Below you will find pages that utilize the taxonomy term “Governance”
posts
Automate the Removal of Expired Sharing Links in SharePoint with PowerShell
Sharing is a great feature for collaboration. However, depending on how items, files, or folders are shared, a sharing link might be created or unique permissions on these items are created. It is possible to set an expiration date on sharing links in SharePoint and OneDrive. For more details, please refer to How to set an expiration date on sharing links in SharePoint and OneDrive. Microsoft introduced the capability to set an expiry date for all types of sharing links: “Anyone”, company-wide (aka.
posts
Deletion of company-wide and anonymous sharing links with PowerShell
Sharing is a powerful feature for collaboration. However depending on how items, files or folders are shared, a sharing link might be created or unique permissions on these items are created. The sharing link is created when the copy links is clicked from the sharing pop up options when people other those already have existing access are picked.
However by default, if sharing options have not been configured, links to “People in ” or “Anyone” (if external sharing is allowed) is selected
posts
Overcoming Limitations of SharePoint Sites Associated with Teams Private and Shared Channels: Tips and Hacks
Introduction Microsoft Teams offers private and shared channels as specialized collaboration spaces to cater to different organizational needs. While these channels provide enhanced security and collaboration features, they come with specific limitations and management challenges, particularly around the associated SharePoint sites.
This post covers some limitations, and management tips for SharePoint sites associated with private and shared channels, including PowerShell hacks and governance practices to overcome these challenges.
Managing SharePoint Sites for Private and Shared Channels SharePoint sites associated with private and shared channels are special types of sites with the limitations as identified by Gregory in his blog post Why you should never mess with Private and Shared Channel SharePoint Sites related to the inability to attach to a hub directly, being accessible from the Teams interface mainly, and inability to manage permissions at the site level, and with constrained external sharing.
posts
Identifying Duplicate Microsoft 365 Group Names Using PowerShell
Introduction It is possible to create M365 Groups and Teams with the same name, and there is currently no built-in way to prevent this. The new Team/Site/M365 Group is created with a random number appended to the Team name for the SharePoint site and m365 Group email address.
Having duplicate names can cause confusion and increase risks, including:
Wrongly Granting Permissions: Users may accidentally grant permissions to the wrong M365 Group or Team, leading to unauthorized access.
posts
Adding M365 Group/Teams Owners and Members to SharePoint Group with PnP PowerShell
Introduction There are situations where you might want to reuse the M365 Group principals to assign permissions to other sites without creating additional Entra ID groups. This can be useful for:
Adding M365 group members to a SharePoint site, such as an intranet site for ‘Human Resources’ managed by the ‘Human Resources’ M365 Group/Teams or a hub site managed by a ‘Service Desk’ M365 Group/Teams. Adding M365 group members to custom or out-of-the-box SharePoint groups, such as adding particular M365 group owners or members to custom groups created for additional libraries within a different site.
posts
Prevent Guests from Being Added to a Specific Microsoft 365 Group or Microsoft Teams team using PnP PowerShell
Introduction By default, guest access for Microsoft 365 groups is enabled within the tenant. This can be controlled either to allow or block guest access at the tenant level or for individual Microsoft 365 groups / Teams. For more information, check out Manage guest access in Microsoft 365 groups.
PowerShell Script to Prevent Guest Access Below is a PowerShell script that allows you to disable/enable guest access for specific Microsoft 365 groups.
posts
Manage 'Everyone' and 'Everyone except external users' claim within a SharePoint site using PowerShell
Introduction As part of Microsoft 365 Copilot readiness, you may want to find where “Everyone and “Everyone except external users” claims are granted permissions which is a cause of oversharing. This blog post will guide you through using PowerShell to manage and audit the “Everyone” and “Everyone except external users” claims within your SharePoint site collection.
For more insights on why the “Everyone except external users” group is riskier than “People in your organization,” refer to Copilot for Microsoft 365 Data Ready – Where “Everyone except external users” group is more risky than “People in your organization” links!
posts
Audit Service Principal Access to SharePoint Sites with Sites.Selected Permissions
Ensuring the security and compliance of your SharePoint environment is crucial, especially when dealing with service principals, Entra ID apps, or federated identities. These entities often have elevated permissions that, if mismanaged, can lead to unauthorized access and potential data breaches. Regularly auditing these permissions is a best practice for maintaining a secure and compliant SharePoint environment.
Application only or granular access to individual site instead of whole tenant, scope called “Sites.
posts
Remove Expired Sharing Links and Update Sharing Link Role to Read
Updating the expiration time and role for sharing links is still limited. Although it seems possible through the Graph API Update permission, I have been unable to pass the roles as body parameters.
Graph Explorer Attempts Using the following script:
Invoke-PnPGraphMethod -Url "v1.0/drives/$driveId/items/$driveItemId/permissions/$($ShareLink.Id)" -Method Patch -Content @{ roles = @("read") } threw the error message
“Invalid input: No Information provided to update the specifed permission”
From the UI Anyone link can’t be edited Organisation link can’t be edited Specific people links can be edited Using the network tab from the browser developer tools enables identifying the endpoint to update specific people links only.
posts
Get SharePoint site sharing Settings with PowerShell
Managing sharing settings for SharePoint sites is crucial for maintaining a secure and well-governed environment. With the help of PowerShell, administrators can efficiently retrieve and manage these settings across their SharePoint Online tenant. This ensures that sensitive information is not overshared and that your organisation’s data remains secure.
