Permissions levels)

(continued)

203
Chapter 5 ■ SharePoint Administration Guide

Table 5-4.  (continued)

Title Site Permissions People and Groups
URL Suffix (add to a _layouts/15/start.aspx#/_layouts/15/ _layouts/15/start.aspx#/_layouts/15/
site URL) user.aspx  groups.aspx, _layouts/15/start.aspx#/_
layouts/15/people.aspx 
All people in site _layouts/15/start.aspx#/_layouts/15/
collection URL people.aspx?MembershipGroupId=0 

Permissions: Site Permissions

This section describes the key steps to set permissions for a site (for other entities see “Set document library
Permissions” and “Set a Document’s Permissions” below). Permissions are set for a site by:
• Adding users to new or existing SharePoint groups associated with the site.
• Adding Office 365 Portal/AD groups to new or existing SharePoint groups associated
with the site.
• Adding users directly to the site permissions (not recommended).
To set permissions, follow these steps:
1. Navigate to the site.
2. Click Gear ➤ Site Settings.
3. Click Site Permissions (see Figure 5-15).

Figure 5-15.  Site Settings ➤ Site Permissions

4. See the Site Permissions screen (Figure 5-16).

204
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-16.  Site Permissions screen

5. Perform one of the sets of Permissions Actions described below, based on your needs.
Click “Site permissions” for the next screen (Figure 5-16).
The Site Permission screen is a main control point for setting permissions. There is a similar screen for document
libraries, folders, documents, etc. Note that this screen is slightly different if the site inherits permissions from its parent:
item 2 will say “Manage Parent” (to go to where the permissions are set) and items 7, 8, 9, and 10 do not appear.
The following is a description of Permissions Screen by number.
1. “Where you are” information: In the title bar, the URL and the tab itself (“Permissions:
Sample…”) and if you hover over the tab. It is very easy to be in the wrong place. It is always
a good idea to glance up to see where you are.
2. Icon Grant Permissions: Add permissions for a user or group to this list (add permissions
to “where you are”).
3. Icon Create Group: You can create a SharePoint group.
4. Icon Edit User Permissions.
5. Icon Remove User Permissions.
6. Icon Check Permissions.
7. Link Manage: Permission Levels.
8. Link Manage: Access Request Settings.
9. Link Manage: Site Collection Administrators.

205
Chapter 5 ■ SharePoint Administration Guide

10. Link “Some content on this site has different permissions”: This warning is generally
because of SharePoint structure (see Figure 5-17).

Figure 5-17.  Permissions screen for different permissions

11. Type: SharePoint Group, User, Domain Group

12. Permission Levels: Edit, Full Control, Read are normally used.
13. Automatic SharePoint Groups: Members (Edit), Owners (Full Control) and Visitors (Read)
for the (top level) Site Sample_New_Site_Collection were created when the site was created.

■■Note  Click the hyperlink that is the name of a group to get to the permissions: People and Groups screen for that
group. Also, click “Browse” to see the top link bar again.

206
 Chapter 5 ■ SharePoint Administration Guide

Icon 2: Grant Permissions

This is the core activity of permissions: to give someone or some group access. In general, you will add an individual
to a group on this page (such as one of the groups highlighted in Item 13 in Figure 5-16). You can also add a user or
SharePoint Group or Office 365 group with a specific permission level directly to this list. This is an example of power
and confusion. It is best for you to pick a mechanism, document it, and use it consistently. Here are your choices:
1. Add the user or group to an existing “standard” group (those ending in Members, Owners,
and Visitors). These SharePoint groups have predefined permission levels (Edit, Full
Control, and Read, respectively) and are automatically created when the Site is created
(or optionally when inheritance is broken; see “Breaking Inheritance” below).
2. Use Office 365 Portal/Active Directory Groups. Add them directly to the list with the
appropriate permission level.
3. Use the SharePoint groups that you have created. Add them directly to the list with the
appropriate permission level.
4. Add individual users directly to this list. Someone will hate you for this in the future.
Because there is no easy permissions cross reference, someone will have to check each site
to see where someone has permissions.
There is a new “sharing” mechanism that sets permissions. Share shows up as a user-level function. See Chapter 2
and also the “Set Document Library Permissions” section below.

Icon 3: Create Group

You can create a SharePoint group on a Site Settings screen or a People and Groups screen. The groups are global
to the site collection. That is, once created, they can be used anywhere within the site collection. You don’t create a
group just for this site, but for all sites in the site collection.
To create a group from a Site Settings screen, follow these steps:
1. Navigate to a site in the proper site collection.
2. Click Gear ➤ Site Settings.
3. Click Site Permissions (see Figure 5-18).

207
Chapter 5 ■ SharePoint Administration Guide

Figure 5-18.  Permissions Ribbon Create Group

4. Click the Create Group icon.

5. On the next screen, fill in the fields as described.
6. Click Create.
To create group notes, follow these steps.
1. Give your new group a name. It is a good convention to start SharePoint groups with “SP_”.
You will appreciate this when you have an environment of mixed SharePoint and Office
365/AD security groups. It helps to know where to look to edit the members. Good luck
on getting the editors of the other groups to adopt a standard! (Usually these things have
been going on for years and there have been several different people that have an idea
of the correct standard.) Underscores are not important here, but you might want to be
consistent; either use them or not. The auto-generated group names will have a space
before “Members” and such.
2. Document this group’s usage.
3. The group owner defaults to the creator.

208
 Chapter 5 ■ SharePoint Administration Guide

4. Do you want to allow requests to join/leave the group? Generally you want to know if you
have left someone out (or a new person has joined the firm but has not been added to all
of the proper groups). This sends an e-mail to you (or whoever you designate) saying that
this person would like access. They can give you a reason. Generally you don’t want
auto-accept, except perhaps for a company calendar or some such.
5. Since groups are created in a site collection, this item tells you the site collection in which
you are creating the group.
6. Select the permission level(s). We selected “View Only” in this case. These values can
be changed; see “Icon 4: Edit User Permissions for Existing Group.” Some selections are
redundant. These permissions belong to the group; when you add a group to a site, the
members of this group will have these permissions at that site. Having unique permissions
on the site does not affect this relationship.
7. Click Create.

Icon 4: Edit User Permissions for Existing Group

Since you have a nice list of groups, the SharePoint designers decided to put “Edit the Permissions of an existing
group” here; see Figure 5-19. (This function is in Site Permissions rather than People and Groups.)

Figure 5-19.  Edit permissions level for existing group

209
Chapter 5 ■ SharePoint Administration Guide

To change the permissions for an existing group, follow these steps:

1. Navigate to a site that uses the group.
2. Click Gear ➤ Site Settings.
3. Click Site Permissions (see Figure 5-19).
4. Select the group by marking the checkbox to the left.
5. Click the Edit User Permissions icon.
6. On the next screen, check and uncheck permissions as you desire (see Figure 5-20).

Figure 5-20.  Set group permissions

7. Click OK.

Icon 5: Remove User Permissions

You can remove permissions for one or more users or groups by following these steps.
1. Navigate to the site (or item) from which you wish to remove permissions.
2. Click Gear ➤ Site Settings.
3. Click Site Permissions.
4. Verify that you are in the right place!
5. Mark the items (see Figure 5-21).

210
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-21.  Remove user permissions

6. Click the Remove User Permissions icon.

7. Click OK on the warning message.

Icon 6: Check Permissions

Check permissions for a person at this site. See “Check Company Permissions” below for a usage example.

