Finance
Securing Enterprise Knowledge: Permissions Recovery & Compliance Modernization
Primary Area
Infrastructure & Cloud
Service Area
SharePoint Migration and Optimization
Products Used
Azure, SharePoint, SQL
Roles Impacted
Director Business Solutions, IT
Impact Highlight
40% reduced retrieval times for documents and information
Opportunity
A Global Investment Bank’s collaboration estate sprawled across aging SharePoint Server farms, unmanaged OneDrive silos, and legacy network shares; broken permission inheritance was the norm, and admins could not reliably see who had access to what. The bank treated this as an opportunity to tighten controls, restore auditability, and create a governed platform for regulated content.
70%+ of libraries with unique, conflicting, or orphaned permissions.
Thousands of inherited breaks across site collections, lists, and items; no authoritative access model.
Versioning disabled or inconsistent, leaving critical deal, KYC, and regulatory records non-auditable.
Disparate authentication models (AD forests, local groups, manual ACLs) blocking consistent compliance attestations.
Stale content trapped in legacy ECM and unmanaged file shares outside retention policy.
Administrative effort measured in days per access review; remediation tickets backlogged by quarters.
Solution
We aligned stakeholders on a target governance model, automated permission repair, and engineered a controlled migration path to Microsoft 365. Our team re-platformed content into a hardened SharePoint Online / OneDrive for Business architecture integrated with Microsoft Entra ID, Purview compliance controls, and automated lifecycle policies.
Conducted cross-line-of-business workshops to map regulatory, legal hold, and trading-floor data handling requirements into a unified information architecture.
Built a least-privilege access model using Entra ID security groups & dynamic groups; replaced item-level breaks with role-based site permissions.
Automated discovery & remediation scripts (PnP.PowerShell, Graph API) to normalize inheritance and report exceptions before migration.
Migrated from SharePoint Server 2016 farms, and unmanaged network shares into SharePoint Online & OneDrive for Business.
Enabled required versioning, retention labels, eDiscovery holds, data loss prevention (DLP), and audit logging via Microsoft Purview; integrated with Records Management for regulated content.
Streamlined collaboration by connecting governed document libraries to Microsoft Teams channels and sensitivity labels via Microsoft Information Protection.
Impact
The bank now manages regulated documents in a single, governed Microsoft 365 estate with transparent access, traceable history, and policy-driven retention; quarterly audits shifted from manual sampling to automated evidence pulls. Migrating the sprawling on-premises repositories into secure SharePoint Online resolved the permissions disaster, delivered audit compliance in the latest regulatory review, and materially improved information access for front-office and compliance teams.
In-scope regulated libraries covered by versioning, retention, and immutable audit trail.
Increased permission accuracy.
Significant reduction in administrative hours per quarterly access certification cycle.
Document retrieval times for end users improved by ~40% through metadata-driven search & hub taxonomy.
Eliminated orphaned permission entries and unsupported unique item-level breaks during migration.
Zero critical compliance findings in post-migration regulatory audit.