Importance of Reviewing Sharing Settings Reviewing sharing settings is essential to prevent oversharing, which can lead to data breaches and unauthorized access to sensitive information.
posts
Empowering Secure Collaboration: Configuring SharePoint Tenant and Site Settings with PowerShell to prevent oversharing
Sharing lies at the heart of collaboration within SharePoint, facilitating seamless communication and teamwork. However, effective management of sharing settings is crucial to maintain data security and prevent unintended exposure. This is particularly important in light of tools like Copilot for M365.
An extract from Announcing SharePoint advanced management innovations for the AI and Copilot era
“With Copilot and AI, security has become a concern. Not because Copilot allows people to access anything more than they could previously; it just allows them to find information they have access to faster.
posts
Oversight of Sharing Information in SharePoint sites using PowerShell with CSOM, REST and PnP PowerShell
Effective oversight of sharing links and sharing information are paramount to ensuring data security, compliance, and optimal collaboration experiences.
As organisations migrate to M365 environments, they inherit powerful collaboration tools that facilitate seamless sharing of documents and resources. However, without proper governance, these capabilities can lead to unintended consequences such as data breaches, compliance violations, and loss of intellectual property.
Sharing is a powerful feature for collaboration. However depending on how items, files or folders are shared, a sharing link might be created or unique permissions on these items are created.
posts
Deletion of sharing links with PowerShell
Deletion of sharing links with PowerShell As organisations look to deploy Copilot for Microsoft 365, ensuring the security and proper governance of shared content is important. The rollout of Copilot introduces advanced AI capabilities across Microsoft 365 apps using content from SharePoint/OneDrive, making it even more essential to manage sharing links judiciously to tackle the issue of oversharing.
Sharing is a powerful feature for collaboration. However depending on how items, files or folders are shared, a sharing link might be created or unique permissions on these items are created.
posts
Restrict certain SharePoint sites from tenant search and Copilot for M365 using PowerShell
Excluding certain SharePoint sites from search would mean the contents from the excluded sites won’t be available to M365 tenant search and Copilot for M365 using Restricted SharePoint Search feature.
The downsides using this feature are:
Limited Findability: By excluding certain SharePoint sites from search, you limit the findability of data. Users would need to know the specific sites where the data resides in order to search for it. This can hinder efficient data retrieval and records management.
posts
Empowering Secure Collaboration: Configuring Microsoft Loop Sharing Tenant and Site Settings with PowerShell
Empowering Secure Collaboration: Configuring Microsoft Loop Sharing SharePoint Tenant and Site Settings with PowerShell Guest users can be invited to collaborate within Microsoft Loop in the tenant. Refer How to work with guest users using Microsoft Loop how sharing within Loop works.
This post focuses on using PowerShell to control the Microsoft Loop sharing settings to help securing data especially with Copilot for M365 which can expose data not previously accessible by other means.
posts
SharePoint Search: Excluding Columns from Search Results
SharePoint Search: Excluding Columns from Search Results SharePoint empowers users to manage and organize vast amounts of data efficiently. However, not all data within a SharePoint site might need to be searchable. Do you miss the functionality to control visibility of sensitive or irrelevant information in column.
The Challenge You might have encountered instances where you need certain columns in your SharePoint lists or libraries to be excluded from search results.
posts
Sharing Options Updates - Send Email Button Greyed Out
Sharing Options Updates - Send Email button greyed out Starting from March 2024, there has been a notable change in SharePoint’s sharing options. If a user is not allowed to share on a SharePoint site (for instance, when a user is a member and only owners have sharing privileges), the Send Email button appears greyed out. Additionally, a warning message is displayed: Sharing is limited on this item. You can only copy links for people who have existing access, and you can’t invite anyone new.
posts
PowerShell Script to Query Unique Permissions in SharePoint
Query Unique Permissions in SharePoint using CSOM and PnP PowerShell Managing permissions in SharePoint is a critical aspect of maintaining data security and compliance within organisations. However, as SharePoint environments grow in complexity, manually auditing and managing permissions becomes increasingly challenging. To address this challenge, PowerShell scripts can be leveraged to automate the auditing process, providing administrators with valuable insights into permission structures across SharePoint sites and libraries.
What do SharePoint permissions have to do with Copilot for Microsoft 365?
posts
Recreating Deleted Owners Group for M365-Connected SharePoint Sites
Recreating Deleted Owners Group for M365-Connected SharePoint Sites If out-of-the-box (OOB) groups such as owners, members, or visitors have been deleted accidentally from your SharePoint site, this article may assist you in recovering those vanished groups specifically for M365 linked Team site. I recently encountered a distress call from an end user facing data access issues on a SharePoint Team site. To my dismay, I discovered that the SharePoint Owners group had been accidentally deleted, prompting me to seek and implement a solution to restore access.