Link 7: Manage Permission Levels

This link documents the particular permission levels. Clicking a link at left shows the exact details.

Link 8: Manage Access Request Settings

Figure 5-22 shows the way to set the e-mail address that will receive requests to access this site.

211
Chapter 5 ■ SharePoint Administration Guide

Figure 5-22.  Manage Access Request Settings

Link 9: Manage Site Collection Administrators

This is another way to be able to edit the list of Site Collection Administrators. This link only appears when you are on
the top site of a site collection and you are a Site Collection Administrator (Figure 5-23).

Figure 5-23.  Edit Site Collection Administrators

Permissions: People and Groups

The People and Groups screen describe access to the SharePoint groups for a particular site collection (Figure 5-24).

212
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-24.  Site Settings ➤ People and Groups

Click “People and groups” for the next screen (Figure 5-25).

Figure 5-25.  Permissions: People and Groups

A nice feature of the People and Groups/specific group screen (Figure 5-26) is that if you hover over the small
presence indicator (by the name) a floating menu with a link for a contact card appears.

213
Chapter 5 ■ SharePoint Administration Guide

Figure 5-26.  SharePoint People and Groups menus

To perform “People and Groups” tasks, follow these steps:

1. Navigate to any site in the appropriate site collection.
2. Click Gear ➤ Site Settings.
3. Click “People and Groups” (see Figure 5-24).
4. If you do not select a specific group, you have these tasks (or select “Groups” at the top left):
a. New ➤ New Group ➤ Create a New SharePoint Group: This is the same as Icon 3:
Create Group (see Figure 5-18).
b. Settings ➤ Edit Group Quick Launch: Edit list of groups that appear at the left edge.
c. You can edit many things about a group (except the permissions) with the small Edit
icon in the Edit column. (To edit an existing group’s permissions, see “Icon 4: Edit
User Permissions for Existing Group”).
5. If you wish to work with a specific group, at the left edge, click a group (click More to see
more groups). Once you have selected a group you have a choice of several tasks.
a. New: Add Users (to this group).
b. Actions: E-Mail Users.
c. Actions: Call/Message Selected Users (Lync Message/Call).
d. Actions: Remove Users from Group.
e. Actions: Leave Group (remove yourself from the group).
f. Settings: Group Settings (manage settings such as group name and permissions).
g. Settings: View Group Permissions (view permissions this group has on sites, lists,
and items).
h. Settings: Make Default Group (make this group the default group for this site).
i. Settings: List Settings (manage settings such as columns and views).
Next are the descriptions of these tasks.

214
 Chapter 5 ■ SharePoint Administration Guide

New: Add Users

This task adds a person (user), or an Office 365/Active Directory security group to the selected SharePoint group.
The new person or group will have immediate permissions wherever this group is used.
To add a User or Office 365/Active Directory security group, follow these steps:
1. Select the group.
2. Click New ➤ Add Users (the only choice).
3. In the menu box, verify that you are in the group that you intended. Note that the title is
“Share …”. In this case you are adding a user, but the effect is that the new user will have
access to wherever the group is used. (See “Settings: View Group Permissions” below.)
4. Enter names, e-mail addresses, or “Everyone” into the box. As you start typing a name or
e-mail address, the system looks for matches. Select a name from the drop-down list.
Type the next name.
5. Click SHOW OPTIONS; if you wish to send e-mail to the new members leave the “Send an
e-mail invitation” box checked.
6. Enter a custom message if you wish.
7. Click Share (see Figure 5-27).

Figure 5-27.  Add users to a group/share a site

215
Chapter 5 ■ SharePoint Administration Guide

Actions: E-Mail Users

Open an Outlook window to build an e-mail to the names that you select.

Actions: Call/Message Selected Users

Open a Lync communication with the names that you select.

Actions: Remove Users from Group

Remove the names you select from the Group.

Settings: Group Settings

Change this group’s settings including name, About Me, group owner, etc. You might wish to set an e-mail address if
you wish to accept member ship requests to the group (see Figure 5-28).

Figure 5-28.  Change group settings

216
 Chapter 5 ■ SharePoint Administration Guide

Settings: View Group Permissions

This People and Groups ➤ Settings: View Group Permissions option is a hidden gem (see Figure 5-29).

Figure 5-29.  Group Task Settings: View Group Permissions

Note the note: “Use this page to view the permission assignments that this SharePoint group has in this site
collection. In addition to the listed URLs, this group has access to any sites, lists, or items that inherit permissions
from these URLs.”
The resulting web page dialog box shows the name of the group and each URL (site) to which the group has been
assigned and the permission level. (The second part of the note is a warning that all subsites that inherit from these
sites also have the same permissions.)
The URLs are hyperlinks to the sites. Click OK to exit.

Settings: Make Default Group

Click to make this group the default group.

217
Chapter 5 ■ SharePoint Administration Guide

Settings: List Settings

Set the settings for the User Information List (Figure 5-30).

Figure 5-30.  User Information List ➤ Settings

Set Top Level Permissions to Read Only

When a site collection is created, no one is given permission, but default SharePoint groups are created. You will add
Read Only for all users to allow everyone to see the top-level site. This will allow a safe landing space for users that
click Team Site. This permission will be inherited for subsites (unless they have unique permissions).

218
 Chapter 5 ■ SharePoint Administration Guide

Here you will set the default permission to Read. With Read, users can view pages and list items and download
documents. Follow these steps.
1. Navigate to the top level site, such as Sample_New_Site_Collection.
2. Click Gear ➤ Site Settings.
3. Click Site Permissions (see Figure 5-15).
4. Click Sample_New_Site_Collection Visitors or your Visitors group (see Figure 5-16, item 13).
5. Type “every” into the “Add people” box; pick one of the Everyone options depending upon
your needs.
6. Click SHOW OPTIONS; you probably want to turn off “Send an e-mail to everyone.”
7. Click Share. This will add everyone to the group Visitors with permissions Read.
8. Check Permissions (see Figure 5-31).

Figure 5-31.  Set top-level permissions to Read Only

Set Document Library Permissions

We recommended above to use sites as your basic level of special permissions. In this method, the document libraries
within a site would inherit these special permissions. In some cases it is appropriate to set unique permissions for a
document library. You will use the document library that is part of the top level site as an sample.
To set unique permissions for a document library, follow these steps:
1. Navigate to the site.
2. Click the title part of the documents (Figure 5-32).

219
Chapter 5 ■ SharePoint Administration Guide

Figure 5-32.  Set unique document library permissions part 1

3. Click Library on the Ribbon bar to open the Library ribbon (Figure 5-33).

Figure 5-33.  Set unique document library permissions part 2

4. Click Library Settings on the open Library ribbon to show options (Figure 5-34).

Figure 5-34.  Set unique document library permissions part 3

220
 Chapter 5 ■ SharePoint Administration Guide

5. In Documents ➤ Settings, click “Permissions for this document library” (Figure 5-35).

Figure 5-35.  Set unique document library permissions part 4

6. Click “Stop Inheriting Permissions” (Figure 5-36).

Figure 5-36.  Set unique document library permissions part 5

221
Chapter 5 ■ SharePoint Administration Guide

7. Accept the message (Figure 5-37).

Figure 5-37.  Set unique document library permissions part 6

8. Delete any extra SharePoint groups; add any required groups (grant permissions); undo
unique permissions by clicking “Delete unique permissions” (Figure 5-38).

Figure 5-38.  Set unique document library permissions part 7

As you can see, there are quite a few steps.

