This document describes the various Governance options eShare provides for Organizations who are enabling SharePoint sharing via eShare. There are 2 options that can enabled that have built in request workflows that can be utilized by users. At a high level the two options are:
SharePoint Sites Approval Workflow
For organizations using who do not utilize Purview Sensitivity labels with eShare, there is another option for governing which sites can be used to share using the Native eShare M365 Applications. If the ‘SharePoint requires a label-mapped or assigned policy, or be explicitly linked (i.e., no auto-linking)’ is enabled, a SharePoint site cannot be shared from unless an eShare administrator has added it in the eShare admin console. This setting will also provide a request workflow for user’s if the site they attempt to share from is not yet registered.
If a user attempts to share using a native eShare M365 application and the site is not yet registered, they will be met with a screen prompting them submit a Site Approval request. Before submitting the request, the user must enter a Business Justification indicating why they need the site to be enabled.
After the user submits their request, eShare admins will receive an email notification indicating that a new SharePoint Site Approval request has been submitted. Admins can open the request directly from the email notification, or can navigate the eShare admin console directly.
Once the admin has accessed ‘Admin console’ > ‘SharePoint sites’, they can select the ‘Pending Requests’ to view any new requests sent by users. After selecting the request, click respond to either approve or deny the Site Request. If the site is approved it will NOT automatically link the site, an admin will still need to navigate to the ‘Overview’ tab and add the site manually.
Once approved or denied, the user will receive an email notification of the result. If the site is approved, they are free to start sharing from the newly added site the administrator linked to eShare. If it is denied, they will not be able to share from the site and will have to follow up with an administrator.
Require Sensitivity Labels to be applied to SharePoint Sites
For organizations utilizing Purview Sensitivity Labels with eShare, an additional setting can be enabled that will require users to apply a Sensitivity Label to their SharePoint site before being able to share. The setting is designed to ensure all user’s are applying Labels to their sites so appropriate governance controls can be applied when sharing externally via eShare, the site will not be required to be linked to eShare as long as the selected label has a sharing policy associated with it. The setting ‘Site owner can apply a site label within eShare (with optional justification)’ must be changed from ‘No’ to either ‘Yes’ or ‘Yes (with Justification)’ to enable this setting. By selecting ‘Yes’, it will only require they apply the label, ‘Yes (with Justification)’ requires they apply the label and also provide a justification for why they selected the label. It is important to note that this setting cannot be enabled unless the first setting is enabled accordingly.
.png)
If a SharePoint site Member tries to External Share without a Label applied to the site, they will receive a prompt telling them sharing needs to be enabled. An option will be provided to insert a Business justification for sharing from the site and send a request which will be sent to the Owners of the SharePoint site asking them to apply a label.
The Site Owner(s) will receive an email notification indicating their Site Member has requested they apply a label to the SharePoint site for sharing. The Owner can select the ‘Go to Site’ button to navigate to the site and apply a label accordingly.
If a SharePoint site Owner tries to External Share without a Label applied to the site, they will receive a prompt telling them a Site Sensitivity Label is required and must be applied. The Owner can select a label from the dropdown menu, and if required, add a justification for applying the selected Sensitivity Label. Once applied, Members and Owners of the SharePoint site will be able to Externally Share content from the site accordingly.
