We use cookies to improve your experience on our site and enable certain core website functionalities. For more information, visit our Privacy Policy page.

Accept
  • Insights

Why Security Is an Ecosystem, Not an IT Setting: Lessons from ILTA’s Microsoft Tech Days

Beth Anne Stuebe and Dan Paquette

3 min read

All Insights

Why Security Is an Ecosystem, Not an IT Setting: Lessons from ILTA’s Microsoft Tech Days  

SharePoint security has evolved.  

Not in a Jurassic Park way, but what was once a conversation about permissions, site owners, and sharing links has become something far more complex, and much more consequential. Last week, Dan Paquette, Kraft Kennedy’s Practice Group Leader, Modern Work, presented several sessions at ILTA’s Microsoft Tech Days in Chicago. In his first session, Fortifying SharePoint: Deep Dive into Security, Compliance, and Protection Tools in Microsoft 365, Dan reframed SharePoint… not as an application to be locked down, but as a platform embedded deeply into the Microsoft 365 security fabric.  

For legal technologists, and that’s a pretty wide swath of us, this shift matters, both operationally and from an internal security perspective. SharePoint is no longer just a document repository; it is the foundation on which Teams, Copilot, OneDrive, and more operate. And every misconfiguration could affect data exposure, privilege escalation, and ultimately legal risk. This session made one theme abundantly clear: you cannot secure SharePoint in isolation anymore. 

Opt-in for expert insights & industry event invites

The Big Picture: Collaboration First, Risk Always 

One of the most important framing points in Dan’s presentation is that SharePoint defaults are designed to enable collaboration, not control. This is not a flaw: it’s a design choice. But in regulated environments like law firms and legal departments, collaboration-first defaults can create outcomes that are embarrassing, costly, or catastrophic if left unchecked. 

Moving to SharePoint Online introduces implicit dependencies across Microsoft 365, including: 

  • External sharing models 
  • Microsoft Teams–backed sites 
  • Copilot data access paths 
  • Connected services like Loop, Stream, Lists, Viva, Forms, and Power Platform 

For legal technologists, the takeaway is clear: SharePoint is the control plane for collaboration risk, whether firm users realize it or not. 

Assuming this inherent risk, let’s talk about Security and how Kraft Kennedy uses the below pillars to identify next steps for clients: 

Pillar One: Identity as the First Line of Defense 

The session’s first security pillar focuses on identity, anchored in Microsoft Entra. Rather than treating identity as a background service, Dan positioned it as the front door to SharePoint security. 

Multifactor authentication (MFA) is not presented as optional hygiene, but as a foundational requirement. The emphasis is less on which MFA method is chosen and more on ensuring strong, enforced identity verification across all SharePoint entry points, including browser, desktop, and integrated apps. 

For legal environments, this is particularly relevant when considering: 

  • External collaborators accessing matter sites 
  • Copilot’s reliance on the signed-in user’s identity 
  • The downstream impact of compromised credentials on privileged content 

Identity failures are no longer isolated security incidents; they are content exposure events. 

Pillar Two: Data Governance with Microsoft Purview 

The second major pillar dives into Microsoft Purview, specifically Information Protection labels and Data Loss Prevention (DLP)policies as they apply to SharePoint content. 

What’s notable is what the session didn’t cover. Paquette explicitly excluded Purview areas such as eDiscovery, Audit, Insider Risk, and Records Management, not because they are unimportant, but because the focus was squarely on frontline data governance controls that directly affect everyday collaboration. 

For legal technologists, this distinction matters. Sensitivity labels and DLP policies operate before content becomes discoverable or defensible. They shape how information can be shared, downloaded, or accessed long before legal teams are asked to respond to an incident. 

This is also where Copilot enters the conversation implicitly. Copilot does not invent access: it inherits it. Repeat after Dan: Poorly governed SharePoint content becomes poorly governed Copilot output. 

Pillar Three: Operating SharePoint Securely at Scale 

The next part of the session focused on SharePoint Advanced Management (SAM), the premium capability designed to give organizations visibility and control across large SharePoint estates. 

Rather than emphasizing configuration minutiae, the presentation highlighted risk patterns: 

  • Inactive sites with lingering sensitive data 
  • Missing or outdated site ownership 
  • Oversharing via broken permission inheritance 
  • Organization-wide or “anyone” sharing links 

The value of SAM lies in assessment and remediation at scale, not one-off fixes. Dashboards, recommendations, and change history shift SharePoint governance from reactive cleanup to proactive risk management. 

For legal teams of all sizes, this is where SharePoint security becomes operationally indispensable. Our internal SOC echoes our sentiments: you cannot explain or justify controls you cannot see. 

From Policy to Proof: Change Tracking and Accountability 

Several slides focused on change history and reporting, underscoring the importance of knowing not just what policies exist, but when they changed and who changed them. 

In legal contexts, this matters for: 

  • Internal audits 
  • Incident response timelines 
  • Demonstrating reasonable security practices 
  • Supporting regulatory or client inquiries 

Visibility is not just an IT requirement: it’s an ethical and legal one. 

It’s a New Dawn, It’s a New Day 

Although Copilot was not the explicit focus of this session, it looms over every topic discussed onsite at the ILTA Microsoft Tech Days. Simply, Copilot amplifies both good governance and bad governance. Strong identity controls, well applied sensitivity labels, and disciplined site lifecycle management all reduce the risk of Copilot surfacing content in inappropriate contexts. 

For legal technologists, the message is sobering, but empowering: Copilot readiness is SharePoint security readiness. 

Final Takeaway for Technologists 

Fortifying SharePoint makes a compelling case that modern SharePoint security is not about locking things down, it’s about designing for safe collaboration at scale. Identity, data governance, and operational oversight are not separate initiatives; they are interlocking controls within Microsoft 365’s broader security ecosystem. 

Legal technologists who understand this shift are better positioned to: 

  • Reduce inadvertent data exposure 
  • Support Copilot adoption responsibly 
  • Defend security decisions with evidence 
  • Align IT controls with legal risk realities 

 In today’s Microsoft 365 environments, SharePoint security is no longer optional infrastructure: it is foundational legal technology that your firm must implement.  

Stay tuned for Part 2 of Dan’s Takeaways from the ILTA Microsoft Tech Days, coming soon!

Storing Teams Data in OneDrive and SharePoint

More Information

Looking for more ways to interact with Kraft Kennedy? We’re out and about and can’t wait to see you!
Check out where our team is headed next, here!