TL;DR — What does enterprise SharePoint usage and collaboration look like in 2026?
Enterprise SharePoint usage and collaboration in 2026 is built on seven patterns: a hub-and-spoke intranet architecture, real-time document co-authoring across Word / Excel / PowerPoint, Teams-backed channels where every Teams file is a SharePoint document library, Microsoft 365 Copilot grounding on Microsoft Graph–permissioned SharePoint content, Viva Connections as the employee experience layer, Microsoft Syntex AI document understanding, and Power Platform integration (Power Automate, Power Apps, Power BI) sitting on top of SharePoint lists and libraries. Governance is enforced through Microsoft Purview sensitivity labels, DLP, retention, eDiscovery, audit logs, and Conditional Access. EPC Group has delivered 6,500+ SharePoint implementations since 1997 across 70+ Fortune 500 clients and has authored 3 SharePoint titles for Microsoft Press.
EPC Group is a 29-year Microsoft Solutions Partner with 6,500+ SharePoint implementations across 70+ Fortune 500 clients. This guide covers the seven enterprise SharePoint usage patterns that actually drive adoption in 2026 — hub-and-spoke intranet, document co-authoring, Teams-backed channels, Microsoft 365 Copilot grounding, Viva Connections, Microsoft Syntex, and Power Platform integration — plus the six adoption metrics that matter, the governance control set, the compliance frameworks SharePoint supports, and the EPC Group engagement models.
Key Facts
- 6,500+ SharePoint implementations across 70+ Fortune 500 clients — 29 years since 1997
- Founder Errin O'Connor authored 4 Microsoft Press books — 3 are SharePoint titles (SharePoint Foundation 2010, SharePoint 2013 Field Guide, WSS 3.0)
- All 6 current Microsoft Solutions Partner Designations held under the Microsoft Cloud Partner Program
- Every Microsoft Teams team has a SharePoint site behind it — the Files tab in every channel is a SharePoint document library
- Microsoft 365 Copilot grounds enterprise responses on SharePoint, OneDrive, Teams, Exchange, OneNote via Microsoft Graph access boundary
- Hub-and-spoke intranet limits: up to 2,000 hubs per tenant and up to 2,000 associated sites per hub
- SharePoint supports HIPAA, SOC 2, FedRAMP, FINRA, CMMC, GxP compliance frameworks through Microsoft Purview Information Protection, retention, DLP, eDiscovery, and audit logs
- Federal past performance: NASA, the FBI, the Federal Reserve, and the Pentagon — active healthcare engagements include Palmetto Infusion
The 7 SharePoint Collaboration Patterns That Drive Adoption
Across 6,500+ SharePoint implementations EPC Group has converged on seven enterprise usage patterns that actually drive adoption in Fortune 500 organizations. Each pattern is engineered for sustained use — not a launch-week traffic spike. Together they form the operating model for SharePoint in 2026.
Hub-and-Spoke Intranet Architecture
Intranet owners, IT, communications, every employee
A SharePoint hub-and-spoke intranet is the single most important enterprise usage pattern. The corporate hub site is the front door — news, navigation, search scope, theme, and the executive voice. Departmental spoke sites — HR, Legal, Finance, IT, Engineering, Sales, Operations, regional offices, employee resource groups — associate to the hub, inherit the navigation and theme, and contribute news up to the hub. This architecture is how Fortune 500 enterprises actually run modern SharePoint. The hub aggregates news and activity from every associated spoke, so an employee who lands on the corporate home page gets a curated feed of everything happening across the organization without having to remember individual site URLs. Hub navigation propagates to every spoke in real time, which means a single navigation edit at the hub level reaches the entire associated site collection. Search is hub-scoped — when an employee searches from the HR spoke, results are scoped to the HR hub by default, which dramatically improves search relevance versus the legacy SharePoint-Server "search the universe" model. Microsoft supports up to 2,000 hubs per tenant and up to 2,000 associated sites per hub. EPC Group has built 6,500+ SharePoint implementations and the canonical hub-and-spoke pattern is the foundation of every one of them. The most common antipattern we remediate: a flat tenant of thousands of unassociated team sites with no information architecture, no hub, no scope, and no executive narrative — the SharePoint sprawl problem.
- Corporate hub + departmental spoke sites (HR, Legal, Finance, IT, Sales, Ops, regions).
- Hub-rolled-up news, events, and highlighted content from every associated spoke.
- Hub-scoped search dramatically improves relevance versus tenant-wide search.
- Hub navigation, theme, and logo propagate to every associated site in real time.
- Up to 2,000 hubs per tenant and 2,000 associated sites per hub (Microsoft limits).
- Lifecycle policies tie hub association to retention, sensitivity-label scope, and ownership review.
Document Collaboration & Co-Authoring at Scale
Every knowledge worker, document owners, version-control reviewers
Real-time document co-authoring across Word, Excel, PowerPoint, OneNote, and Visio is the highest-volume SharePoint usage pattern by far — millions of co-author sessions per day across an enterprise tenant. SharePoint document libraries are the storage substrate; OneDrive sync, the Office desktop apps, Office on the web, and the Office mobile apps are the editing surfaces. Co-authoring works in real time on documents stored in SharePoint or OneDrive — multiple editors see each other's cursors and edits live, with author colors, presence indicators, and inline comments. Version history is automatic at the library level (default 500 major versions on SharePoint Online); every save creates a new version with an attributed author. Check-in/check-out is rarely used in modern SharePoint — co-authoring replaces it for most document types. The patterns that matter at enterprise scale: configuring the default version cap appropriately, enabling auto-save on document libraries, applying retention labels at the library or content type level, applying sensitivity labels to enforce encryption and rights, configuring file request links for one-way uploads from external parties, and turning on the modern "Open in Desktop App" or "Open in Web App" defaults consistently across the tenant. EPC Group's rollout playbook treats co-authoring as a configuration item, not a feature — the defaults Microsoft ships are not the defaults a Fortune 500 enterprise should run.
