SharePoint


SharePoint is a web-based collaborative platform primarily used for building corporate intranets, document and content management, and file sharing. Developed by Microsoft, It is primarily used as part of the hosted service Microsoft 365, but it can also be hosted by an IT department or service provider, using an on premises version called "Server Edition". Launched in 2001, it was initially bundled with Windows Server as Windows SharePoint Server, then renamed Microsoft Office SharePoint Server, and then finally renamed SharePoint.
According to Microsoft, as of 2020, SharePoint had over 200 million users.

Application

The most common uses of SharePoint include:

Enterprise content and document management

SharePoint allows storage, retrieval, searching, archiving, tracking, management, and reporting on electronic documents and records. Many of the functions in this product are designed around various legal, information management, and process requirements in organizations. SharePoint also provides search and "graph" functionality. SharePoint allows collaborative real-time editing and encrypted/information-rights-managed synchronization by providing the underlying technical infrastructure for Microsoft OneDrive.
SharePoint is often used to replace or supplement an existing corporate file server, and is typically coupled with an enterprise content management policy.

Intranet and social network

A SharePoint intranet or intranet portal is a way to centralize access to enterprise information and applications. It is a tool that helps an organization manage its internal communications, applications and information more easily. By providing the tools to capture and share explicit knowledge in an organisation, Microsoft claims organizational improvements in employee training, employee engagement, business process management, organizational communication, and crisis management. These capabilites are usually centered around "Communication sites".

Group collaboration

SharePoint contains team collaboration groupware capabilities, including: document / file management, project scheduling, and other information tracking. This capability is centred around "team sites". Team sites are created whenever a Microsoft Teams team is created, but they are also created independently of these, and have been a feature of SharePoint since 2001.

File hosting service (personal cloud)

SharePoint sites are the hosting infrastructure for OneDrive For Business, which allows storage and synchronization of an individual's personal work documents, as well as public/private file sharing of those documents.

Custom web applications (SharePoint Server edition)

Historically, SharePoint's Server Edition's custom development capabilities provided an additional layer of services that allowed for rapid prototyping of integrated web applications. SharePoint provided developers with integration into corporate directories and data sources through standards such as REST/OData/OAuth. Enterprise application developers used SharePoint's security and information management capabilities across a variety of development platforms and scenarios.

Configuration, integration, and customization

Web-based configuration

SharePoint is primarily configured through a web browser. Capabilities for the management of a SharePoint site are "security trimmed", meaning that editing capabilities simply appear in place when permissions are granted. A "Site Collection Administrator" has the highest level of permission to manage an individual SharePoint sites.

Admin Center

An administration center for configuring organisation-wide settings is usually available to SharePoint Administrators, who are responsible for managing the underlying infrastructure.
In the cloud, this is called the "SharePoint Admin Center". Features include:
  • Tenant-wide policy controls around sharing/permissions, access control, apps, APIs, and security controls.
  • Tenant-wide configuration of content services: search, managed metadata, content types, and other governance.
  • Tenant-wide health and security reports, service health checks, migration features, and hybrid configuration.
In Server edition, This is called the "central administration site", and it contains significantly more features are available for the administration and health of the SharePoint server farm. Because they are not operated as a shared resource, Features like the search crawler are more controllable and configurable.

Command line tools

Microsoft SharePoint's Server and SharePoint Online have multiple command line or PowerShell utilities available to ease administration.
  • Microsoft also provides an official PowerShell module for , as well as for . These are supported only on Windows.
  • The open source is managed by Microsoft, and is widely used in cloud hosted environments. It is available on PowerShell for Windows, Mac and Linux.
  • A broader, cross-platform is also available.

    Integrating with SharePoint

  • The Microsoft Power Platform provides significant extensibility for SharePoint Online, especially Power Automate.
  • Microsoft Graph provides an API endpoint for Microsoft 365 that is frequently used for SharePoint Online.
  • SharePoint provides , including REST, ODATA, and object models.

    Developing on SharePoint Online

  • The SharePoint Framework provides a development model based on the TypeScript language. It is the only supported way to deeply customize the new modern experience user interface, and is the only long-term supported cloud customization approach. It has been globally available since mid 2017.
  • Legacy options such as sandboxed solutions or add-in model applications are reaching end-of-life in April 2026.

    Developing on SharePoint Server Edition

  • SharePoint Server Edition has very limited support for SPFx, using very old/limited versions of React and Node.
  • The SharePoint "Add-in model" provides various types of external applications that offer the capability to show authenticated web-based applications through a variety of UI mechanisms. Apps may be either "SharePoint-hosted", or "Provider-hosted". Provider hosted apps may be developed using most back-end web technologies.
  • "Sand-boxed" plugins can be uploaded by any end-user who has been granted permission. These are security-restricted, and can be governed at multiple levels.
  • Farm features are typically fully trusted code that need to be installed at a farm-level. These are considered deprecated for new development.
  • Service applications: It is possible to integrate directly into the SharePoint SOA bus, at a [|farm] level. This is no longer a recommended approach.

    SharePoint Designer

SharePoint Designer is a deprecated product that provided 'advanced editing' capabilities for HTML/ASPX pages, but remains the primary method of editing SharePoint's legacy workflows. A significant subset of HTML editing features were removed in Designer 2013, and the product is expected to be deprecated in 2016–7.

Security, administration and compliance

Cloud edition

Microsoft 365 provides legal compliance features through their Microsoft Purview product, Microsoft Intune Endpoint Management, and the SharePoint admin center, where retention policies and sharing policies can be administered by the SharePoint Administrator.
Some legacy features such as in-place retention can be configured without the additional cost of Purview.

Server edition

SharePoint's architecture enables a 'least-privileges' execution permission model.
SharePoint Central Administration provides a complete centralized management interface for web and service applications in the SharePoint farm, including Active Directory account management for web and service applications. In the event of the failure of the CA, Windows PowerShell is typically used on the CA server to reconfigure the farm.

Security and patching issues

Microsoft SharePoint Server Edition has a manual patching arrangement that is widely regarded as convoluted and complex. Over the years, it has been subject to numerous critical security vulnerabilities, which are frequently exploited in the wild. As a consequence, is no longer considered best practice to host SharePoint server edition with public facing internet access.

CVE-2025-53770

A zero-day attack targeting government agencies, universities, and businesses in the United States, China, and Europe using on-prem SharePoint servers started on 18 July 2025. The attackers exploited a weakness dubbed "ToolShell" allowing them to take control of SharePoint servers and gaining Machine Keys. Those keys can then be used to install whatever an attacker wants, including back doors for future attacks. Microsoft issued updates for SharePoint Server Subscription Edition and SharePoint Server 2019 on 20 July 2025. A CISA alert was issued on 20 July 2025. Microsoft stated the exploit was used by Chinese state-sponsored advanced persistent threat groups dubbed Linen Typhoon, Violet Typhoon and Storm-2603 to breach servers of the National Nuclear Security Administration and other organizations.

Server edition architecture

SharePoint Server Edition can be scaled down to operate entirely from one developer machine, or scaled up to be managed across hundreds of machines.

Farms

A SharePoint farm is a logical grouping of SharePoint servers that share common resources. A farm typically operates stand-alone, but can also subscribe to functions from another farm, or provide functions to another farm. Each farm has its own central configuration database, which is managed through either a PowerShell interface, or a Central Administration website. Each server in the farm is able to directly interface with the central configuration database. Servers use this to configure services to match the requirements of the farm, and to report server health issues, resource allocation issues, etc...