OneDrive site locked NoAccess for 1 month - Ticket #2605040040008376 - No resolution
I have an open Microsoft support ticket for over 1 month with no resolution. Hoping the community or a Microsoft engineer can help. SITUATION: A departed user (deleted over a year ago) had a OneDrive site that was accessible to other users until recently. Since then the site is completely inaccessible to everyone including admins. Current Status: Active LockState: NoAccess WHAT WE TRIED: - Set-SPOSite -LockState Unlock โ command succeeds but site stays blocked - Set-SPOUser -IsSiteCollectionAdmin $true โ fails with "Access to this Web site has been blocked" - User does not exist in Entra ID, Deleted Users, or Deleted Sites ROOT CAUSE IDENTIFIED: Site was under a 5-year retention policy in Microsoft Purview. Policy showed error "SiteInReadonlyOrNotAccessible" for this OneDrive. We removed the OneDrive from the policy exceptions but the site remains locked. This appears to be a deadlock: - Site is locked so retention policy cannot detach - Retention policy prevents site from being unlocked No eDiscovery holds found on the site. Microsoft support has been unable to resolve this for 1 month. Does anyone know how to break this deadlock?NEW SharePoint & Purview Feature: Protect Files After Download!
๐ New in SharePoint + Microsoft Purview: Extend Permissions Beyond the Cloud One of the biggest challenges in Microsoft 365 has always been this: ๐ What happens to your data when it leaves SharePoint? With this new feature, Microsoft finally closes that gap. You can now use Sensitivity Labels to extend SharePoint permissions to downloaded files โ meaning protection doesnโt stop when a document is downloaded. ๐ Hereโs what that enables: Files remain protected even outside SharePoint Access is still enforced based on SharePoint permissions Changes in permissions are reflected in real-time Access can be revoked โ even after download ๐ก In other words: Your SharePoint security model now travels with the file This is a huge step forward for: โ Data Loss Prevention (DLP) โ Compliance & Governance โ Secure external collaboration โ ๏ธ Especially relevant if you're working with: Sensitive documents, external sharing, or regulated environments. ๐ Iโve just published a video where I break it all down: ๐ https://youtu.be/G6XvyU5GAqk Curious to hear your take: ๐ Would you trust this model over traditional access control? ๐ Where do you see the biggest impact in your organization? #Microsoft365 #SharePoint #MicrosoftPurview #DataProtection #CyberSecurity #Compliance #InformationProtection #M365 #ITSecurity #CloudSecurity
Accessing External Sharepoint Site
I am able to access internal Sharepoints within my company and have up until now been able to access Sharepoints outside the company. When I now try to access an external Sharepoint, I get the following message on the external company's landing page. "Your account has been locked. Contact your support person to unlock it, then try again...." The external company states they have not made changes any access protocols. Likewise, my company says nothing has changed with respect to the rules/ability to access external Sharepoints. Someone indicated that the Microsoft โfederationโ settings/setup of the two companies may (now) be incompatible. Has anyone encountered this issue?