It is important, if you use unique permissions for a document library, that you recognize that Site Settings ➤ Site
Permissions work on the SITE, not the document library that you are looking at when you click the Gear icon. You
must use most of the steps above to change permissions for a document library.
Click “Documents” to open the next screen.
Click LIBRARY to open the ribbon (Figure 5-34).
Click “Library Settings” to open the next screen.

222
 Chapter 5 ■ SharePoint Administration Guide

Click “Permissions for this document library” to open the next screen (Figure 5-36).
Click “Stop Inheriting Permissions.” You will have the message box in Figure 5-37.
Click OK to accept the warning and to open the next screen (Figure 5-38).

Set a Document’s Permissions

We recommended above to use sites as your basic level of special permissions. In this method, the documents within
libraries within a site would inherit these special permissions. In some cases, it is appropriate to set unique permissions for
a document. You will use the document that is part of the document library of the site Operations/Turnover as an example.
To set unique permissions for a document, follow these steps:
1. Navigate to the document.
2. Click the “…” beside the document (Figure 5-39).

Figure 5-39.  Set unique document permissions part 1

3. A preview of the document shows. Click the “…” at the bottom of the pop-up (Figure 5-40).

Figure 5-40.  Set unique document permissions part 2

223
Chapter 5 ■ SharePoint Administration Guide

4. Click “Shared with” (Figure 5-41).

Figure 5-41.  Set unique document permissions part 3

5. Click ADVANCED (Figure 5-42).

224
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-42.  Set unique document permissions part 4

6. Click “Stop Inheriting Permissions” (Figure 5-43).

Figure 5-43.  Set unique document permissions part 5

225
Chapter 5 ■ SharePoint Administration Guide

7. Accept the message.

8. Delete any extra SharePoint groups; add any required groups (grant permissions); undo
unique permissions by clicking “Delete unique permissions” (Figure 5-43).
As you can see, there are quite a few steps.
It is important, if you use unique permissions for a document (or folder), that you recognize that Site Settings ➤
Site Permissions work on the SITE, not the document or document library that you are looking at when you click the
Gear icon. You must use most of the steps above to change permissions for a document (or folder).
Click the ellipses to open the next screen.
Click the ellipses to open the next screen.
Click “Shared With” to open the next screen (Figure 5-42).
Click “ADVANCED” to open the next screen (Figure 5-43).
Click “Stop Inheriting Permissions” to stop using the permissions of the parent for this document.

Setting Permissions for Your Company Example

We discussed your objectives for this simple company site with specialized permissions above. You are now ready
to set the permissions for the sites that you created above. Here are your permissions objectives from Table 5-3
(reproduced here as Table 5-5).

Table 5-5.  SharePoint Sites Company Example

Sites
Roles Procedures Operations Board Customers
SP_Senior_Team RW RW RW RW
SP_Management RW RW None RO
SP_Human_Resources RW None None RO
SP_Manufacturing RO RO None RO
SP_Customer_Support RO None None RW
Subsite: Turnover; same
permissions as Operations

To implement the permissions designed above, for each site you will:
• Navigate to the site.
• Select Gear ➤ Site Settings ➤ Site Permissions.
• Click “Stop Inheriting Permissions” (see Figure 5-44).

226
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-44.  Stop inheriting permissions

• This will automatically create new SharePoint groups (see Figure 5-46).

• Fill the new groups with the Roles SP_ groups from Table 5-5.

Stop Inheriting Permissions

As discussed above, a site or library by default inherits permissions from its parent. In this security model, you stop
inheriting permissions to be able to cleanly start over with specific security groups that have Read Only or Read/Write
permission. This model makes it simple to add new users to the correct groups, and minimizes incorrect permission risks.
To stop inheriting permissions, follow these steps:
1. Navigate to the site.
2. Click Gear ➤ Site Settings ➤ Site Permissions.
3. Note the warning that “This library inherits permissions from its parent.”
Click “Stop Inheriting Permissions” (see Figure 5-44).
4. Click OK to accept the warning (Figure 5-45).

Figure 5-45.  Accept unique permissions

227
Chapter 5 ■ SharePoint Administration Guide

5. SharePoint automatically gives you the chance to make new groups for your newly
un-inheriting site! It wants to build three types of groups: [name] Visitors for people that
will have Read Only, [name] Members for Read-Write access, and [name] Owners that
have full control, including who will have the ability to add more members to these groups
(see Figure 5-46).

Figure 5-46.  New company groups

228
 Chapter 5 ■ SharePoint Administration Guide

6. You will create the standard groups for this site: Procedures Visitors, Procedures Members,
and Procedures Owners. You can, using the radio buttons, use other existing groups.
Commonly the proper Owners group will already exist; in this case, for example, you
might want the same Owners group for all of the sites (the same owners for Procedures,
Operations, Board, and Customers). By default the group’s creator name is added to
Members and Owners.
7. Click OK to create the groups.
8. You now add the defined SharePoint groups to the proper groups that you just created.
As an alternative, you can add the proper people to each of the groups that you just
created. It is more about consistency and your long-term plan.
9. Return to the site (Procedures) and select Gear ➤ Site Settings ➤ Site Permissions.
10. As discussed above, you probably want to delete the extra groups, such as Sample_
New_Site_Collection Members and Sample_New_Site_Collection Visitors. Leave just
Procedures Visitors, Procedures Members, and Procedures Owners.
11. Populate the new groups with the security groups
a. Add SP_Senior_Team, SP_Management and SP_Human_Resources to Procedures
Members (for RW access).
b. Add SP_Manufacturing and SP_Customer_Support to Procedures Visitors
(for RO access).
12. At some point, fill the SP_ groups with the appropriate people (or other groups).
13. Repeat for the other three sites: Operations, Board, and Customers.

Check Company Permissions

While most people do everything carefully and correctly, it is always a good idea to check. In this procedure you will
check the permissions for one of your users, John Q. Demo. He should have Read/Write access to the Procedures
document library (from your company security design above).
To check permissions, follow these steps:
1. Navigate to the site (Procedures, in this case).
2. Go to Gear ➤ Site Settings ➤ Site Permissions.
3. Click “Check Permissions” in the Permission Tools ribbon.
4. Enter part of the name, let it autofill, and click the result (see Figure 5-47)

229
Chapter 5 ■ SharePoint Administration Guide

Figure 5-47.  Check document library permissions part 1

5. Click Check Now.

6. Check results (see Figure 5-48). Note that John Q has permissions via two other groups.
They are not higher permissions, so it doesn’t matter. It is good to delete John from these
two other groups. (You see that we checked Permissions before we deleted the extra
groups in Step 10 above).

Figure 5-48.  Check document library permissions part 2

7. Check the permissions for the other people.

After you find the person or group that you wish to check permissions for, click Check Now. The next screen
shows the results of the check: John Q. Demo the listed permission on this site as given by the listed groups.

230
 Chapter 5 ■ SharePoint Administration Guide

Site Editing
This is a brief introduction to page (site) editing. It is really not too complicated. One important point to note is that
when you save your work, it is live to your users!

Edit Your Site Page

You can change the look of the pages that are displayed through the web browser. You will edit the default page for
the top-level site in your new site collection. Follow these steps:
1. Navigate to the page that you wish to edit. (You will need permission.)
2. You may choose to remove the “Get started with your site” by clicking REMOVE THIS.
You can also use it to add your first app or to make the other changes listed. It is a good
introduction to the new SharePoint 2013 features.
3. Click Page to show the Edit ribbon.
4. Click Edit (1) or Check Out (2), then Edit (Figure 5-49).

