One of this fall’s (2019) improvements on SharePoint Online are organization asset libraries. Asset libraries enable organizations to have a centralized location for hosting and sharing assets to site authors, news creators and end-users. For example authors can easily pick an image from image library provided by the organization and images are available on modern sites throughout the whole Office 365 tenant. When asset libraries are setup, SharePoint offers “Your organization” as one of the sources for images.

Organization asset libraries

All configured libraries are shown on Your organization view and it is possible to add a thumbnail image for each library. Up to 30 libraries can be promoted as an organization asset library and it might be a good idea having several libraries for different assets, even several image libraries for different kind of images might be also a good idea. With thumbnails it is looking way better than with traditional folders. And folders are, of course, also supported. Libraries are just document libraries, so it is possible to use them as usual, have metadata, views and structures.

One limitation from information architecture perspective is that all configured asset libraries need to reside in one site collection and that needs some thinking how organization is providing assets and how end-users are consuming them.

Configuration is made with SharePoint Online Management Shell. Currently Management Shell allows choosing from three different type of assets: ImageDocumentLibrary, OfficeTemplateLibrary and Undefined. Only first option is currently supported and you can possibly guess the functionality of the second option. CDN (Content Delivery Network) needs to be enabled on a tenant level and it is enabled during setup process. Library will be automatically set up as a CDN Origin, which means that library content will be replicated automatically to CDN service. CDN type, Public or Private (default setting), can be chosen. After the setup CDN can be disabled, but I don’t recommend disabling CDN at all for performance sake. Also notice that when library is demoted, CDN Origin setting is not removed.

After configuration it will take some time before library appears on “Your organization” and content authors can start using it.

CDN type and permission considerations

First thing to make sure is that all content authors allowed to use organization’s assets have at least Read access to the site hosting assets libraries or to a single asset library. Notice that all asset libraries are visible to content authors, but if content author doesn’t have permissions to certain library, it’s looks empty.

CDN (Content Delivery Network) is a common mechanism for hosting your assets, like images, JavaScripts, css files, etc. on dedicated service made for that purpose. Office 365 offers CDN as a complimentary service and it is automatically enabled with default settings.

When Public CDN is used for asset library, all content in the library is anonymously available for anyone having the URL. Public CDN should be used for non-sensitive assets, like images, JavaScripts and css-files. Private CDN respects SharePoint library permissions. So if user doesn’t have access to original library, content is not displayed. This also considers external users.

If you are planning to use only Private CDN configured asset libraries, you need to make sure that users consuming the assets have access to original libraries. The simplest option is grant everyone a read permission to site hosting asset libraries.

Using document library and/or folder level permissions enables possibilities to offer private asset libraries for different target groups on the Office 365 tenant, for example organizations having independent subsidiaries or tenants serving several different organizations. This may quickly lead to uncontrolled situation where it’s not clear who can access and what is displayed. In these cases stakeholders should really consider is asset library mechanism really useful for their use case or could there be centralized asset library for all tenant users and private assets are provided in regular document libraries for different target groups. Also when using different permissions on different asset libraries may lead to a situation where content authors gets access denied errors or see an empty library, which can be confusing.

My advice is that don’t mess with the permissions, it will make your life easier. For the governance sake, there should be a very strong argument for document library or folder level permissions.

My thoughts for design and recommendations

Yet again, setting up organization’s asset library is a simple technical implementation, done in just few minutes, but designing how it fits to organization’s needs and the information architecture really needs some thinking. Benefits are obvious. Organizations can share their visual identity throughout their Office 365 tenant, content authors can easily add images to their content and content looks nice to end users.

My recommendations for currently supported asset libraries for images

  • If your library is having hundreds of items, think about dividing it to several libraries. You could, for example, categorize your images like Icons, Fun, Offices, People, Our Products, etc.
  • Add thumbnails to your libraries to make it look nice.
  • If you are using folders, use clear naming.
  • Use public CDN for non-sensitive content, like stock images.
  • Grant access to all organization’s users and keep Sync enabled. Users can sync library content to their workstation and utilize content on presentations, documents and other services, even when offline.
  • Really consider your options, when you need to limit access to asset libraries.

How to configure asset libraries with PowerShell:

Detailed information about Office 365 CDN: