Ensuring the security and compliance of your SharePoint environment is crucial, especially when dealing with service principals, Entra ID apps, or federated identities. These entities often have elevated permissions that, if mismanaged, can lead to unauthorized access and potential data breaches. Regularly auditing these permissions is a best practice for maintaining a secure and compliant SharePoint environment. Application only or granular access to individual site instead of whole tenant, scope called “Sites.

Updating the expiration time and role for sharing links is still limited. Although it seems possible through the Graph API Update permission, I have been unable to pass the roles as body parameters. Graph Explorer Attempts Using the following script: Invoke-PnPGraphMethod -Url "v1.0/drives/$driveId/items/$driveItemId/permissions/$($ShareLink.Id)" -Method Patch -Content @{ roles = @("read") } threw the error message “Invalid input: No Information provided to update the specifed permission” From the UI Anyone link can’t be edited Organisation link can’t be edited Specific people links can be edited Using the network tab from the browser developer tools enables identifying the endpoint to update specific people links only.