Introduction Understanding the sensitivity and retention labels applied to files in your SharePoint Online sites is essential for maintaining data security and compliance. These labels enable you to manage and protect your data by defining retention periods and handling sensitive information appropriately. This is particularly important for initiatives like the Microsoft 365 Copilot rollout, ensuring that the correct files are stored within the appropriate SharePoint sites. For example, if a SharePoint site is a public Team site, files labeled as confidential should be moved to a private Team site or existing Team site updated from public to private.

Ensuring the security and compliance of your SharePoint environment is crucial, especially when dealing with service principals, Entra ID apps, or federated identities. These entities often have elevated permissions that, if mismanaged, can lead to unauthorized access and potential data breaches. Regularly auditing these permissions is a best practice for maintaining a secure and compliant SharePoint environment. Application only or granular access to individual site instead of whole tenant, scope called “Sites.

Updating the expiration time and role for sharing links is still limited. Although it seems possible through the Graph API Update permission, I have been unable to pass the roles as body parameters. Graph Explorer Attempts Using the following script: Invoke-PnPGraphMethod -Url "v1.0/drives/$driveId/items/$driveItemId/permissions/$($ShareLink.Id)" -Method Patch -Content @{ roles = @("read") } threw the error message “Invalid input: No Information provided to update the specifed permission” From the UI Anyone link can’t be edited Organisation link can’t be edited Specific people links can be edited Using the network tab from the browser developer tools enables identifying the endpoint to update specific people links only.