Information Security

Guidance for Securely Storing Information in Microsoft 365 SharePoint Online, OneDrive, or Teams

Last modified 2/12/2024

Microsoft 365 services SharePoint Online, OneDrive, and Teams are powerful tools for storing and sharing information, but it's important to follow best practices for keeping the information secure. This guidance provides information resource owners with instructions on how to securely store information in Microsoft 365.

Teams vs SharePoint vs OneDrive

While the overarching user interface and experience differs across each service, SharePoint Online, OneDrive, and Teams ultimately use the same cloud storage solution. The principles of secure sharing in one service apply to the others.


  • Step 1: Determine the Sensitivity of the Information

The first step in securely storing information in SharePoint Online or OneDrive is to determine the sensitivity of the information. This will help you understand the level of security required and determine the appropriate storage location within the platform.

Data Classification

Refer to the data classification procedures and registry to assist in determining sensitivity of information.

9.8.1 Data Classification Procedure | University Policies and Procedures | Illinois State

  • Step 2: Create Secure Sites or Folders

Create a secure team, site, or folder within SharePoint Online, OneDrive, or Teams to store the information. Review the permissions to understand groups or individuals that have access to protect the site or folder from unauthorized access.

Request the Creation of a Team for Microsoft Teams | Help - Illinois State

Teams Includes SharePoint

By default, every Teams resource automatically includes a SharePoint site and in effect a OneDrive repository for files. This can confuse users that understand the services as distinctly separate. In most cases, if you read about sharing for Teams, you will find very similar for SharePoint and OneDrive.


  • Step 3: Control Access to the Information

Control access to the information by using SharePoint Online or OneDrive's sharing options. This may include granting access only to specific individuals or groups.

Access Reviews

Follow our Guidance for Conducting Access Reviews for Information Resources to ensure only authorized individuals have access.


Default Sharing Setting

The default sharing setting of Microsoft 365 at Illinois State University is "People in IL State University." This setting enables any student, faculty, staff, or guest account to access the shared file. This setting is not acceptable for any file or folder that has highly sensitive or otherwise controlled data. Instead, adjust the sharing settings to "People you choose" and enter their email, name, or username to grant them access directly (see below).

While this can create an inconvenience for sharing the file further, anyone that opens the shared file without access can request it from you.

  • Step 4: Regularly Monitor Activity

Regularly monitor the activity on the site or folder to check for any unauthorized access or activity. This may include reviewing logs, checking for unusual activity, or conducting regular access reviews.

  • Step 5: Back up the Information

Back up the information stored in SharePoint Online or OneDrive to prevent data loss in the event of a disaster or cyber-attack. This may include using cloud-based backup solutions, or regularly copying the information to a secure, offline location.

Version History

Information stored in SharePoint Online and OneDrive can track past versions as updates are made. However, for highly sensitive information, secondary and additional backup strategies are recommended.

  • Step 6: Educate Yourself and Others

Stay informed about the latest security risks and best practices for using SharePoint Online or OneDrive. Educate others, including staff and students, about the importance of keeping the information secure and the steps they can take to protect it.

LinkedIn Learning for Employees

LinkedIn Learning is available to employees of the University. The following chapter of a course on Microsoft Teams provides a good overview of sharing in that app specifically.

https://www.linkedin.com/learning/microsoft-teams-working-with-files-2022/manage-permissions-for-files-shared-with-a-link


By following these steps, information resource owners can securely store information in SharePoint Online or OneDrive and help ensure the confidentiality and integrity of the information. If you have any questions about securely storing information in these platforms, please contact the IT department for assistance.