Home

Azure App to Read All ODFB External File Share Links for Governance

%3CLINGO-SUB%20id%3D%22lingo-sub-313862%22%20slang%3D%22en-US%22%3EAzure%20App%20to%20Read%20All%20ODFB%20External%20File%20Share%20Links%20for%20Governance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-313862%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20a%20governance%20requirement%20to%20monitor%20external%20sharing%20from%20ODFB.%26nbsp%3B%20We%20have%20a%20script%20that%20runs%20daily%20to%20pull%20down%20SPO%20internal%20sharing%20activity%20that%20previously%20would%20include%20ODFB.%26nbsp%3B%20We%20had%20to%20add%20our%20process%20account%20to%20each%20ODFB%20site%20collection%20as%20SCA%20in%20order%20to%20ready%20the%20file%20sharing%20metrics.%26nbsp%3B%20Once%20sharing%20metrics%20were%20gathered%2C%20we%20would%20remove%20the%20process%20account%20as%20SCA.%26nbsp%3B%20This%20caused%20some%20issues%20with%20ODFB%20indexing%20as%20each%20change%20time%20we%20change%20permission%2C%20the%20indexing%20was%20impacted.%26nbsp%3B%20This%20process%20is%20no%20longer%20used.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20seen%20some%20examples%20where%20Azure%20apps%26nbsp%3Bcan%20be%20granted%20full%20control%20access%20to%20SP%20site%20collections%20without%20user%20intervention.%26nbsp%3B%20Is%20the%20same%20possible%20with%20ODFB%20where%20we%20could%20grant%20an%20app%20elevated%20permission%20in%20Azure%20to%20inventory%20sharing%20links%20in%20all%20ODFB%20sites%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-313862%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAPIs%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDeveloper%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOneDrive%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Steven Sanders
Occasional Contributor

We have a governance requirement to monitor external sharing from ODFB.  We have a script that runs daily to pull down SPO internal sharing activity that previously would include ODFB.  We had to add our process account to each ODFB site collection as SCA in order to ready the file sharing metrics.  Once sharing metrics were gathered, we would remove the process account as SCA.  This caused some issues with ODFB indexing as each change time we change permission, the indexing was impacted.  This process is no longer used.

 

I've seen some examples where Azure apps can be granted full control access to SP site collections without user intervention.  Is the same possible with ODFB where we could grant an app elevated permission in Azure to inventory sharing links in all ODFB sites?