Stop the Sprawl: Build a Simple, Secure SharePoint Intranet with One Site
oo many small businesses turn SharePoint into a mess of scattered sites, folders, and inconsistent permissions — all because Microsoft makes it too easy to create new sites and Teams. You don’t need that headache.
Here’s how to build a clean, functional SharePoint intranet with just one site, while still giving departments and teams the access and flexibility they need — without the chaos.
🏠 One Site to Rule Them All
Instead of creating multiple SharePoint sites for every team, project, or topic, stick with a single Communication Site that acts as your company’s home base.
This one site becomes your intranet — your digital front door where employees access news, documents, resources, and tools.
Why this works better:
- Simplifies navigation and search
- Reduces permission management complexity
- Eliminates accidental Teams/Group sprawl
- Easier for IT to manage and secure
📁 Create Document Libraries, Not More Sites
Every department or function can have its own document library within the single site. No need for separate sites.
📚 Examples:
HRDocumentsMarketingAssetsFinanceFilesITSupportDocsCompanyPolicies
Each library serves as a clean boundary for access and organization.
🧩 Naming Convention for SharePoint Permissions
To keep group-based permissions clean and auditable, implement a strict naming standard for all SharePoint security groups.
🛠 Examples:
| Group Name | Purpose |
|---|---|
SPO-HR-Contribute | Edit access to HR document library |
SPO-Finance-Read | Read-only access to Finance docs |
SPO-CompanyPortal-Owners | Full control of the main site |
SPO-ITSupport-FullControl | IT-only admin access |
📌 Create these groups in Microsoft Entra ID or the Microsoft 365 Admin Center, not directly in SharePoint. Avoid manually assigning permissions to individual users — it’s a nightmare to maintain.
🔐 Disable Inheritance & Lock Down Permissions
By default, new pages and libraries inherit permissions from the main site — that’s risky. Instead, break inheritance where needed and assign security groups directly.
To Disable Inheritance in a Document Library:
- Go to the document library settings.
- Click Permissions for this document library.
- Select Stop Inheriting Permissions.
- Remove any unnecessary groups.
- Click Grant Permissions and add your
SPO-security groups with proper roles (Read / Contribute / Full Control).
Example:
SPO-HR-Contribute— edit accessSPO-AllStaff-Read— view-only access to company-wide policies
📄 Control Access to SharePoint Pages
You can also apply permissions to individual SharePoint pages — perfect for dashboards, internal tools, or restricted content.
To Restrict a Page:
- Go to the Site Pages library.
- Click the three dots next to the page > Manage access.
- Click Stop Inheriting Permissions.
- Remove inherited groups and assign new ones using your
SPO-groups.
🛑 Important: Restricting a page doesn’t automatically restrict content inside it. Make sure any document libraries or web parts on the page are also properly locked down.
🔍 Avoid Deep Folder Structures
Folders are easy, but they lead to pain:
- Broken URLs
- Confusing search results
- Permission overlap
Instead:
- Use multiple document libraries instead of folders.
- Use metadata columns to tag documents if needed.
- If folders must be used, avoid nesting more than 1–2 levels deep.
🔧 Pro Admin Tips
✅ Create a “Locked Down” Template
Use a base library with inheritance already disabled and correct permission groups set. Copy this when creating new libraries.
✅ Document Your Access Structure
Track all SPO groups and their access levels in a shared document or OneNote tab. Include descriptions, owners, and review dates.
✅ Quarterly Permissions Review
Every quarter, review all:
- Document libraries
- Site pages
- Security groups
Look for drift: old users, unnecessary access, or broken inheritance.
🧭 Keep Navigation Simple and Relevant
Use the left-hand navigation panel or create a homepage layout with:
- Quick links to document libraries
- News or announcement web parts
- Contact cards for department leads
- Call-to-action buttons (like “Request Time Off” or “Submit a Ticket”)
Avoid showing links users don’t have access to — this just creates frustration and unnecessary support tickets.
✋ Disable Self-Service Site Creation
This step is critical.
Out of the box, anyone in your org can create a Microsoft 365 Group — which creates a SharePoint site and a Team. Shut this down.
To lock it down:
- Use PowerShell or Entra ID settings to restrict Microsoft 365 group creation to IT admins only.
- Enforce naming conventions via Entra ID group naming policies.
💡 Pair this with an internal request form for new content areas — like a new library or a new page.
✅ Summary: Simple, Secure SharePoint
You don’t need 20 sites and 100 groups. You need one site, clean libraries, tight permissions, and group-based access control.
Here’s the cheat sheet:
| Task | Method |
|---|---|
| Intranet structure | One communication site |
| Document organization | Separate libraries per function |
| Permissions | Disable inheritance and assign SPO-[Name]-[Level] groups |
| Navigation | Quick links and custom homepage |
| Access control | No individual users — use Entra ID groups |
| Site sprawl | Disable group/site self-service creation |
Final Thoughts
Small businesses don’t have SharePoint teams. So don’t build something you can’t manage. With one site, clear security group names, and proper permissions, you get a functional, professional intranet that won’t turn into a disaster six months later.