- Real-time co-authoring in Word, Excel, PowerPoint, OneNote, and Visio with author presence.
- Automatic version history at the document library level (default 500 major versions).
- Auto-save enabled on documents stored in SharePoint and OneDrive — no lost work.
- Inline comments, @mentions, and Reviewer Mode for structured collaboration.
- Office desktop, Office on the web, and Office mobile all hit the same SharePoint substrate.
- File request links for one-way uploads from external parties with no guest account required.
Microsoft Teams + SharePoint-Backed Channels
Project teams, department teams, every Teams user
Every Microsoft Teams team has a SharePoint site behind it — the Files tab in every channel is a SharePoint document library, the team wiki and OneNote are SharePoint content, and the team conversations are stored in the Exchange Online mailbox associated with the Microsoft 365 group. This is the single most consequential SharePoint usage pattern in 2026 because the volume of files now flowing through Teams Files is higher than the volume flowing through traditional intranet sites. Standard channels share a single document library at the root of the team site. Private channels create a separate SharePoint site for each channel — same tenant, isolated permissions. Shared channels (the Microsoft Teams Connect surface) also create a dedicated SharePoint site and support cross-tenant collaboration with Microsoft Entra B2B Direct Connect. The implications for governance are enormous: retention policies, sensitivity labels, eDiscovery holds, and DLP policies have to be authored to cover the SharePoint substrate behind Teams — not just the Teams chat surface. When EPC Group remediates a Teams sprawl problem we are usually remediating a SharePoint sprawl problem in disguise: thousands of unowned, unsponsored team sites with no lifecycle policy, no retention label, and no information architecture. The Microsoft 365 Groups expiration policy and SharePoint Site Lifecycle policy together are the lifecycle baseline.
- Standard channels share the root team site library — every Teams file lives in SharePoint.
- Private channels create dedicated SharePoint sites with isolated permissions.
- Shared channels (Teams Connect) span tenants via Microsoft Entra B2B Direct Connect.
- Retention labels, sensitivity labels, and DLP policies must cover both Teams chat and the SharePoint substrate.
- Microsoft 365 Groups expiration policy + SharePoint Site Lifecycle policy are the lifecycle baseline.
- eDiscovery and Communication Compliance reach SharePoint and OneDrive content from Teams.
Microsoft 365 Copilot Grounding on SharePoint Content
IT, security, every Copilot-licensed knowledge worker
Microsoft 365 Copilot grounds its enterprise responses on the content the calling user already has access to in Microsoft Graph — SharePoint sites, OneDrive, Teams chat, Exchange mailboxes, and OneNote. SharePoint is, by volume, the largest grounding surface. The implication is direct: the quality of Copilot answers across an enterprise is dominated by the quality of SharePoint content and the discipline of SharePoint permissions. Copilot will not return content the user does not have access to (the Microsoft Graph access boundary applies), but Copilot will happily ground on stale, duplicate, mislabeled, and over-permissioned content — and an answer that grounds on a five-year-old policy version is worse than no answer. The remediation pattern: deploy SharePoint Advanced Management (now part of Microsoft 365 Copilot and the SharePoint Premium tier) to find oversharing, run Restricted SharePoint Search to scope Copilot grounding to known-good sites during the rollout, apply sensitivity labels to documents containing regulated content, and run a document-currency program (last-modified date + content owner + retention label review) before Copilot enterprise rollout. EPC Group has a documented framework for Copilot rollouts that ground on SharePoint inside HIPAA, FedRAMP, FINRA, and SOC 2 boundaries — the framework starts with the SharePoint content review, not the Copilot license assignment.
- Copilot grounds enterprise responses on SharePoint, OneDrive, Teams, Exchange, OneNote via Microsoft Graph.
- Microsoft Graph access boundary enforces permissions — Copilot will not return content the user cannot read.
- Restricted SharePoint Search scopes Copilot grounding to known-good sites during rollout.
- SharePoint Advanced Management finds oversharing, anonymous links, and inactive sites.
- Sensitivity labels propagate from SharePoint into Copilot responses and Copilot citations.
- Document-currency program (last-modified + owner + retention) is a prerequisite for Copilot enterprise rollout.
Viva Connections Employee Experience Layer
Communications, HR, every employee
Viva Connections is the SharePoint-powered employee experience layer that lives as an app inside Microsoft Teams (and on mobile). The corporate hub site becomes the Viva Connections home experience, the Dashboard surfaces personalized cards (HR self-service, IT help, expense reports, time-off balance, shift schedule, the cafeteria menu, the corporate news feed), the Feed aggregates SharePoint News and Yammer-now-Viva-Engage posts, and the Resources surface routes employees to the hub navigation. Viva Connections is the surface that finally puts the SharePoint intranet in front of the firstline workforce — frontline retail, manufacturing, hospitality, healthcare, and field-services employees — who never opened a desktop browser to load the corporate intranet. The Dashboard authoring experience is card-based; cards can be authored once and audience-targeted to employee segments (region, role, employee resource group), which means the intranet finally becomes personalized at scale. Viva Connections is included in every Microsoft 365 license that includes SharePoint Online — there is no separate license required for the core Connections experience. EPC Group rolls out Viva Connections as the "second mile" of every modern SharePoint intranet engagement: the intranet is delivered through SharePoint hub sites, and then surfaced to the firstline workforce through the Viva Connections app in Teams and on mobile.
