SharePoint permission change notifications not working
Problem: Trying to get Microsoft Graph change notifications when permissions change on SharePoint/OneDrive drive items (sharing, inheritance breaks, access grants/revocations). Using Prefer: includesecuritywebhooks on subscription creation as documented subscription creates successfully, but the header appears to be silently ignored (notificationQueryOptions is always null in response, Preference-Applied header is always empty). What works: Regular content change notifications fire fine. What doesn't: Zero security notifications on any permission change. Subscription request: POST https://graph.microsoft.com/v1.0/subscriptions Prefer: includesecuritywebhooks { "changeType": "updated", "notificationUrl": "https://...", "resource": "drives/{driveId}/root", "expirationDateTime": "2026-06-12T00:00:00Z" } Permissions (all with admin consent): Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.FullControl.All, Directory.Read.All Already tried: Both v1.0 and /beta endpoints same result Every relevant permission combination But the official document says it should work: Link to documentation: https://learn.microsoft.com/en-us/onedrive/developer/rest-api/concepts/scan-guidance?view=odsp-graph-online#receiving-webhook-notifications-for-security-events Any working example or confirmation of current status would be extremely helpful. Happy to share more details or test specific configurations.
Moving Files from a Shared Drive to a SharePoint site
Hi, I've seen the moving of files from a Shared Drive to a SharePoint site can be tricky, depending on the size of the files that are to be moved. What is the best and most effective way to move folder, files. I'm not sure yet of the number of folders and size of the files that will need to be moved? Can anyone provide an advise on this, please.. Regards Chris
OneDrive site locked NoAccess for 1 month - Ticket #2605040040008376 - No resolution
I have an open Microsoft support ticket for over 1 month with no resolution. Hoping the community or a Microsoft engineer can help. SITUATION: A departed user (deleted over a year ago) had a OneDrive site that was accessible to other users until recently. Since then the site is completely inaccessible to everyone including admins. Current Status: Active LockState: NoAccess WHAT WE TRIED: - Set-SPOSite -LockState Unlock → command succeeds but site stays blocked - Set-SPOUser -IsSiteCollectionAdmin $true → fails with "Access to this Web site has been blocked" - User does not exist in Entra ID, Deleted Users, or Deleted Sites ROOT CAUSE IDENTIFIED: Site was under a 5-year retention policy in Microsoft Purview. Policy showed error "SiteInReadonlyOrNotAccessible" for this OneDrive. We removed the OneDrive from the policy exceptions but the site remains locked. This appears to be a deadlock: - Site is locked so retention policy cannot detach - Retention policy prevents site from being unlocked No eDiscovery holds found on the site. Microsoft support has been unable to resolve this for 1 month. Does anyone know how to break this deadlock?How to hide the Modify this view and Create View as per users available in groups
Hi All, I have classic view of SharePoint in list/libraries. I have group(for Managers). I just want want to show and hide the Create View/Modify View/Modify this view depends on users available in group. If user available in group(for Managers) then they can do anything like Create View/Modify View/Modify this view but if user is not a part of the group(for Managers) then they can not modify any Public views but the can create Personal view. Is there any way how I can achieve this functionality?
Accessing External Sharepoint Site
I am able to access internal Sharepoints within my company and have up until now been able to access Sharepoints outside the company. When I now try to access an external Sharepoint, I get the following message on the external company's landing page. "Your account has been locked. Contact your support person to unlock it, then try again...." The external company states they have not made changes any access protocols. Likewise, my company says nothing has changed with respect to the rules/ability to access external Sharepoints. Someone indicated that the Microsoft “federation” settings/setup of the two companies may (now) be incompatible. Has anyone encountered this issue?
SharePoint Permissions Management
Over the last 3 years of managing permissions across a suite of sites, I have uncovered more new issues with the way SharePoint permissioning is designed at every turn. A few examples, before the question: If I "Share" a file or folder somewhere on the site (breaking permissions inheritance), it is very inconvenient to find it again. If I "copy link" in this one particular way, permissions inheritance is broken. When looking at site-level permissions, I see site-level permissions groups, but there could be hundreds of other users who have been added to my site(s) without my knowing. If I want to reset permissions in an area (set of folders or library), I have to do it file-by-file or folder-by folder. If I want to get an excel snapshot of - anything really - IT has to pull it and it takes a couple days. Not to mention the permissions interface is incredibly clunky. All-in-all, there seem to be a million ways to break permissions inheritance, creating an access tracking and security nightmare. AND there's no easy way to truly see and understand who has access to what or what is broken, without spending hours with IT to pull a bunch of narrow-visibility reports. So my question is: what is the best way to navigate full permissions visibility? Am I doing something wrong? Is anyone else experiencing these issues? We have resorted to having a very strict "no outsides besides a few exceptions" policy and only managing permissions at the site-level, which really hampers on the collaboration benefits that SharePoint is trying to enable. It is also very administratively intensive. One of the benefits to SharePoint is that users don't really need to understand how it works to use it, but that's becoming less and less true with the increasing lack of security we feel in the platform.Extracting and Auditing Azure DevOps Permissions at Scale with PowerShell
Managing access in Azure DevOps is easy at small scale — and increasingly opaque as organizations grow. This post introduces ADO Permissions Output, an open-source PowerShell toolset that queries Azure DevOps REST APIs across 30+ security namespaces, decodes bitmask permissions, resolves cryptic GUIDs and tokens into readable names, and produces structured JSON/CSV output ready for Power BI. It also surfaces "ghost" members — users who appear in ADO through nested Entra groups but hold no active entitlement — which the standard Graph API alone cannot detect. Whether you're preparing for a compliance review or just want to know who actually has access to what, this tool closes the gap between the ADO portal and a complete audit picture.Users unable to determine who has access to document library due to security groups
Greetings, Maybe I went about this the wrong way. Looking for advice on either the proper way we should be moving forward on this or any other comments or insight we should be considering. This is for SharePoint online via Microsoft 365 Business license. Scenario: 1. SharePoint Document Library per department (Each Document Library exists in its own SharePoint site), essentially being used as a company drive. 2. Some users should only officially have access to specific folders in some of the document library. 3. If say a person in accounting has access to some specific folders, and either they are replaced or a new accounting user comes in.... should be able to reference the access the existing person has in order to give the same access to the new user. 4. Common Request: Give UserB the same folder access as UserA. 5. Some users should have access to the entire document libraries while other users only have access to specific subfolders. Current Implementation: 1. In Entra, created Security Groups that tied to specific folders. -- For Example for the accounting folder, only management has access to the entire folder but the accounting staff only have access to specific folders. So like there is a FiscalYear2024 folder, so I created a security group called sec-Accounting-FiscalYear2024 and assigned the members that should only have access to that folder and not the rest of the library. -- My thought behind this was if a new user was replacing the existing user or joining the department, I can just reference the existing user security group membership and copy it to the new user. 2. In the SharePoint document Library, I create a shareLink that is assigned to the security group I made for that access. Then I give that link to the users I assigned the membership to. Current Issue: 1. Aside from the official document sharing/access that is being done from the security groups above. There are occasions where users of a sharepoint need to share specific files or folders to other users. 2. However, they are all panicking and confused because aside from themselves they are unsure who has access to the existing folders/files in the document library. 3. When going to manage permissions of a file/folder, it only shows the group assigned to it but not the members of the group. 4. So since users can't see the members of the group assigned to a folder, they have no idea who has access to that folder and are getting confused. If this was an NTFS drive, it would be super easy for users to see who has access and etc by looking at the properties but I'm stuck behind some limitations of sharepoint I didn't realize existed until I tried to implement certain workflows. Any advice here would be greatly appreciated, as my implementation has turned into a point of frustration for end users. Thank you in advance!
