Microsoft 365 security SharePoint permissions cleanup – How to avoid mess & optimize costs November 12, 2018 By: Syskit team Last updated: May 18, 2023 4 min read In this SP permissions cleanup guide, you will learn how to find and manage your excessive permissions and inactive users with Syskit Point. Table of contents Clean up your orphaned usersDelete users without permissionsManage groups without permissionsManage groups without usersSyskit Point - your Office 365 security ally SharePoint is undoubtedly a powerful platform. It offers a lot of user-managing options, such as adding, removing, and administering users. But that flexibility can also cause a lot of mess, and accordingly higher costs in both money and time. In this blog post, we’re gonna show you how you can keep your environment clean of excessive permissions and optimize your costs. Clean up your orphaned users Orphaned users are users who have left your organization and no longer exist in your Active Directory (AD), but who still have access to your environment. This happens more often than it should, when admins forget to remove those users’ permissions in the admin center. It’s a highly risky situation for the security of your sensitive files. But don’t worry. Syskit Point can help you out with its Orphaned Users report. You can instantly check all orphaned users in the tenant. Optimize your SharePoint license costs by removing their licenses or transferring their ownership to the superior manager. Download the report example and try it yourself. Dear reader, this is the functionality of our former product, Syskit Security Manager. Check out our new cloud-based Microsoft 365 governance solution, Syskit Point, to monitor user activity, manage permissions, make reports, and govern your users and resources. Delete users without permissions Users without permissions are those that don’t belong to any SharePoint group, nor have any direct permissions assigned to them. These users shouldn’t be a part of your AD, as they probably already left your organization. Moreover, you are spending money on licenses you don’t need. So, your task as an admin is to find those permission-less users and delete them from your AD. The thing is, you can’t really know at a glance who those users are. This is when Syskit Point comes in handy. It offers a report that lists all the users without permissions in your environment, so all you need to do is find the users from the list in your AD and delete them. Manage groups without permissions Without proper permissions governance, a number of mismanagements can occur. One of those is when an admin creates a SharePoint group but doesn’t assign any permission to it. That leaves a whole set of users who hoped to have access to certain objects through that group, but simply don’t. No matter the reason why this happened, you should either delete these groups, or assign permissions to them. However, sometimes it is hard to track down all those groups. Syskit Point has a report that lists all the groups in the tenant or farm that don’t have the permissions. You can then easily manage those groups and avoid further misunderstandings. Manage groups without users Similarly to the situation above, it can come about that an admin creates a group but doesn’t add any members to it. You might think that’s not a big deal, but it can create a pretty big mess if it happens often. Groups without users are obviously groups that are not used at all, and not only do they create a clutter, but they may also take a name that another, active group should be given. Obviously, you need to decide whether to delete those groups, or add users to them. In large environments, it can be a hard task to find all those inactive groups. Luckily, another Syskit Point’s report, Groups Without Users, lists all such groups in a farm or tenant. Once you have generated the report you can export it, analyze it, and manage them according to your needs. Download the report example and check it yourself. Syskit Point – your Office 365 security ally Besides permissions cleanup, Syskit Point will help you organize and manage permissions in your environment, control Office 365 and SharePoint Online guest access, and stay within OneDrive storage limits. Try all the functionalities of Syskit Point with a 21-day free trial. Secure your M365 Manage your company’s Microsoft 365 ecosystem with Syskit Point, a scalable platform that will help you govern and secure your environment while giving you deep visibility into your entire inventory. Try for free Related Posts Microsoft 365 security SharePoint permissions governance Read the full blog post to find out the benefits of SharePoint permissions mana… September 7, 2017 10 min read Microsoft 365 security Setting up Office 365 password policy & notifications guide If you ever wondered how to set up Office 365 password policy and notifications… April 1, 2021 12 min read Microsoft 365 security Insider threats in cyber security: What happens when employees leave? What happens when an employee leaves your organization? Learn how to avoid insi… March 15, 2021 4 min read