- Viva Connections lives as an app inside Microsoft Teams and on mobile — surfaces the SharePoint hub.
- Dashboard cards surface HR self-service, IT help, expense, time off, schedule, news.
- Feed aggregates SharePoint News and Viva Engage posts into a single employee stream.
- Audience targeting personalizes Dashboard cards by region, role, ERG, and employee segment.
- Brings the SharePoint intranet to the firstline workforce that never opened a desktop browser.
- Included in every Microsoft 365 license that includes SharePoint Online — no separate license.
Microsoft Syntex (formerly SharePoint Syntex) AI Document Processing
IT, business process owners, records managers, content owners
Microsoft Syntex (rebranded from SharePoint Syntex) is the AI document understanding service that turns SharePoint document libraries into structured business processes. Syntex includes content understanding models (unstructured document classifiers and field extractors), prebuilt models for common document types (receipts, invoices, contracts), structured document processing (form templates), content assembly (template-based document generation), document translation, eSignature integration, and image tagging. The most common high-value usage pattern is a content understanding model trained on a hospital's clinical consent forms, a bank's mortgage application documents, an insurance carrier's claim packets, or a law firm's contract types — the model classifies the document on upload, extracts the relevant metadata into managed columns, and triggers a Power Automate flow for downstream processing. Syntex billed pay-as-you-go through Azure subscription (per-transaction pricing) and through Microsoft 365 add-on licensing — the model EPC Group recommends most often is the per-transaction Azure subscription model because it matches actual usage and isolates Syntex spend from the rest of the M365 tenant. Syntex extends naturally into Microsoft Purview compliance because the extracted metadata becomes the input to retention labels, sensitivity labels, and DLP policies — turning the document classification itself into a governance lever.
- Content understanding models classify and extract fields from unstructured documents in SharePoint libraries.
- Prebuilt models for receipts, invoices, contracts (Microsoft Syntex Contracts Center).
- Structured document processing handles form-based extraction (Power Automate AI Builder pattern).
- Content assembly generates documents from templates (offer letters, NDAs, statement-of-work patterns).
- Pay-as-you-go Azure billing — pay per document processed, no upfront M365 add-on commitment.
- Extracted metadata feeds Microsoft Purview retention, sensitivity, and DLP labels.
Power Platform Integration on SharePoint Data
Business analysts, citizen developers, COE leaders, IT governance
SharePoint is the most-used data source in the entire Microsoft Power Platform — Power Automate flows trigger on SharePoint list and library events, Power Apps canvas apps read and write to SharePoint lists as the system of record, Power BI semantic models query SharePoint lists for departmental dashboards, and Power Pages portals expose SharePoint data to external users. The usage pattern that delivers the highest ROI: a department builds a SharePoint list as the business object (a request register, an approval queue, an asset inventory, a project tracker), wraps it in a Power Apps canvas app for the input surface, attaches a Power Automate flow for approval routing and notification, and renders a Power BI report on top. The four together replace dozens of legacy InfoPath forms, SharePoint Designer workflows, and Excel-based business processes. The governance pattern that matters: a Power Platform Center of Excellence (CoE) inventories every flow and app, applies environment-level DLP policies (which Microsoft connectors are allowed in which environment), and meters the consumption of premium connectors. EPC Group runs Power Platform CoE engagements alongside SharePoint modernization because the two practices are inseparable in 2026 — a SharePoint list without a Power App is a static record; a SharePoint list with a Power App, a flow, and a Power BI report is an enterprise business process.
- Power Automate flows trigger on SharePoint item-created, item-modified, file-added, approval events.
- Power Apps canvas apps use SharePoint lists as the system of record (the InfoPath replacement).
- Power BI semantic models query SharePoint lists for departmental dashboards.
- Power Pages portals expose SharePoint data to external users with role-based access.
- Power Platform CoE applies environment-level DLP policies and meters premium-connector spend.
- Replaces legacy InfoPath forms, SharePoint Designer workflows, and Excel-driven business processes.
SharePoint Adoption Metrics That Matter
The six numbers EPC Group reports to executive sponsors on every SharePoint and Microsoft 365 engagement. These are the metrics that distinguish a healthy SharePoint estate from a sprawl problem dressed up as an intranet.
