Ask Downloads
Domain 1 β€” Module 3 of 10 30%
3 of 28 overall
Domain 1: M365 Core Features & Objects Free ⏱ ~13 min read

SharePoint: Sites, Libraries & Permissions

SharePoint is where your organisation's documents live. Sites, libraries, and permissions β€” the three things every admin must understand, especially now that Copilot reads SharePoint data.

What is SharePoint?

Simple explanation

SharePoint is your organisation’s filing cabinet β€” except it’s in the cloud, searchable, and Copilot can read it.

In the old days, documents lived in shared folders on a server. SharePoint replaces that with sites (like departments), libraries (like drawers), and files (the actual documents). The big advantage: you control exactly who can see what.

This matters enormously for Copilot. Since Copilot reads your SharePoint data through Microsoft Graph, whatever users can access in SharePoint, Copilot can access too. If your permissions are messy, Copilot will surface sensitive documents to the wrong people.

SharePoint objects: sites, libraries, folders

Sites β€” the top-level containers

Site TypePurposeCreated ByExample
Team siteCollaboration for a group/departmentM365 Group or Teams teamMarketing team site
Communication siteBroadcast information to a wide audienceSite creator (no group)Company intranet, announcements

Every Teams team automatically gets a SharePoint team site β€” the β€œFiles” tab in Teams IS a SharePoint document library.

Document libraries β€” where files live

  • A library is a collection of files within a site
  • Each site can have multiple libraries (e.g., β€œProject Plans”, β€œContracts”, β€œTemplates”)
  • Libraries support versioning (track changes), metadata (tags), and check-in/check-out

Folders β€” organise within libraries

  • Folders are optional β€” some organisations use metadata instead
  • Folders inherit the library’s permissions by default, but can have custom permissions

SharePoint roles and permissions

This is critical for the exam β€” and for Copilot security:

SharePoint site permission roles
FeatureWhat They Can DoTypical User
Site OwnerFull control β€” manage permissions, settings, and structureDepartment manager, IT admin
Site MemberAdd, edit, and delete contentTeam members, contributors
Site VisitorRead only β€” view content but can't change itBroader org, external stakeholders (with guest access)
Permission inheritance β€” how it flows

Permissions flow downward in SharePoint:

Site β†’ Library β†’ Folder β†’ File

By default, a library inherits the site’s permissions. A folder inherits the library’s permissions. A file inherits the folder’s permissions.

But at ANY level, you can break inheritance and set custom permissions. For example:

  • HR site β†’ everyone is a Member
  • HR site β†’ β€œSalary Reviews” library β†’ only HR managers have access (inheritance broken)

⚠️ Copilot implication: If a file’s permissions allow User A to see it, Copilot will surface it when User A asks a question. Broken inheritance is how you protect sensitive files from being found by Copilot.

The SharePoint admin center

Key areas in admin.sharepoint.com:

SectionWhat You Manage
Active sitesAll sites in the tenant β€” create, delete, manage settings
SharingExternal sharing policies β€” who can share with people outside the org
StorageStorage quotas per site and tenant-wide limits
Access controlDevice-based access, network location restrictions
SettingsDefault sharing link type, site creation permissions
Scenario: Clearfield Council's SharePoint governance

Clearfield Council has strict data governance requirements. Director Chen configures:

  1. External sharing = disabled β€” no document sharing with people outside the council
  2. Storage quotas β€” 25 GB per department site, 100 GB for the legal archive
  3. Access control β€” only managed devices can access SharePoint (unmanaged personal devices blocked)
  4. Default sharing β€” set to β€œPeople in your organisation” (not β€œAnyone with the link”)

These settings prevent the most common data leakage scenarios β€” especially important when Copilot is deployed, since it inherits the same access controls.

🎬 Video walkthrough

Flashcards

Question

What's the difference between a SharePoint team site and a communication site?

Click or press Enter to reveal answer

Answer

Team site = collaboration for a group (connected to an M365 Group or Teams team). Communication site = broadcast information to a wide audience (like an intranet). Team sites focus on teamwork; communication sites focus on publishing.

Click to flip back
Question

What are the three default permission roles in SharePoint?

Click or press Enter to reveal answer

Answer

Site Owner (full control β€” manage settings, permissions, structure), Site Member (add, edit, delete content), Site Visitor (read-only access).

Click to flip back
Question

Why is SharePoint permission hygiene critical for Copilot?

Click or press Enter to reveal answer

Answer

Copilot accesses SharePoint content via Microsoft Graph using the user's own permissions. If permissions are too broad (everyone can see everything), Copilot will surface sensitive documents to anyone who asks. Tight permissions = safe Copilot.

Click to flip back

Knowledge Check

Knowledge Check

Northwave's HR department stores salary review documents in a SharePoint library. They want only HR managers to access these files, but the rest of the HR site should be accessible to all HR staff. How should Maya configure this?
Knowledge Check

After deploying Copilot, Northwave discovers that interns can ask Copilot about board meeting notes stored in SharePoint. What is the ROOT cause?

Next up: Microsoft Teams β€” teams, channels, and policies in the Teams admin center.