Figure 5-49.  Prepare to edit a page

5. Your page becomes editable (Figure 5-50). This page is pretty self-explanatory, but here
are a few points.

231
Chapter 5 ■ SharePoint Administration Guide

Figure 5-50.  Edit Page overview

a. Save and Check In when you are done.

b. This is the FORMAT TEXT Ribbon; click INSERT for the Insert ribbon (see Figure 5-50).
c. The text layout (Figure 5-51) changes the overall look, such as the number of columns
and headers, etc.

232
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-51.  Text layout options

d. Click on a part of the screen and start editing!

e. You might want to practice on a test site.
6. Review the INSERT ribbon (Figure 5-52).

Figure 5-52.  Edit Page Insert ribbon

233
Chapter 5 ■ SharePoint Administration Guide

a. You can insert the various items listed onto your page such as a table, picture, video
and audio, a hyperlink, a file, an app, a Web Part, or direct code. These are all pretty
straightforward except the app part.
b. The Insert an App part has two steps.
 i. See “Add an App” below for the first step.
ii. Determine where (on the screen) your app should go.
iii. Click (INSERT) App Part (see Figure 5-51).
iv. Find the app that you added previously (Procedures_Library in this case) and
click Add. The app will be added to the place that you selected on the screen
(see Figure 5-53).

Figure 5-53.  Edit page for the Add an App part

7. Click Save and Check In when you are done; your page is immediately published.
Click PAGE to open the Edit ribbon.
There are various controls on the ribbon. Click “Text Layout” for the Text Layout menu.
Click the INSERT tab for the Insert ribbon.
Click “App Part” for the Apps submenu. Select the app that you wish, “Procedures_Library” in this case.
Click Add.

Add an App
The new SharePoint 2013 model has added “Add an App” in addition to Web Parts. You now add an app first, and then
add it to a web (site) page.
To create an app to be added, follow these steps.
1. Go to Gear ➤ Add an App (Figure 5-54). Click the document library app. This is the type of
the app; you actually name it to add it as an app later (above).

234
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-54.  Add an app part 1

2. Name your app (Figure 5-55).

Figure 5-55.  Add an app part 2

3. Your app is added (Figure 5-56). You can add it to your page now.

235
Chapter 5 ■ SharePoint Administration Guide

Figure 5-56.  Add an app part 3

Click Gear ➤ Add an app, then select the Document Library ➤ Adding document library option.
Enter the name of your new document library, then click Create. Your new document library has been added to
your site.

Edit Links: Edit the Top link Bar

The top link bar is designed for easy access to other parts of your system. You can add a link to another page that will
be propagated to other pages (when you have a top link bar in lower sites).
Navigate to your top site. Click EDIT LINKS to edit the links. You can move them around and add a link to any
URL (such as your web site). Be sure to click Save when you are done (Figure 5-57).

Figure 5-57.  Edit the top link bar

Edit Links: Edit the Quick Links Bar

This editing is the same as the top link bar. Click EDIT LINKS to edit the links. You also may wish to edit the links in
Gear, Site Settings, and Navigation. This allows you to change the order of the Quick Links in a different way.

Create a Project Site

This section describes how to create a SharePoint project site in your SharePoint Online site collection. This is simply
another example of a site that can be created.
Office 365 offers several levels of projects, including a hosted project server and an individual project
subscription. Data for these services is stored in SharePoint. SharePoint also offers a simple project site with
documents, tasks, calendar, and e-mail specific to the project site. The steps to create this simple site are described
below. There is also can be a Project Web App in the SharePoint admin center (see Figure 5-58).

236
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-58.  Project Web App in SharePoint admin center

Step 1: Sign On to Your SharePoint Site

You must sign on as a user with full control for the parent site to be able to create a site. Go to
https://portal.microsoftonline.com ➤ Sites ➤ Team Site. As a shortcut you can use your “onmicrosoft” name;
for example, for us it is kamind.sharepoint.com.

Step 2: Navigate to “Parent” of Where You Want to Create Your Project Site
Choose where you want your new project site.

Step 3: Create a Project Subsite

Click Gear ➤ Site Contents (see Figure 5-59).

Figure 5-59.  Gear ➤ Site Contents

237
Chapter 5 ■ SharePoint Administration Guide

At the bottom of the Site Contents screen, click “new subsite” (see Figure 5-60).

Figure 5-60.  New subsite

You will see the New SharePoint Site screen (see Figure 5-61).

Figure 5-61.  Create New Project screen

238
 Chapter 5 ■ SharePoint Administration Guide

Set title, description, URL, and language. Since spaces are translated as %20 in the URL, it is common to use “_”
in place of spaces. This is much prettier, as mentioned before.
Select a template: click Collaboration, Team Site, or use a template that you have saved before. Click the Custom
tab (there will be a Custom tab if you have any saved templates).
Choose permissions: “Use same permissions as parent site” or “Use unique permissions.” If you choose
“Use unique permissions” you will have a chance to create SharePoint groups unique for this site.
Choose Yes or No for “Use the top link bar from the parent site?” Normally you will have set up navigation and
you will want to choose Yes. Click Create.

Step 4: Alter Your Site

Your initial project site can now be altered to fit your needs (see Figure 5-62).

Figure 5-62.  Initial SharePoint project site

239
Chapter 5 ■ SharePoint Administration Guide

If you are planning to use a similar project site setup in the future, you probably want to set your style (or use the
default) and your logo before you save the template (see Figure 5-63).

Figure 5-63.  Set title, description, and logo

Your logo can be referenced either from your local computer (a copy will be made in SharePoint) or from another
SharePoint location. You can also use this screen to change the title, etc. that you set when you created the site. Quick
navigation: Gear ➤ Site Settings ➤Title, Description, and Logo under Look and Feel.

Step 5: Save Your Project Site Template

If you will create more (similar) sites, now would be a good time to save the project site as a template.

■■Note  Save as a template BEFORE adding any project specific tasks or calendar entries!

Click Gear ➤ Site Settings ➤ Save site as template (see Figure 5-64).

240
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-64.  Save as Template screen

Pick a name for your template and fill in the other fields. Pick a very descriptive name, perhaps even with a
version number. You will have to recognize it the next time that you create a site.
The logo is included in the template (if you specify “Include Content”). See the note relating to “Include Content.”
Click OK. You will get an “Operation Completed Successfully” message. Your template is now available as a custom
template the next time that you wish to create a site.

Step 6: Clean Up Your Site and Add Apps as Appropriate

Return to your new site. Now it is time to adjust it to your specific needs for this project. In the center of the site are
some editing buttons (unless you have removed them already); see Figure 5-65.

Figure 5-65.  Site Edit buttons

241
Chapter 5 ■ SharePoint Administration Guide

A very common addition is project E-mail. This creates a special Exchange Mailbox just for this project, with a
special e-mail address. E-mail copied to this address will appear in the site (project) mailbox. This allows you to keep
all project e-mail together in one place, along with documents, calendar entries, and the task list.
To create a project site mailbox (or actually for any kind of site), click the “Keep e-mail in context” button at the
right of Figure 5-65. You will see a screen to add a site mailbox; click ADD IT. It may take up to 30 minutes for the
mailbox to be provisioned. This mailbox is unique to this site. The email address will be SMO- plus the name of the
Site plus @yoursite.com/net/org. The KAMIND project site mailbox is [email protected] in
this example.
This action will create a Site Mailbox app. You may wish to add this app to the links at left. This action is the same
as adding a Mailbox app. Quick navigation: Gear ➤ Site Contents ➤ add an app (upper left).
“Share our site” is the same as the SHARE button at the top right. See Chapter 2 for more information.
“Working on a deadline?” is a chance to add more calendar and task list apps. “Add lists, libraries and other apps”
adds apps. You can do both of these later with “Add an App.”
You probably set your style and your brand before you created a template. You can alter them again if you wish.
Most people remove the “Get started with your site” buttons (click the REMOVE THIS button in Figure 5-65).
You may also wish to edit links (at left) to match your design (in addition to adding the Site Mailbox app).
Quick navigation: Gear ➤ Site Contents ➤ Edit Link, and then drag any apps (including Site Mailbox) into the Links
area. You can edit the site for any other customization that you wish. (You may want to customize before creating a
template, or create another template.)