| Metric | Healthy benchmark | Source | Why it matters |
|---|---|---|---|
| Weekly active SharePoint users (% of licensed) | 65–80% (healthy); below 50% = adoption gap | Microsoft 365 admin center → Usage analytics → SharePoint activity | The single most-cited SharePoint adoption KPI. Tracks whether employees are actually opening, viewing, or editing content week over week. |
| Document co-author sessions per week | 0.5–2 per knowledge worker per week (healthy) | Microsoft Graph usage reports (getSharePointActivityFileCounts) | Measures whether real collaboration (not just storage) is happening. Low co-authoring rate = teams are still emailing attachments around. |
| % of org with personal OneDrive usage | 80%+ (healthy); below 60% = file-server holdouts | Microsoft 365 admin center → OneDrive usage report | OneDrive is the gateway to SharePoint co-authoring. Low OneDrive adoption usually means a legacy file-server is still in production. |
| External sharing events governed (vs anonymous links) | 100% governed (no anonymous links to sensitive content) | Microsoft Purview audit log + SharePoint Advanced Management oversharing report | Anonymous "Anyone with the link" sharing is the highest-risk SharePoint usage pattern. A defensible posture is zero anonymous links to labeled-sensitive content. |
| # of files using sensitivity labels | 40–70% of regulated-content libraries (healthy) | Microsoft Purview Information Protection → Content Explorer | Sensitivity labels are the enforcement layer for Copilot grounding, DLP, retention, and encryption. Low label coverage = ungoverned Copilot grounding. |
| Search query satisfaction (% of search sessions ending in a click) | 60%+ click-through on top three results (healthy) | Microsoft Search admin center → Usage and insights → Search analytics | The single most-overlooked adoption metric. Low search satisfaction reveals broken information architecture and missing content owners. |
SharePoint Governance and Security
The seven Microsoft Purview and Microsoft Entra controls that turn a SharePoint tenant into a defensible enterprise content platform. Every EPC Group SharePoint engagement is authored against this control set — and the same control set is what makes SharePoint defensible inside HIPAA, FedRAMP, FINRA, SOC 2, and GDPR boundaries.
Data Loss Prevention (DLP)
Microsoft Purview DLP policies block sharing of credit card, SSN, HIPAA, PCI, and custom-classified content out of SharePoint and OneDrive to external recipients. Policy tips warn end users in real time; policy enforcement blocks the action and writes to the Purview audit log. EPC Group authors DLP policy sets per regulated workload (HIPAA, PCI, FINRA, GLBA, CMMC).
Sensitivity labels
Sensitivity labels classify content (Public, Internal, Confidential, Restricted), apply encryption and rights management, control external sharing, and propagate into Copilot citations. Labels are the single most important governance control because they are the enforcement layer for DLP, retention, Copilot grounding scope, and Conditional Access.
Retention policies
Microsoft Purview retention labels hold or delete content at the document, library, site, or tenant level — for state-specific medical-records retention (HIPAA), seven-year financial retention (SOX), federal contract retention (FedRAMP), or short-duration project retention. Retention labels coexist with eDiscovery holds.
External sharing controls
Tenant-level external sharing settings constrain the maximum sharing posture (Anyone, New and existing guests, Existing guests, Only people in your organization). Site-level and channel-level settings further constrain. The defensible default for enterprise is "New and existing guests" with anonymous links disabled and one-time passcode authentication required for guests.
Conditional access
Microsoft Entra Conditional Access policies gate SharePoint and OneDrive access by user risk, sign-in risk, device compliance, network location, and session control. The standard pattern: require compliant device for SharePoint download, block download on unmanaged devices (browser-only access), and require MFA for external sharing.
Microsoft Purview audit logs
Every SharePoint action — view, edit, share, delete, label change, permission change — is written to the Microsoft Purview audit log. Audit log retention is up to 10 years on E5 + Audit Premium. Audit logs stream to Microsoft Sentinel for SIEM correlation and to the customer's data warehouse for compliance reporting.
eDiscovery (Standard and Premium)
Microsoft Purview eDiscovery searches across SharePoint, OneDrive, Teams chat, Exchange mailboxes, and Yammer-now-Engage. eDiscovery Premium adds custodian-based holds, communications analytics, near-duplicate detection, and review-set workflows for litigation and regulatory response.
Compliance Frameworks SharePoint Supports
SharePoint Online — through Microsoft Purview, Microsoft Entra, Microsoft Defender, and the Microsoft 365 substrate — is deployable inside the major regulated-industry compliance frameworks U.S. enterprises operate under. EPC Group maps the controls explicitly per framework.
HIPAA + HITECH
Microsoft 365 is HIPAA-eligible under the Microsoft HIPAA Business Associate Agreement. ePHI is classified via Microsoft Purview sensitivity labels, protected by DLP policies, governed by retention labels mapped to state medical-records retention, and audited via Purview audit logs. See the full healthcare implementation pattern in the Healthcare IT Consulting (HIPAA Microsoft 2026) hub.
FedRAMP + CMMC
SharePoint Online runs in M365 GCC (FedRAMP Moderate), M365 GCC High (FedRAMP High / CUI / ITAR), and M365 DoD (IL5 / IL6). CMMC 2.0 Level 1 / 2 / 3 readiness, NIST SP 800-53 / 800-171 control mapping. See the Federal Microsoft Consulting (FedRAMP / CMMC 2026) hub for federal contractor and DoD detail.
FINRA + GLBA
Financial-services workloads in SharePoint are protected via WORM retention (Microsoft Purview Records Management), Communication Compliance supervision for FINRA-regulated communications, immutable audit logs sized to the SEC 17a-4 retention window, and Information Barriers for legal-mandated separations between segments.
SOC 2
SOC 2 Type II evidence is built from Microsoft Purview audit logs, Microsoft Defender for Cloud compliance reports, Microsoft Entra access reviews, and Microsoft Purview Compliance Manager assessment scores. SharePoint controls map to the AICPA Trust Services Criteria for Security, Availability, Confidentiality, and Processing Integrity.
