Audit of permission changes for SharePoint folder
Hi all, trying to find a way to audit who has added users internally to some critical sharepoint folders. Trying via MS Purview > Audit, but no luck so far. Anyone could advise what exactly do I need to search for? (particular friendly activity for example). I’ve tried with no activities selected (so assume all are included) and specified Folder and set Workloads > SharePoint. However, it does not seem to return any permission changes… only events like file/folder access, creation, etc… any idea? We use have M365 E3 and M365 E5 Security subscriptions
Creating an exported report of members
# Define the tenant $tenant = "testing" # Ensure the output directory exists $outputDir = "C:\temp" if (-Not (Test-Path -Path $outputDir)) { New-Item -Path $outputDir -ItemType Directory } # Connect to SharePoint Online try { Connect-SPOService -Url "https://$tenant-admin.sharepoint.com" Write-Host "Connected to SharePoint Online." } catch { Write-Host "Failed to connect to SharePoint Online: $_" exit } # Get all site collections try { $sites = Get-SPOSite -Limit All Write-Host "Retrieved site collections." } catch { Write-Host "Failed to retrieve site collections: $_" exit } # Loop through each site foreach ($site in $sites) { try { # Get the current date and time $dateTime = Get-Date -Format "yyyyMMdd_HHmmss" # Define the site URL $siteUrl = $site.Url # Get the users and export to CSV $users = Get-SPOUser -Site $siteUrl if ($users) { $filePath = "$outputDir\$($site.Title)-$dateTime.csv" $users | Select-Object * | Export-Csv -Path $filePath -NoTypeInformation Write-Host "Exported users for site $($site.Title) to $filePath." } else { Write-Host "No users found for site $($site.Title)." } } catch { Write-Host "Failed to process site $($site.Url): $_" } } Write-Host "Export completed for all sites."List of members of SharePoint sites
Hello, We have a client who wants a generated list of SharePoint site members. I have a powershell script that gets the sites and users within the Membership groups but not users just listed under Members. Is there a reason why the users under members aren't seen and if there's anything that I can do to the script to get it to see the users? The script is in the word document as I tried the embeded code and it went mad. Any help will be greatly appreciated.
How to resolve 'broken' unique permissions in a SPO library?
PROBLEM: I have many thousands of files and folders in multiple SharePoint Site libraries that somehow seem to have acquired unique Group permissions. Users with high-level permissions have lost visibility to many folders and files. DETAILS: There are five different permission groups that are given access to any new folder created in the library: Owner; Site Member; Library Manager; Library Contributor; Library Member. I'm using Teams to apply most user permissions. A Team is given a particular group permission and any user in that Team inherits that permission level (Library Member). For high-level permissions (Library Manager), I just manually put that person in that permission group. OBSERVATIONS: If I create a new folder, as the admin or someone with 'manage' permissions, the folder inherits the proper permissions. We also have a new folder workflow that creates these folders. I've confirmed that the items created with this process inherit the proper permissions. My only guess is that at some point the permission levels or groups were changed and folders did not inherit the proper updates. What I'm also struggling to track down is how some files in more recent folders are still hidden from users with Manage permissions. I think this has to do with the way sharing links are being created and shared. For instance, if "Jen" unintentionally creates a restrictive sharing link and shares that with "Bob", when Bob clicks on that link, the web browser is caching that permission even though he has full write access to all documents. When Bob clicks this link in his email, the files are showing as view only and he can not view any other contents of the library. There's a prompt that says something like you must be an authorized user, click here to sign in. When you click that, this restores all proper permissions. SOLUTIONS(?): I've found that there's a script to remove unique permissions and intend to give this a try. I'm hesitant to pull the trigger on this because it will kill any legit sharing links with our outside partners.I really don't want to kill links; I want to reset the Permission Groups for all contents of a library. # Set Variables $SiteURL = "https://yoursharepointsite.sharepoint.com" $LibraryName = "Documents" $BatchSize = 500 # Connect to SharePoint Online Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential) # Function to reset permissions for a batch of items function Reset-PermissionsForBatch { param ( [Parameter(Mandatory=$true)] [array]$Items ) foreach ($Item in $Items) { if ($Item.HasUniqueRoleAssignments) { Set-PnPListItemPermission -List $LibraryName -Identity $Item.Id -InheritPermissions Write-Host "Reset permissions for item ID: $($Item.Id)" } } } # Get all items in the library in batches $ListItems = Get-PnPListItem -List $LibraryName -PageSize $BatchSize -ScriptBlock { param($items) Reset-PermissionsForBatch -Items $items }
Embedding Scribe slides iframe in SharePoint - HTML Field Security set up but still blocked!
I'm running into an issue with embedding Scribe slides in SharePoint: I’ve added scribehow.com to the HTML Field Security settings at the site collection level under "Allow contributors to insert iframes only from the following domains." I confirmed that DenyAddAndCustomizePages is disabled I tested using this Embed Web Part (sort of) <iframe src="https://scribehow.com/page-embed/blah_blah_blah" width="100%" height="640" allowfullscreen frameborder="0"></iframe> The Embed Web Part shows an error saying the domain isn’t allowed: "Embedding content from this website isn't allowed, but your admin can change this setting by adding scribehow.com to the list of sites that are allowed." I've also: Tested after a couple hours for propagation Verified that other iframes (e.g., YouTube) work fine in the same web part Disabled Youtube in the HTML Field Security settings, it still works??? Cleared the browser cache and tested in multiple browsers Despite all this, the embed still throws that error, so.... Is there something I’m missing in configuring HTML Field Security or tenant-level settings? Has anyone successfully embedded Scribe in SharePoint, and if so, how did you configure it? Any advice would be greatly appreciated!
Completely disable Sharing of files and folders
Is it possible to completely disable sharing of files and folders in SharePoint? I am aware of the setting that will limit sharing feature to owners only (screenshot below). But our requirement is to completely disable sharing by anyone who has access to the site, even owners. We are using M365 group connected SharePoint sites.
Restrict SharePoint Online Folder/Document Sharing
Hello, I am looking for a way to restrict sharing within all of my SharePoint online sites. I want users to be able to share ONLY with people that already have existing access within the organization. I don't want them to be able to share internally with users who do not have existing access to the files. Simultaneously, they still need the capability to share externally to new and existing guest users. Is this possible? How can I do this? I have run a powershell script to remove the option to "Share with anyone in organization" but I can't seem to get rid of the option to share with "people you choose". Thanks!
