Query Unique Permissions in SharePoint using CSOM and PnP PowerShell

Managing permissions in SharePoint is a critical aspect of maintaining data security and compliance within organisations. However, as SharePoint environments grow in complexity, manually auditing and managing permissions becomes increasingly challenging. To address this challenge, PowerShell scripts can be leveraged to automate the auditing process, providing administrators with valuable insights into permission structures across SharePoint sites and libraries.

What do SharePoint permissions have to do with Copilot for Microsoft 365?

Copilot for Microsoft 365 can access data from all the tenant, whether it’s Outlook emails, Teams chats and meetings, SharePoint and OneDrive. SharePoint is where all most documents, videos, and more are stored.

Just like Microsoft Search, M365 Copilot only has access to information that the user have at least read access to. M365 Copilot will never use information that the user do not have permission to access. However if the tenant has sites with misconfigured permissions, it can lead to data security issues.

Many companies have practiced “Security by Obscurity” for long periods, hoping that users do not access data they do not know about, even if technically they would have access to it.

However, M365 Copilot’s ability to parse terabytes of data in milliseconds makes it easier for everyday users to find information inside a Copilot’s answer and expose your organisation to internal data leaks due to oversharing.

For M365 Copilot implementation or just protecting data, ensuring there is no oversharing is a critical aspect of safeguarding sensitive information and maintaining regulatory compliance. By integrating the unique permissions audit process, administrators can preemptively address security vulnerabilities and uphold the integrity of M365 environments. Continuous monitoring and optimisation allows to harness the full potential of M365 collaboration tools while safeguarding against unauthorised access and data leaks.

Refer to Microsoft Copilot for Microsoft 365 - best practices with SharePoint.

Introduction

In this blog post, we’ll explore a PowerShell script designed to automate the auditing of SharePoint permissions. This script facilitates the retrieval of unique permission assignments and sharing links for sites, lists, and items within a SharePoint environment. By executing this script, administrators can generate comprehensive reports detailing permission assignments, enabling them to identify potential security risks and ensure compliance with organizational policies.

I have not been able to determine why unique permissions are sometimes created without generating a sharing link. One of the scenerios I noticed is the sharing link is only created when “Copy Link” is clicked on.

PowerShell script Overview