GDPR + CCPA
Microsoft Purview Data Subject Requests workflow handles GDPR Article 15 / 16 / 17 / 20 requests across SharePoint, OneDrive, Teams, and Exchange. Microsoft Purview Privacy Risk Management surfaces personal-data oversharing and consent gaps. Data residency for EU customers via the Microsoft EU Data Boundary.
GxP (life sciences)
FDA 21 CFR Part 11 — electronic records, electronic signatures, audit trails, IQ / OQ / PQ validation evidence — is deliverable for SharePoint-resident GxP-regulated processes in pharmaceutical, biotech, medical-device, and CRO clients. GAMP 5–aligned CSV deliverables.
Common SharePoint Failure Modes — and the Healthy Pattern
The six failure modes EPC Group remediates most often across SharePoint engagements — paired with the healthy pattern that replaces each one. If your SharePoint estate maps to the red list, the remediation is the green list.
Sprawl of team sites without lifecycle
Thousands of Microsoft 365 group / Teams team / SharePoint sites are created on demand. There is no expiration policy, no owner review, no archive policy, no retention label. Within two years the tenant has 10,000+ sites, most are inactive, and the search index is full of stale content.
Microsoft 365 Groups expiration + Site Lifecycle policy
Microsoft 365 Groups expiration policy (renewal required every 6 / 12 / 24 months) plus the SharePoint Site Lifecycle policy (inactive site review and archive) keep the tenant clean. Inactive sites are archived to long-term storage; abandoned sites are deleted on a documented schedule.
No information architecture
No hub-and-spoke design. Sites named at random ("Project Phoenix", "Q3 Strategy"). No managed metadata, no content types, no taxonomy. Search returns thousands of irrelevant results. Employees give up and revert to emailing attachments.
Hub-and-spoke + managed metadata taxonomy
Corporate hub plus departmental spokes. Managed metadata taxonomy (term store) drives navigation, search refiners, and content classification. Site templates enforce content types and naming conventions. Search returns scoped, relevant results.
OneDrive becomes a second silo
Employees store everything in personal OneDrive — including content that belongs in shared SharePoint libraries. When the employee leaves, the content is orphaned. There is no version-controlled, owner-attributed shared workspace.
OneDrive = personal scratchpad, SharePoint = shared system of record
Clear policy: OneDrive for personal drafts and in-progress work; SharePoint for shared, owned, retained team content. Employee offboarding migrates OneDrive content to the receiving manager or to a designated archive site. Adoption training reinforces the boundary.
External sharing wide open
Tenant default is "Anyone with the link can edit". Anonymous links proliferate. Sensitive content (HR, financial, IP, ePHI) has been shared anonymously across the internet — discoverable by anyone who finds the link.
Governed external sharing posture
Tenant default is "New and existing guests" with anonymous links disabled. Site-level settings tighten further for regulated workloads. Guests authenticate with a one-time passcode or Microsoft Entra B2B. SharePoint Advanced Management oversharing report runs monthly.
No Copilot grounding strategy
Copilot is licensed and rolled out before SharePoint content is reviewed. Copilot grounds on stale policies, duplicate documents, mislabeled content, and over-permissioned sites. Users lose trust in the answers and stop using Copilot. The license spend is wasted.
SharePoint content review before Copilot rollout
Document-currency program (last-modified date + content owner + retention label) runs before Copilot enterprise rollout. Restricted SharePoint Search scopes initial Copilot grounding to known-good sites. Sensitivity labels propagate into Copilot citations. Copilot answers are trustworthy from day one.
No adoption program — IT-only rollout
SharePoint is deployed by IT. There is no champion network, no training material, no executive sponsorship, no measurement of adoption metrics. Six months later, the legacy file server is still being used and SharePoint is "the place IT made us put things".
Champion network + adoption measurement + executive sponsorship
Champion network across business units (one champion per 50–100 employees). 30-minute manager-led training plus a one-page reference. Executive sponsor demonstrates use in town halls. Adoption metrics reported monthly to the steering committee. SharePoint becomes the daily-driver workspace.
EPC Group's SharePoint Credential Stack
The credential stack that underpins every EPC Group SharePoint engagement. This is the operating evidence — not marketing language — that distinguishes a senior-architect-led delivery firm from a body-shop staffing model.
- 29 years of continuous SharePoint delivery — founded 1997, one of the longest-tenured Microsoft Solutions Partners in the United States and the original Microsoft SharePoint consultancy.
- 6,500+ SharePoint implementations across 70+ Fortune 500 clients — every SharePoint architecture pattern from SharePoint 2003 through SharePoint Online and SharePoint Server Subscription Edition.
- Errin O'Connor — 4 Microsoft Press bestselling books, including 3 SharePoint titles (SharePoint Foundation 2010, SharePoint 2013 Field Guide, WSS 3.0). Original Microsoft SharePoint Project Tahoe Beta Team member.
- All 6 current Microsoft Solutions Partner Designations — Modern Work, Business Applications, Data & AI (Azure), Digital & App Innovation (Azure), Infrastructure (Azure), Security.
- Federal past performance: NASA, the FBI, the Federal Reserve, and the Pentagon. 216+ M&A M365 tenant migrations totaling 1.83 million users migrated 2023–2025.
- G2 Leader — six consecutive quarters. 100 NPS. Senior-architect-led delivery — no juniors, no offshore on client engagements.