Step 7: Set Permissions

Depending upon your needs, you may wish to have special permissions for your project site. If you are planning to
share your entire site with internal or external users (outside of your organization), you have a choice of Read Only or
Edit. If you have documents or other apps that you do NOT wish to share with others, you can create a subsite (in this
site or another site) with unique permissions that are not visible to others.
You had a chance to create unique permissions when the site was created; you can also change permissions later.
You can create unique permissions for a site. See “Permissions: People and Groups” for more details.

242
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-66.  Set up groups for this site

Step 8: Using Your Project Site

Your site can now be used by people with Read or Edit (Contribute) permissions to your site. You can control whether
others can upload and edit documents, calendar entries, or tasks with permissions.

Using Project E-mail

If you created a site mailbox (see above), you can use it to keep e-mail about your project. This is a great way to keep
e-mail about your project in one place.
The e-mail address for your site will be SMO- plus the name of the site plus @yoursite.com/net/org. The
KAMIND Project Site mailbox is [email protected] in this example (Figure 5-67). Anyone on the
Internet can send to this address. If you reply to a message in the project inbox, the e-mail will be sent from your email
(your Office 365 login address). Send a copy to your project e-mail address.

243
Chapter 5 ■ SharePoint Administration Guide

Figure 5-67.  Outlook Web App site mailbox

When you click on the Mailbox link, you will start Outlook Web App. This is the same app that you use to process
your personal e-mail on the Web. The first time that you use Outlook Web App, you will need to set your language and
time zone. The first e-mail contains a link describing how to use your site mailbox.
You may wish to change from CONVERSATIONS BY DATE to ITEMS BY DATE (click the item above the inbox list).

Uploading and Creating Documents

The project site, by default, has a document library. Just drag a file from Windows Explorer onto “drag files here”
to upload one or more documents. Click “+ new document” to create a new Word, Excel, PowerPoint document or
OneNote notebook, or a new folder. You can also choose to UPLOAD EXISTING FILE, which gives you the opportunity
to browse to a file on your computer that you want to upload.
You can view or edit documents with the appropriate web app or with a locally installed version of Word, Excel,
etc. Just click on the document name. See Chapter 2 for more information.

Add Tasks and Task Management

The project site automatically includes a Tasks app. Click Edit in the “Get organized” box (see Figure 5-68) or Tasks on
the left links. You can then add tasks (task name, due date, assigned to) and add columns (such as comment).

Figure 5-68.  Task list to get organized

244
 Chapter 5 ■ SharePoint Administration Guide

A task is a line in a SharePoint list, with all of that flexibility. The list can also be shown as a calendar or Gantt
chart (click Tasks, then “…” just to the left of the “Find and item” box to see the choices). You can show completed or
late tasks. See Figure 5-69 for choices and below for sample screens.

Figure 5-69.  View choices

After you have added some task, the project summary will have more information (see Figure 5-70). You now
have the + ADD TASK and EDIT LIST links.

Figure 5-70.  Project Summary timeline

To add a task, click “+ ADD TASK” on the project home page or click Tasks at left, then “+ new task” to get to
the new task screen (see Figure 5-71. Note that this figure is after clicking SHOW MORE to see the additional fields,
including % Complete, Description, Predecessors, Priority, Task Status and the one that we added called Comment).

245
Chapter 5 ■ SharePoint Administration Guide

Figure 5-71.  Add a task

Enter values in the fields as required and click Save. Note that “Assigned to” will be an e-mail address. You can
use the small calendar to set a date. If you wish to set a date and time use the format “9/23/13 9:00am”. You may also
wish to alter the date format (see Figure 5-72). Note the tabs such as BROWSE, TASKS, LIST, and TIMELINE that show
depending upon what you have selected.

246
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-72.  Set timeline date format

Note that after you add a task, you must click the ellipses by the item to ADD TO TIMELINE (you can also remove
tasks to simplify your timeline). The ellipses also allow you to perform additional tasks including Edit Item, Alert me,
and Delete Item (see Figure 5-73).

Figure 5-73.  Task details

247
Chapter 5 ■ SharePoint Administration Guide

Click the checkbox to mark a task complete. The small green star shows new tasks.
As mentioned above (see Figure 5-69), there are other standard views including
• Calendar (see Figure 5-74)

Figure 5-74.  Task Calendar

• Gantt Chart (see Figure 5-75)

Figure 5-75.  Gantt chart

248
 Chapter 5 ■ SharePoint Administration Guide

All tasks show, even if they are not on the timeline.

You can create any number of specialized SharePoint views (see Figure 5-76).

Figure 5-76.  Add a Task list column

Figure 5-75 is an example of a Gantt chart, set as described above.

To add a column to your Tasks list, click the EDIT LIST link on the project home page or Tasks then “edit this list.”
(see Figure 5-76). Click the + at right of the columns. This will show the types of columns that you can create.
Because the Task list is a SharePoint list you have all of the power of SharePoint, including creating new views.
See Figure 5-77 for the SharePoint List ribbon.

Figure 5-77.  SharePoint List ribbon

Add Calendar Entries

The calendar that is added to the project site by default is a standard SharePoint calendar. It is not linked to the Tasks
calendar that you saw previously; see Figure 5-78. Click New Event to add an event to the calendar. The CALENDAR
tab allows you to change the calendar formatting and other connection activities.

249
Chapter 5 ■ SharePoint Administration Guide

Figure 5-78.  SharePoint calendar

One Note Notebook

A One Note notebook is created by default. Click the link at left to open the One Note Web App.

Start a Newsfeed Conversation

A newsfeed conversation helps you share information about your project. See Chapter 2.

Share Your Project Site

You may choose to share your project site with others in your organization, or with people outside your organization.
See k02_07v01_KAMIND_Office_365_SharePoint_Sharing or the appropriate section in Chapter 2.

Sync Your Site with SkyDrive Pro

You may sync the document libraries in your project site with SkyDrive Pro. See k02_04_v05_KAMIND_Office_365_
Using_SkydrivePro or the appropriate section in Chapter 2.

SharePoint Admin Center

This section describes tasks and settings that are normally executed by your (top level) SharePoint Online
Administrator(s). Site Collection Features are available to a Site Collection Administrator; Site Features are available
to User with Full Control.

250
 Chapter 5 ■ SharePoint Administration Guide

We will describe settings and actions in

• SharePoint admin center: Site Collections ribbon
• SharePoint admin center: Other menus (InfoPath, etc.)
• SharePoint admin center: Settings
• Site Collection Features settings (settings for a site collection)
• Site Feature settings (settings for a site)
• Initial SharePoint Setup
A few of these settings will need to be checked or changed for a newly purchased Office 365 tenant (see Table 5-7)
since the initial defaults may not match your needs. See the “Initial SharePoint Setup” section below.
Not all settings and features are described in this section. Again, this is a chapter, not a book! There are links
to additional information in the Links section. There are a large number of books that are entirely dedicated to the
details of SharePoint.

