SPO WBBag: SITES MIGRATION GOVERNANCE USERS (Human Like)

December 27, 2022 By pH7x Systems


SITES MIGRATION GOVERNANCE USERS (Human Like) Challenges

In this Weekly SharePoint Online Brown Bag I will talk about Governance in a company point of view and User Permissions Constraints putting myself in a Migration Consultant position.

Before I begin, I’m assuming you are having blocking points in your migration.

I’m assuming also when everyone is aware what is a SharePoint Migration, the Governance Committees work as expected and a Service Offer is in place you Maybe will not fall in this kind of issues.

My usual note

Perfect people or companies don’t exist. I’m the first to admit I’m not mistake free, that’s because I learn and share. If so please comment to Improve.

SUMMARY

These days performing a migration in some industry sectors can bring many challenges. Why? Because security is very tight and nothing can go out the corporation environment.

CHALLENGES IN THIS POST

  1. VMs Users Administration Rights Permissions
  2. Generic (Human Like Accounts)
  3. Development Environment Admin Rights

LET’S START

The first challenge begins with the assignment of administrator rights on a Virtual Machine, we cannot forget we have deadlines and SharePoint On Premisses Farms with a closing date.

When deadlines are tight, I immediately think of an Automated Migration System, with flows, Web Applications and Database Repositories. Microsoft Azure, in my opinion, is the best ecosystem to build one, remember, your tenant have a closely straight relation with Microsoft Azure, especially in SharePoint migrations with AAD Federated Accounts Security, Identity, Migration Flow (Storage) and affinity group, and everything is near your tenant. Pretty cool, you have less percentage to be throttled.

For your migration tool you can use the the SharePoint Migration Tool (SPMT) or any other such as ShareGate, Avepoint etc. Otherwise you’ll miss the deadline.

Passing the publicity (Ad), I personally use ShareGate because it brings me some advantages, namely own CMDLETS, doesn’t mean any other third parties are not good enough, it all depends on the migration scope, all migrations are different. I have also a lot of flexibility to schedule migration scripts.

I usually use it together with PnP.PowerShell and SharePoint Online Management Shell. To do this I’ll need Schedule Tasks, but to create and update schedule tasks, power rights are needed. So this is my first constraint to not have the proper rights.

The second challenge starts with assigning an AD Account (Human Like) for the Migration Server. I can understand why generic user accounts are not good for the business in a security context, but let’s be clear, it’s not an option migrating over my identity. So if you are blocked, you’ll have to find another process.

Saying that, it’s your option or not to go ahead. But why?

Obviously because only I know my password, I can go on vacation, or go on sick leave. So, the migration process stop because I’m the only one that can perform it.

The third challenge comes with the development environment. If your SharePoint Admin disable the Customs Scripts option, that’s a good way to secure your tenant, someone might say, I’ll install SPFx and everything necessary and then you’re a regular user. Don’t forget tu run gulp trust-dev-cert with elevate rights, IF the company have a policy that blocks this task. So, you may fall on this error.

Error - [trust-cert] Certificate trust failed with an unknown error.

The DEV Certificate will create/bridge a (certificate) for Node and SPO Workbench to the compiled manifest. BUT Somehow I’ll need to access the certificate store, or something will need elevated rights, you are not building solely SPFx but using.NET Core Visual Studio and Visual Studio for your Migration Automated System.

“Business as usual” effect.

In time and running fast you will need other tools for sure, every migration is different. But to have the proper rights I’m assuming you know what you are doing and installing. I really believe you cannot be depending on someone else on this, why? for my experience because in some big companies, support runs slow and you have a deadline. The buzzword “business as usual”. The deadline will fail.

CONCLUSION

Whatever Governance someone have, there are mandatory procedures, Usually Blocking Points, remember, build your network, always talk with the Corporate Governance Committees or the Product Owner in case of doubt.

DON’T BE AFRAID TO SAY NO, in the other hand you have to know how to say NO and explain. Come on, you suppose to know what are you doing, so instruct, that’s the main reason you’re hired in the first place.

Hope that help you in some constraints that you have.

That’s all for this week, see you next time