Positioning: The senior architects who built SharePoint at Microsoft would call when their CIO clients needed help.
EPC Group vs SCNSoft, BeyondIntranet, Centric, Avanade
The five-firm SharePoint comparison enterprise buyers shortlist most often. Compared across the six criteria that determine the outcome of a SharePoint engagement: SharePoint years, named implementations, Microsoft Press authorship, federal / healthcare past performance, lifecycle-anchored delivery, and transparent fixed-fee pricing.
| Criterion | EPC Group | SCNSoft | BeyondIntranet | Centric Consulting | Avanade |
|---|---|---|---|---|---|
| Years in SharePoint | 29 years (since 1997 — original Microsoft SharePoint consultancy) | 18+ years SharePoint practice within a broader IT services firm | 15+ years SharePoint-specific practice | 20+ years (firm founded 1999, SharePoint practice ramps later) | 20+ years (Microsoft-Accenture joint venture, founded 2000) |
| Named SharePoint implementations | 6,500+ SharePoint implementations across 70+ Fortune 500 clients | 50+ named implementations cited publicly | 500+ named intranet implementations cited publicly | Named regional clients in U.S. mid-market segment | Large enterprise references — full enumeration not public |
| Microsoft Press authorship | 4 Microsoft Press books (Errin O'Connor) — 3 SharePoint titles (SharePoint Foundation 2010, SharePoint 2013 Field Guide, WSS 3.0) | No Microsoft Press authorship cited | No Microsoft Press authorship cited | No Microsoft Press authorship cited | Internal Microsoft engineering relationships; no individual Microsoft Press authorship cited |
| Federal / healthcare past performance | Federal past performance: NASA, the FBI, the Federal Reserve, and the Pentagon. Active healthcare engagements (Palmetto Infusion). | Public sector and healthcare references — full enumeration not public | Enterprise intranet references, healthcare cited | U.S. mid-market with selective federal and healthcare references | Federal Microsoft delivery via Accenture Federal Services and direct |
| Lifecycle-anchored delivery | The EPC Group Lifecycle: Assess → Modernize → Govern → Operate → Enable | Project-based delivery; lifecycle framework not publicly named | Project-based delivery; lifecycle framework not publicly named | Project-based delivery; lifecycle framework not publicly named | Accenture-style methodology (Avanade Advisory + Build + Run) |
| Transparent fixed-fee pricing | Fixed-fee accelerators published with scope, deliverables, and timeline | Custom-quoted T&M and fixed-fee, scope-dependent | Custom-quoted T&M and fixed-fee, scope-dependent | T&M staff augmentation and project-based fixed-fee | T&M and fixed-fee enterprise engagements, scope-dependent |
Three EPC Group SharePoint Engagement Models
Three engagement frames cover the entire enterprise SharePoint lifecycle — fixed-fee Assessment, fixed-fee 90-day Modernization, and an ongoing monthly retainer for Managed Governance. Pricing and scope are published before the first call.
SharePoint Adoption Assessment
Two-week fixed-fee assessment
A senior-architect-led two-week SharePoint adoption assessment that reads the current tenant against the seven enterprise usage patterns: hub-and-spoke architecture, document co-authoring, Teams-backed channels, Copilot grounding readiness, Viva Connections deployment, Syntex use cases, and Power Platform integration. EPC Group reviews the Microsoft 365 admin center usage reports, SharePoint Advanced Management oversharing report, Purview Content Explorer label coverage, Microsoft Search query analytics, and a sample of the highest-traffic sites. The output is a costed remediation roadmap with senior-architect readout.
Deliverables
- Hub-and-spoke architecture assessment with proposed site map
- SharePoint Advanced Management oversharing and inactive-site report
- Microsoft Purview sensitivity-label and retention-label coverage report
- Microsoft Search query satisfaction analysis with information-architecture gaps
- Copilot grounding-readiness scorecard against the seven usage patterns
- Prioritized remediation backlog with effort estimates and a 90 / 180 / 365-day roadmap
Intranet Modernization Accelerator
90-day fixed-fee migration / modernization
A 90-day fixed-fee SharePoint intranet modernization that delivers the hub-and-spoke architecture, Viva Connections rollout, document-library lifecycle policies, sensitivity-label taxonomy, Microsoft Search optimization, and a champion-network adoption program. Sized per accelerator to a defined seat band, a defined content footprint, and a defined number of hub-associated spoke sites. EPC Group has delivered this accelerator across academic medical centers, financial services firms, federal contractors, and global manufacturers — the 90-day frame is the consistent rule, not the exception.
Deliverables
- Corporate hub + 5–15 departmental spoke sites built to the EPC reference design
- Viva Connections rollout to the Teams app and the mobile experience
- Document-library default version cap, auto-save, and lifecycle policies enforced
- Sensitivity-label taxonomy (Public / Internal / Confidential / Restricted) applied to regulated libraries
- Microsoft Search vertical configuration, query rules, and bookmarks for high-frequency searches
- Champion-network rollout with one champion per 50–100 employees plus manager-led training
Managed SharePoint + Copilot Governance
Ongoing monthly retainer
A senior-architect-led monthly retainer covering ongoing SharePoint and Microsoft 365 Copilot governance — sensitivity-label and DLP policy authoring, oversharing remediation, Copilot grounding scope management, retention-label updates, sites-lifecycle operation, search-result optimization, adoption-metric reporting, and Microsoft release-wave change management. Onshore-only with named architects per retainer. This is the operating model that replaces a SharePoint Center of Excellence for organizations that do not want to staff one internally.