SharePoint Admin Center

The SharePoint admin center is the “home page” for SharePoint Administration. To access your SharePoint admin
center, sign on as an Office 365 Global Administrator. Select the Admin drop-down, then SharePoint (Figure 5-79).

Figure 5-79.  Admin drop-down list

The SharePoint Admin Center (Figure 5-80) includes the following submenus with functions:
• Site Collections ribbon (New, Delete, Properties, Owners, Sharing, Quotas, etc.)
• SkyDrive Pro settings
• InfoPath (InfoPath configuration options)
• User profiles (settings for People, Organizations, and My Sites)
• BCS (Business Connectivity Services): manage connectivity to other data sources)
• Term store (define and configure your metadata taxonomy)
• Records management (Send To Connections – Content Organizer configuration)
• Search (search administration: schema, dictionaries, reports, etc.)
• Secure store (configure a secure store target application)

251
Chapter 5 ■ SharePoint Administration Guide

• Apps (configure apps: catalog, purchase, licenses, permissions, etc.)

• Settings (Enterprise Social Collaboration, External Sharing, Global Experience
Version Settings, Information Rights Management (IRM), Start a Site, Office on Demand,
Preview Features)

Figure 5-80.  SharePoint admin center

If you get the “Sorry, something went wrong” error message shown in Figure 5-81, it generally means that your
permissions for the SharePoint admin center page has timed out. Return to the SharePoint admin center, click
Refresh, and try again.

Figure 5-81.  Sorry, something went wrong

252
 Chapter 5 ■ SharePoint Administration Guide

SharePoint Admin Center Site Collections Ribbon

Click “Site Collections” in SharePoint Admin Center to manage site collections. The Site Collections Ribbon (Figure 5-82)
will display, along with your list of site collections. Select one (or more, depending upon the action that you wish to
perform) to activate the Ribbon icons. These icons are described below.

Figure 5-82.  SharePoint Admin Center Site Collections ribbon

The Site Collection icons include the following:

1. New: Create a new site collection or public web site.
2. Delete: One or more site collections (select a site collection to activate icon).
3. Properties: Show properties of one site collection.
4. Owners: Set owners (“Manage Administrators” and “Add Support Partner”) for one or
more site collections.
5. Sharing: Set external sharing options on one or more site collections.
6. Storage Quota: Set quantity and a notification e-mail at limit.
7. Server Resource Quota: Set quantity and a notification e-mail at limit.
8. Upgrade: Site collection upgrade settings (for one site) and upgrade notifications.
9. Website: Settings for public-facing web site.
10. Recycle Bin: site collections in the Recycle Bin.

Icon 1: New
sCreate private site collection or a public web site. There can only be one public web site, which is created by default,
so the public web site will be grayed out. Select “Private Site Collection” (Figure 5-83).

Figure 5-83.  Create new site collection

253
Chapter 5 ■ SharePoint Administration Guide

Title your new site collection as you choose (see Figure 5-84). It is a good idea to use the same title as the web
site address. This will be less confusing in the future. Since the web site address is a URL, spaces will be replaced with
%20 (hex for the space character). Since this is ugly, it is common to replace the spaces in the title with underscores
(“_”). It is easy to change the title for the top site in a site collection: navigate to the Site ➤ Gear ➤ Site Settings ➤ Title,
Description, and Logo, but to change the web address you must create the new address and copy your data to it.

Figure 5-84.  New site collection screen

254
 Chapter 5 ■ SharePoint Administration Guide

Template Selection: Normally you will only have 2013 experience as a version (until the next time!). Select a
language for your site. Select a site collection template. “Team Site” is fine; you can change this later. This is the
template for the first site created in your new site collection. Figure 5-85 shows alternate templates.

Figure 5-85.  New site collection templates

Select a time zone. You can change this later in site collection Settings/Regional Settings. Set your Site Collection
Administrator. You can add more administrators later. Set the storage quota and resource quota (you can change these
later, and it is a good idea to set an e-mail notification when you are approaching the limit). Click OK.
Your new site collection will take a few minutes to be configured. You will have a site (of the template that you
selected above). You can edit your new site page as described in the section “Building Your SharePoint Structure.”

Icon 2: Delete
You can delete a selected site collection by clicking the Delete icon. There is a confirmation screen. You can recover a
deleted site collection within 30 days (see “Icon Recycle Bin” below).

255
Chapter 5 ■ SharePoint Administration Guide

Icon 3: Properties
Double-click a site collection or select a site and click Properties to see properties for the site (Figure 5-86). You can
click the web site address hot link to go to the actual site.

Figure 5-86.  Site collection properties

Icon 4: Owners
The Owners icon is used to manage Site Administrators and to set a support partner for a site collection
(see Figure 5-87).

Figure 5-87.  Site Collection ribbon ➤ Owners

256
 Chapter 5 ■ SharePoint Administration Guide

Click Owners ➤ Manage Administrators to see the screen shown in Figure 5-88.

Figure 5-88.  Manage administrators

The primary Site Collection Administrator was set when the site collection was created. You can add other
Site Collection Administrators. Type the first part of their name, or log in and click People Finder, or select from the
Browse “select people and groups.” Click OK.
The second icon choice of “Add Support Partner” is to add support partner privileges for a Microsoft
representative or your Office 365 License Advisor.

Icon 5: Sharing (External Sharing)

The Sharing icon is used to set sharing options for one or more site collections. Select a site collections(s) and click
Sharing (Figure 5-89).

257
Chapter 5 ■ SharePoint Administration Guide

Figure 5-89.  Site Collection ribbon ➤ Sharing

There are two classes of sharing: internal (within your tenant) and external (outside your Office 365 tenant).
Internal sharing is controlled by permissions. If a user has a link (URL) to a page but does not have permission to
view the page, it cannot be seen.
External sharing is very powerful, and a great feature, but has limitations. Please see the item “External sharing”
in the section “Planning, Governance, and Initial Setup” for limitations. A Site Collection Administrator must enable
external sharing within “Settings” (see below) and external sharing for each appropriate site collection. It can take a
few minutes for changes in menu settings to take effect (see Figures 5-90 and 5-91).

Figure 5-90.  Site Collection ribbon ➤ Sharing

258
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-91.  Site Collection ribbon ➤ Sharing screen with error

The external sharing choices include the following parameters:

• Don’t allow sharing outside your organization,
• Allow external users who accept sharing invitations and sign in as authenticated users.
• Allow both external users who accept sharing invitations and anonymous guest links. You
usually want this third choice.

Icon 6: Storage Quota

Generally it is a good idea to set “Send e-mail to site collection administrators when a site collection’s storage”
and to set the “reaches:” percent to 85 or so. This will warn you before you run out of allocated (or available) space
(Figures 5-92 and 5-93).

259
Chapter 5 ■ SharePoint Administration Guide

Figure 5-92.  Site Collection ribbon ➤ Storage Quota

Figure 5-93.  Set storage quota values

Icon 7: Server Resource Quota

Generally it is a good idea to set “Send e-mail when each selected site collection resource usage reaches warning level at:”
and to set the “reaches:” percent to 85 or so. This will warn you before you run out of resources (Figures 5-94 and 5-95).

