As it does with any new version of a product, Microsoft has rolled out fresh and enhanced features for SharePoint 2016. Although capabilities such as the ability to preview images and videos tend to attract a lot of attention, SharePoint's new security features are equally noteworthy.
Of particular significance are the encryption-related changes in Microsoft SharePoint 2016: Transport Layer Security (TLS), while Secure Sockets Layer (SSL) is on its way out. Information rights management (IRM) tools can now be utilized to encrypt and restrict access to documents.
Here is an overview of the enhanced security features in SharePoint 2016:
1. Connection encryption: SSL encryption has long been supported for use with SharePoint sessions. Unfortunately, SSL 3.0 contains a known security vulnerability that allows encrypted data to be decrypted by unauthorized parties. As a result, Microsoft has disabled SSL 3.0 encryption in Microsoft SharePoint 2016 for most -- but not all -- features.
In its place, the company has chosen to use Transport Layer Security as the default encryption type for SharePoint 2016. The technology can be configured manually to encrypt Simple Mail Transfer Protocol traffic in order to protect emails sent from SharePoint, including situations in which SMTP traffic is using both standard and nonstandard port numbers. TLS 1.2 can also be used to encrypt connections to other systems and services that host web applications.
2. Information rights management: Organizations can control how a document can be used by utilizing information rights management technology. While IRM is listed as being among the new security features in Microsoft SharePoint 2016, support for the capability has also been added to SharePoint 2013.
SharePoint's approach to IRM security is at least somewhat unique. Outside SharePoint, IRM security is commonly applied at the document level. If, for example, a user creates a Microsoft Word document that needs to be protected, that user can directly apply IRM permissions from inside Word (assuming the supporting infrastructure exists). SharePoint takes a different approach to IRM security: Rather than leaving it up to the end user to apply, IRM protection can be enabled for a list or a library.
The way that IRM permissions are applied varies depending on where it is applied. If IRM is enabled for a SharePoint library, then files within the library will automatically receive IRM protection. If IRM is applied to a list, then list items will not be protected -- but files that are attached to list items will be protected.
Although this concept is relatively simple, there is one major caveat: Not every file can be IRM protected. A file can be IRM protected only if SharePoint includes a protector for its specific file type. SharePoint includes protectors for the following file types:
- Microsoft Office InfoPath forms.
- The 97-2003 file formats for Microsoft Office Word, Excel and PowerPoint.
- The Office Open XML Formats for Word, Excel and PowerPoint.
- The XML Paper Specification format.
It is theoretically possible to apply IRM protection to other file types, but doing so requires the SharePoint administrator to install protectors for any required file types. Microsoft provides detailed instructions for enabling and managing IRM protection.
3. IRM and OneDrive for Business: SharePoint 2013 and 2016 allow IRM policies to be applied to lists and libraries, as stated earlier. One of the more noteworthy achievements in Microsoft SharePoint 2016 is the ability to sync IRM with OneDrive for Business. Once synced, documents remain protected -- regardless of where the user opens the document or whether it resides in the cloud or in your own data center.
Smart SharePoint implementation strategies
Restoring SharePoint BI features
Simples tips for SharePoint PowerShell commands