Deliverables
- Monthly oversharing remediation against the SharePoint Advanced Management report
- Quarterly sensitivity-label and DLP policy review with Privacy / Compliance leadership
- Microsoft Search optimization (query rules, bookmarks, vertical tuning) against query analytics
- Monthly adoption-metric report (WAU, co-authoring, OneDrive usage, label coverage, search satisfaction)
- Microsoft release-wave change management aligned to the customer change-control calendar
- Copilot grounding scope management — Restricted SharePoint Search and label-propagation review
Frequently Asked Questions
What is the difference between SharePoint Online and SharePoint Server in 2026?
SharePoint Online is the cloud-hosted, Microsoft-operated service inside the Microsoft 365 suite — included in M365 E1, E3, E5, F1, F3, and Business Premium licenses. SharePoint Online receives the modern intranet, hub-and-spoke architecture, Viva Connections, Microsoft 365 Copilot grounding, Microsoft Syntex AI document understanding, Microsoft Purview compliance, and the Microsoft Lists, Power Apps, and Power Automate integration surfaces. SharePoint Server is the on-premises, customer-hosted product — SharePoint Server 2019 and SharePoint Server Subscription Edition (the current evergreen on-prem release) are still supported by Microsoft. SharePoint Server is the deployment option for organizations with regulatory or sovereignty requirements that prevent cloud, but feature parity has not been the goal since 2019 — Microsoft 365 Copilot grounding, Viva Connections, Microsoft Syntex, Microsoft Purview, and the Power Platform integrations do not run against SharePoint Server. The right enterprise pattern in 2026 is SharePoint Online inside the Microsoft 365 tenant, with SharePoint Server Subscription Edition reserved for the residual on-prem footprint that is bound by regulation or sovereignty. EPC Group runs both deployment models and has delivered hybrid migrations for enterprises moving from SharePoint Server 2013 / 2016 / 2019 to SharePoint Online.
How are Microsoft Teams and SharePoint related?
Microsoft Teams and SharePoint are intentionally integrated. Every Microsoft Teams team has a SharePoint site behind it: the Files tab in every channel is a SharePoint document library, the team wiki and OneNote are SharePoint content, and the team itself is a Microsoft 365 Group. Standard channels share the root team site document library. Private channels create dedicated SharePoint sites with isolated permissions. Shared channels (Microsoft Teams Connect) create dedicated SharePoint sites and support cross-tenant collaboration via Microsoft Entra B2B Direct Connect. The mental model: Teams is the conversational and meeting surface; SharePoint is the storage and content substrate. Files shared in a Teams chat or channel are stored in SharePoint or OneDrive — not in Teams. Sensitivity labels, retention policies, DLP, eDiscovery, and Microsoft Purview audit logs all reach SharePoint content from Teams. The governance implication: a Teams sprawl problem is almost always a SharePoint sprawl problem in disguise, and the remediation is a SharePoint Site Lifecycle policy plus the Microsoft 365 Groups expiration policy. EPC Group has rolled out Teams + SharePoint governance for 70+ Fortune 500 clients.
How does Microsoft 365 Copilot read SharePoint content?
Microsoft 365 Copilot reads SharePoint content through Microsoft Graph — the same access boundary that every other Microsoft 365 application uses. Copilot grounds responses on content the calling user already has access to: SharePoint sites and document libraries the user can read, OneDrive content the user owns or has been shared with, Teams chat the user is a member of, Exchange mail in the user's mailbox, and OneNote the user can read. Copilot will not return content the user does not have permission to read — the Microsoft Graph access boundary is enforced. The implication is direct: the quality of Copilot answers is dominated by SharePoint content quality and SharePoint permissions discipline. Copilot will happily ground on stale, duplicate, mislabeled, and over-permissioned content. Sensitivity labels propagate into Copilot citations — a labeled-Confidential document quoted by Copilot retains the label and the encryption. Restricted SharePoint Search lets administrators scope Copilot grounding to a known-good set of sites during the initial rollout. EPC Group's Copilot rollout playbook starts with the SharePoint content review — not the Copilot license assignment — because the content posture is what determines the Copilot answer quality.
What is a defensible SharePoint governance starter kit for a Fortune 500 enterprise?
The defensible starter kit has six controls. (1) Microsoft 365 Groups expiration policy with a 12-month renewal requirement and a named owner per group. (2) SharePoint Site Lifecycle policy for inactive-site review, archive, and delete on a documented schedule. (3) Sensitivity-label taxonomy — Public, Internal, Confidential, Restricted — applied to regulated-content libraries via Microsoft Purview Information Protection with auto-labeling for Confidential and Restricted patterns. (4) Microsoft Purview DLP policy set covering credit card, SSN, HIPAA, PCI, GDPR personal data, and the customer's custom-classified content. (5) External sharing posture at "New and existing guests" tenant-wide with anonymous links disabled and one-time passcode authentication required; site-level overrides tighten further for regulated workloads. (6) SharePoint Advanced Management oversharing report running monthly with a remediation backlog reviewed by IT, Privacy, and Compliance. EPC Group delivers this starter kit as a fixed-fee Microsoft 365 governance accelerator and runs it ongoing under a Managed SharePoint + Copilot Governance retainer.
What are safe defaults for SharePoint external sharing?