260
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-94.  Site Collection ribbon ➤ Server Resource Quota

Figure 5-95.  Set server resource quota values

Icon 8: Upgrade
Normally your site collections will be created in the SharePoint 2013 version. If not, you may wish to force site
upgrades. This button really only applies when Microsoft is doing a major change, as from Wave 14 to Wave 15. You
can see the version of your site collections on the SharePoint admin center (see Figure 5-79).

261
Chapter 5 ■ SharePoint Administration Guide

Icon 9: Web Site

The information for your public-facing web site is set here. See Chapter 6 for the specific details.

Icon 10: Recycle Bin/Deleted Item Recovery

SharePoint Online users have a Recycle Bin where deleted content is stored. This Recycle Bin contains site collections
that can be recovered. Items in the Recycle Bin are retained for 30 days.
The following data types are captured by the various Recycle Bins:
• Site collections (this Recycle Bin)
• Sites
• Lists
• Libraries
• Folders
• List items
• Documents
• Web Part pages

SharePoint Admin Center Menus

There are additional menus to control more of the features of SharePoint at the left of the SharePoint admin
center page:
• InfoPath (InfoPath configuration options)
• SkyDrive Pro settings
• User profiles (settings for People, Organizations, and My Sites)
• BCS (manage connectivity to other data sources)
• Term store (define and configure your metadata taxonomy)
• Records management (Send To Connections – Content Organizer configuration)
• Search (search administration: schema, dictionaries, reports, etc.)
• Secure store (configure Secure Store Target Applications)
• Apps (configure apps: catalog, purchase, licenses, permissions, etc.)
• Settings (Enterprise Social Collaboration, External Sharing, Global Experience Version
Settings, Information Rights Management (IRM), Start a Site, Office on Demand,
Preview Features)

InfoPath
Configure InfoPath options. This is outside the scope of this chapter.

262
 Chapter 5 ■ SharePoint Administration Guide

SkyDrive Pro Settings

This screen controls adding additional SkyDrive Pro (personal SharePoint storage) to particular users (see Figure 5-96).
Choose particular logins and set them all to 25GB, 50GB, or 100GB storage limit.

Figure 5-96.  SkyDrive Pro settings

User Profiles
User profiles are used to preset values for your users, and include promoted sites.

BCS
Manage Business Connectivity Services. This is outside the scope of this chapter.

Term Store
Term store is global for entire SharePoint tenant. Term Store values are used in metadata fields. This is outside the
scope of this chapter.

Records Management
Manage features associated with Content Organizer.

Search
Manage Search parameters.

263
Chapter 5 ■ SharePoint Administration Guide

Settings
Settings includes a selection of global settings (for all of your SharePoint Office 365 tenants) including (see Figure 5-97)
the following:
• Enterprise Social Collaboration (Yammer or Newsfeed)
• External sharing (control how users invite people outside your organization to access content)
• Global Experience version settings (control which version of site collections can be created)
• Information Rights Management (IRM) (set IRM capabilities for SharePoint)
• Start a Site (give users a shortcut to create new team sites at a defined location)
• Office on Demand (enable/disable links to launch Office On Demand)
• Preview Features (enable/disable; see item for list of features)

Figure 5-97.  SharePoint Admin Center Menu settings

264
 Chapter 5 ■ SharePoint Administration Guide

Site Collection Settings: Site Collection Features

Site Collection settings, as you might presume, apply to an entire site collection. You must be a Site Collection
Administrator for the specific site (or an Office 365 Global Administrator/ SharePoint Online Administrator) to edit
these features.
There are many, many features for a site collection. They are listed alphabetically, by titles that were made up
by people with a specific idea of what the feature includes. Figures 5-98 through 5-100 show the default values when
a site collection is created. We will discuss some (not all!) of the important site collection features. Click Activate/
Deactivate to change the status of a feature. Some features take a while to activate.

Figure 5-98.  Site collection features part 1

265
Chapter 5 ■ SharePoint Administration Guide

Figure 5-99.  Site collection features part 2

266
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-100.  Site collection features part 3

Important Site Collection Settings: Site Collection Features

This list is somewhat arbitrary (Table 5-6). Some features depend upon what you are intending to accomplish in your
site collection. See Reference Links for a link to other descriptive material.

Table 5-6.  Site Collection Settings

Name Description Usage/Notes

Aggregated Business
Calendar
Document ID Service
Document Sets
Library and Folder Based
Retention
Limited-access user
permission lockdown
mode
Displays multiple business calendars in an overlay alongside
Exchange and SharePoint calendars.
Assigns IDs to documents in the site collection, which can be
used to retrieve items independent of their current location.
Provides the content types required for creating and using Active by default.
document sets. Creates a document set when you want to
manage multiple documents as a single work product.
Allows list administrators to override content type retention Active by default.
schedules and set schedules on libraries and folders.
When this feature is enabled, permissions for users in the Active by default.
“limited access” permissions level (such as anonymous users)
are reduced, preventing access to application pages.

(continued)

267
Chapter 5 ■ SharePoint Administration Guide

Table 5-8.  (continued)

Name
Open Documents in Client Configures links to documents so they open in client
Applications by Default applications instead of web applications, by default.
Various “Project” Related
Features, Sample Proposal
Publishing Approval
Workflow
Reporting
SharePoint 2007
Workflows
SharePoint Server
Enterprise site collection
features
SharePoint Server
Publishing Infrastructure
SharePoint Server
Standard site collection
features
Site Policy
Three-state workflow
Video and Rich Media
Workflows
Description Usage/Notes
Not active by default.
As required (related to
Projects and Project
Server)
Routes a page for approval. Approvers can approve or reject
the page, reassign the approval task, or request changes to the
page. This workflow can be edited in SharePoint Designer.
Creates reports about information in Microsoft SharePoint Active by default.
Foundation.
Aggregated set of out-of-box workflow features provided by
SharePoint 2007.
Features such as InfoPath Forms Services, Visio Services, Active by default.
Access Services, and Excel Services Application, included in
the SharePoint Server Enterprise License.
Provides centralized libraries, content types, master pages, Hidden gem. Not active
and page layouts and enables page scheduling and other by default. Includes
publishing functionality for a site collection. “Navigation” features.
Features such as user profiles and search, included in the Active by default.
SharePoint Server Standard License.
Allows Site Collection Administrators to define retention Active by default.
schedules that apply to a site and all its content.
Use this workflow to track items in a list. Active by default.
Provides libraries, content types, and Web Parts for storing, Active by default.
managing, and viewing rich media assets, like images, sound
clips, and videos.
Aggregated set of out-of-box workflow features provided by
SharePoint.

Site Settings: Site Features

Site settings, as you might presume, apply to a specific site. You must be a Site Collection Administrator for the specific
site (or an Office 365 Global Administrator/SharePoint Online Administrator) or have full control permission on the
site to edit these features.
There are many, many features for a site. They are listed alphabetically, by titles that were made up by people
with a specific idea of what the feature includes. Figures 5-101 through 5-103 show the default values when a Site is
created. We will discuss some (not all!) of the important site features. Click Activate/Deactivate to change the status of
a feature. Some features take a while to activate.

268
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-101.  Site features part 1

269
Chapter 5 ■ SharePoint Administration Guide

Figure 5-102.  Site features part 2

270
 Chapter 5 ■ SharePoint Administration Guide

Figure 5-103.  Site features part 3

Important Site Settings: Site Features

This list is somewhat arbitrary (Table 5-7). Some features depend upon what you are intending to accomplish in your
Site. See Reference Links for a link to other descriptive material.

271
Chapter 5 ■ SharePoint Administration Guide

Table 5-7.  SharePoint Site Features

Name Description Usage/Notes

Content Organizer Create metadata based rules that move content submitted A specialized, but valuable
to this site to the correct library or folder function.
Following Content Enable users to follow documents or sites. Defaults to Active
Getting Started Provides a tile view experience for common SharePoint Defaults to Active
site actions.
Site Mailbox The Site Mailbox app helps you keep e-mail and This is very powerful new
documents close together by connecting your site to an feature. Defaults to Not Active
Exchange mailbox. You can then view your e-mail on
SharePoint, and view site documents in Outlook.
Site Notebook Creates a Microsoft OneNote 2010 notebook in the Shared Defaults to Active.
Documents library and places a link to it on the Quick OneNote is a wonderful tool.
Launch. This feature requires a properly configured WOPI If people will use these OneNote
application server to create OneNote 2010 notebooks. notebooks this is great.

The Site Features page looks very similar to the Site Collection Features page; be sure that you are on the
correct page.

Additional Administrator Concepts and Tools

This section mentions some additional concepts and tools. Detailed descriptions of these items are outside the scope
of this chapter.

Document Sets
Document sets are a special kind of library valuable for documentation projects.

Document Versioning
It is possible to configure major and minor versions of documents, and control how many versions are kept. Select a
document library and then LIBRARY tab ➤ Library Settings ➤ Versioning Settings.

Workflows
Workflows are processes started by an activity that can perform such functions as getting document approval from
multiple people at the same time. Select a document library and then LIBRARY tab ➤ Library Settings ➤ Workflow
Settings.

Apps for SharePoint

SharePoint has built-in apps, such as document libraries; it is also possible to build custom apps.

272
 Chapter 5 ■ SharePoint Administration Guide

SharePoint Designer 2013

SharePoint Designer 2013 is the screen designer for the visible web pages plus additional features; “the tool of choice
for the rapid development of SharePoint applications”. You can find more information at the following links:
 
http://technet.microsoft.com/en-us/library/jj219638%28office.15%29.aspx
http://msdn.microsoft.com/en-us/sharepoint/hh850380
 
You can also find great information on SharePoint Designer 2013 and the new Workflow architecture at:
 
http://msdn.microsoft.com/en-us/library/sharepoint/jj163986(v=office.15)
 
You can find the download of SharePoint Designer 2013 here (be sure to look for updates as well):
 
http://www.microsoft.com/en-us/download/details.aspx?id=35491 

PowerShell for SharePoint Online

There is a set of PowerShell commands for SharePoint Online. Here is more information:
 
http://search.microsoft.com/en-us/DownloadResults.aspx?rf=sp&q=SharePoint+powershell&x=10&y=10 

Initial SharePoint Setup

Initial setup includes setting owners, sharing, storage quota, and server resource quota. These items should be set for
the first (initial) site collection. They can also be set for each additional site collection. See Table 5-8.

Table 5-8.  Initial SharePoint Administration Functions

Task Description
Initial Setup: The default for external sharing is “Allow both external users who accept sharing
Settings (lower left edge) invitations and anonymous guest links.” This is also the default for the sites. This
default is normally acceptable.
Initial Setup: At SharePoint admin center, select your site collection(s) and select “Owners, manage
set Owners administrators.” Normally the primary Site Collection Administrator will be the
first account that you created when you first purchased Office 365. This is why we
recommend that this be an Admin account and not a particular person. You may
also set additional Site Collection Administrators. These are the people that have full
control over all web sites in the site collection. Each site collection can have different
Administrators. You (or your License Advisor Partner) may add themselves under “add
support partner” as a Foreign Principal to provide additional support.
Initial Setup: Set sharing options for your site collection. You may select multiple site collections.
set Sharing The default is normally acceptable.
Initial Setup: Set your storage quotas. It is a good idea to set a limit to get warning emails. 80%
set Storage Quota or 90% depending upon usage and total size is good. You may select multiple site
collections to edit at one time.

(continued)

273
Chapter 5 ■ SharePoint Administration Guide

Table 5-8.  (continued)

Task
Initial Setup:
set Server Resource Quota
Set Permissions for Top
Level Site (or new site
collection)
Description
Set your server resource quotas. It is a good idea to set a limit to get warning e-mails.
You may select multiple site collections to edit at one time. The purpose of this quota
is to set a maximum percentage of server resources (such as CPU and RAM) that your
site collection should use. The quota helps prevent one site collection from depleting
server resources, which might adversely affect performance for all site collections.
The default for a new site collection is that there are no permissions set. Normally you
want the top level site to have at least Read Only so users at least have a landing page.
See the sections “SharePoint Permissions and Groups” and “Set Top Level Permissions
to Read Only.”

Reference Links
There is a large amount of information about Office 365 on the Web. The difficulty is finding the right information.
The information contained in this chapter is a combination of our experiences in doing deployments and support
information that has been published by third parties. There are additional links in the “Additional Administrator
Concepts and Tools” section above.
SharePoint Permissions – Best Practices (login required)
 
www.microsoft.com/en-us/download/details.aspx?id=9030
 
User Level Permissions in SharePoint
 
http://technet.microsoft.com/en-us/library/cc721640.aspx
 
Office 365 Technology Blog
 
http://blogs.office.com/b/office365tech/archive/2013/09/05/sharepoint-online-improves-limits-and-
makes-it-easier-to-restore-documents.aspx
 
SharePoint Online Planning Guide
 
http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/sharepoint-online-
planning-guide-for-office-365-enterprise-and-midsize-HA101988931.aspx
 
TechNet – Plan for SharePoint Online
 
http://technet.microsoft.com/en-us/library/hh852565.aspx
 
Assigning Administration Roles in SharePoint Online
 
http://office.microsoft.com/en-us/office365-suite-help/assigning-admin-roles-HA102816050.aspx
 

274
 Chapter 5 ■ SharePoint Administration Guide

Manage External Sharing for Your SharePoint Online Environment

 
http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/manage-external-
sharing-for-your-sharepoint-online-environment-HA102849864.aspx 

Next Steps
Your basic Office 365 SharePoint system has been configured. At this point your (first) site collection is 100%
functional. You have been introduced to important parts of SharePoint structure, permissions, and other details
needed to create and maintain sites and their subparts and permissions. One obvious next step is to read about how
to use SharePoint. (These two chapters really need to be read in conjunction.) However, your work is not yet complete.
There is much more to do depending on your Office 365 configuration. The key chapters that you need to review for
your Office 365 deployment are as follows:
• Chapter 7 – Windows Intune Administration
• The secret to an optimal Office 365 site is the management of the desktop to ensure that
updates are current, and the user antivirus is functioning. Windows Intune is a desktop
management tool that addresses these issues and reduces the administrators’ effort in
desktop management, and improves the user’s experience.
• Chapter 8 – Office 365 Administration
• The administrator’s job is never complete. This chapter contains information for
common tasks such as configuring SharePoint permissions, using different types of
PowerShell scripts for configuration of the Office 365 sites and other tips and tracks what
we use to make Office 365 work without any support calls.
• Chapter 9 – Compliance and Data Loss Prevention
• Businesses must adapt their mail document storage systems to correctly process the
electronic communications, based on regulatory oversight. The compliance and data
loss prevention (DLP) provides this capability to allow businesses to manage their
communications and protect from simple mistakes in their electronic communications.
Office 365 includes integrated discovery that supports legal discovery and audit
requirements.

275