The defensible enterprise default is tenant-level external sharing set to "New and existing guests" — guests must authenticate with a Microsoft Entra B2B account or one-time passcode, anonymous links ("Anyone with the link") are disabled tenant-wide, and the default sharing link type is set to "Specific people" rather than "People in your organization" or "Anyone". Conditional Access policies require multifactor authentication for external sharing sessions. Site-level overrides tighten further for regulated workloads — HR, Legal, Finance, M&A, regulated-research, ePHI, CUI — by setting those sites to "Only people in your organization" or "Existing guests only". SharePoint Advanced Management oversharing report (part of the SharePoint Premium tier) runs monthly to surface sites with anonymous links, broadly-shared sensitive content, and inactive-but-shared sites. Microsoft Purview DLP policies block sharing of credit card, SSN, HIPAA, PCI, GDPR, and CUI patterns to external recipients. For federal contractors and DoD organizations, GCC and GCC High tenants have stricter defaults — anonymous links are disabled by Microsoft platform policy.
How do we optimize SharePoint search results for an enterprise?
SharePoint and Microsoft Search optimization spans six controls. (1) Hub-scoped search — corporate hub plus departmental spokes give each spoke a scoped search vertical that returns relevant departmental results by default. (2) Managed metadata and content types — the managed term store drives search refiners (department, document type, region, year, project), and content types attach managed columns that become searchable properties. (3) Query rules and bookmarks — Microsoft Search bookmarks surface high-frequency searches ("VPN", "expense report", "office hours", "HR policy") as the first result. (4) People search — populate Azure AD profiles with skills, expertise, and projects so people search returns the right subject-matter expert. (5) Promoted results and answer cards for known queries. (6) Search analytics review — Microsoft Search admin center publishes query analytics that show which queries are returning zero clicks (broken IA) and which queries are dominated by stale content (currency gaps). EPC Group runs a Microsoft Search optimization sprint as part of every Intranet Modernization Accelerator engagement.
What are the high-value Microsoft Syntex use cases in SharePoint?
Microsoft Syntex (rebranded from SharePoint Syntex) delivers value where document classification, field extraction, or template-based content assembly is the operational bottleneck. High-value enterprise patterns: (1) Contract intelligence via Microsoft Syntex Contracts Center — extract counterparty, effective date, expiration, governing law, indemnification, and assignment provisions from contracts on upload; surface the metadata in a Power BI contracts dashboard. (2) Invoice and receipt processing — prebuilt Syntex models classify invoices and receipts and extract vendor, amount, tax, line items; trigger Power Automate flows for AP routing. (3) Healthcare clinical document classification — train a content understanding model on hospital-specific clinical document types (H&P, consult notes, discharge summaries, face sheets) for ECM and records management. (4) Financial-services account-opening packets — classify and extract from KYC, AML, and account-opening documents. (5) Insurance claim packets — classify claim documents, extract claim metadata, route into the claims-management system. (6) Template-based content assembly — generate NDAs, offer letters, statements-of-work, and engagement letters from SharePoint-resident templates with managed-metadata-driven variable substitution. Syntex pricing is pay-as-you-go through an Azure subscription, which isolates Syntex spend from the rest of the Microsoft 365 tenant.
What is the right strategy for migrating from SharePoint Server to SharePoint Online?
A defensible SharePoint Server to SharePoint Online migration follows five phases. Phase 1 (Discovery and assessment, 2–4 weeks) — inventory every SharePoint farm, web application, site collection, custom code, third-party add-in, and integration. Identify what can move to SharePoint Online (modern content), what needs remediation (legacy publishing pages, InfoPath forms, SharePoint Designer workflows), and what stays on-premises by regulation. Phase 2 (Information architecture and target design, 2–4 weeks) — design the destination hub-and-spoke architecture, managed metadata taxonomy, content types, and sensitivity-label scheme. Phase 3 (Pilot migration, 2–4 weeks) — migrate 3–5 representative site collections to a pilot SharePoint Online tenant or a target hub. Validate content fidelity, permissions, search, and integrations. Phase 4 (Wave migrations, 8–16 weeks) — migrate site collections in priority-ordered waves using Mover, ShareGate, AvePoint, or Quest tooling. Remediate legacy publishing pages to modern pages, replace InfoPath forms with Power Apps, replace SharePoint Designer workflows with Power Automate. Phase 5 (Decommission and stabilize, 4–8 weeks) — decommission the on-premises farms, run user adoption and training, hand off to ongoing Managed SharePoint + Copilot Governance. EPC Group has delivered SharePoint Server to SharePoint Online migrations across 6,500+ implementations.
Continue in the EPC Group SharePoint and Microsoft 365 Knowledge Base
Adjacent hubs and service pages — SharePoint expertise, Microsoft 365 consulting, migrations, and the industry verticals (healthcare, federal, digital transformation) where SharePoint governance posture matters most.
Talk to a Senior SharePoint Architect
A 60-minute scoping call with a senior architect — no sales lead, no associate. Bring your tenant, your hub-and-spoke map, your Teams sprawl, your Copilot rollout questions, or your governance gaps. We will give you a straight read on scope, sequencing, fixed-fee pricing, and Microsoft Purview control mapping.
Errin O'Connor, CEO and Chief AI Architect · EPC Group · 4900 Woodway Drive, Suite 830, Houston, TX 77056 · contact@epcgroup.net · 888-381-9725