SharePoint Permissions Management
Over the last 3 years of managing permissions across a suite of sites, I have uncovered more new issues with the way SharePoint permissioning is designed at every turn. A few examples, before the question: If I "Share" a file or folder somewhere on the site (breaking permissions inheritance), it is very inconvenient to find it again. If I "copy link" in this one particular way, permissions inheritance is broken. When looking at site-level permissions, I see site-level permissions groups, but there could be hundreds of other users who have been added to my site(s) without my knowing. If I want to reset permissions in an area (set of folders or library), I have to do it file-by-file or folder-by folder. If I want to get an excel snapshot of - anything really - IT has to pull it and it takes a couple days. Not to mention the permissions interface is incredibly clunky. All-in-all, there seem to be a million ways to break permissions inheritance, creating an access tracking and security nightmare. AND there's no easy way to truly see and understand who has access to what or what is broken, without spending hours with IT to pull a bunch of narrow-visibility reports. So my question is: what is the best way to navigate full permissions visibility? Am I doing something wrong? Is anyone else experiencing these issues? We have resorted to having a very strict "no outsides besides a few exceptions" policy and only managing permissions at the site-level, which really hampers on the collaboration benefits that SharePoint is trying to enable. It is also very administratively intensive. One of the benefits to SharePoint is that users don't really need to understand how it works to use it, but that's becoming less and less true with the increasing lack of security we feel in the platform.Users unable to determine who has access to document library due to security groups
Greetings, Maybe I went about this the wrong way. Looking for advice on either the proper way we should be moving forward on this or any other comments or insight we should be considering. This is for SharePoint online via Microsoft 365 Business license. Scenario: 1. SharePoint Document Library per department (Each Document Library exists in its own SharePoint site), essentially being used as a company drive. 2. Some users should only officially have access to specific folders in some of the document library. 3. If say a person in accounting has access to some specific folders, and either they are replaced or a new accounting user comes in.... should be able to reference the access the existing person has in order to give the same access to the new user. 4. Common Request: Give UserB the same folder access as UserA. 5. Some users should have access to the entire document libraries while other users only have access to specific subfolders. Current Implementation: 1. In Entra, created Security Groups that tied to specific folders. -- For Example for the accounting folder, only management has access to the entire folder but the accounting staff only have access to specific folders. So like there is a FiscalYear2024 folder, so I created a security group called sec-Accounting-FiscalYear2024 and assigned the members that should only have access to that folder and not the rest of the library. -- My thought behind this was if a new user was replacing the existing user or joining the department, I can just reference the existing user security group membership and copy it to the new user. 2. In the SharePoint document Library, I create a shareLink that is assigned to the security group I made for that access. Then I give that link to the users I assigned the membership to. Current Issue: 1. Aside from the official document sharing/access that is being done from the security groups above. There are occasions where users of a sharepoint need to share specific files or folders to other users. 2. However, they are all panicking and confused because aside from themselves they are unsure who has access to the existing folders/files in the document library. 3. When going to manage permissions of a file/folder, it only shows the group assigned to it but not the members of the group. 4. So since users can't see the members of the group assigned to a folder, they have no idea who has access to that folder and are getting confused. If this was an NTFS drive, it would be super easy for users to see who has access and etc by looking at the properties but I'm stuck behind some limitations of sharepoint I didn't realize existed until I tried to implement certain workflows. Any advice here would be greatly appreciated, as my implementation has turned into a point of frustration for end users. Thank you in advance!SPFx Debug Manifests Not Loading localhost - Debug Query String Not Recognised
Hi everyone, We are currently facing an issue with debugging an SPFx solution in SharePoint Online. Previously, we were able to debug our solution using the standard debug query string: ?debug=true&noredir=true&debugManifestsFile=https://localhost:4321/temp/build/manifests.js However, recently this has stopped working in our development environment. Current Behaviour When we paste the debug query string into the SharePoint page URL, the page loads normally but the debug manifests are not recognised or loaded. The โAllow debug scriptsโ warning banner does not appear on the page as expected. Even after clicking โLoad debug scriptsโ, the browser still does not load the debug manifests. The browser does not attempt to load https://localhost:4321/temp/build/manifests.js. Because of this, our local debug build is not injected into the page, making it impossible to debug the solution. Additional Observations There are no console errors at the moment. The issue occurs across multiple machines (Windows and Mac). Tested on multiple browsers: Microsoft Edge Google Chrome Safari The SPFx solution itself has no issues and previously worked correctly with the same debugging method. Troubleshooting Already Attempted We followed the recommended steps, including: Allowing the browser permission to access local network devices Running gulp trust-dev-cert Verifying the debug query string format Confirming the manifest path: https://localhost:4321/temp/build/manifests.js Checking browser console logs Testing with CSP parameters Allowed to run custom scripts in the site from the SharePoint Admin centre. None of these resolved the issue. Microsoft Support Response We also contacted SharePoint Technical Support through the Microsoft Service Hub, and the response we received was that this behaviour is now "by design" and that serving debug manifests through the debug query string is no longer supported. The workaround suggested by Microsoft Support was to package the solution and deploy it to test changes instead of using the debug query string. Potential Impact If this change is indeed by design, it could have a significant impact on development workflows for organisations building SPFx solutions. The ability to load debug manifests from localhost is a core part of the SPFx development and debugging process. Without it, developers would need to package and deploy the solution for every small change, which would introduce a considerable amount of additional time, effort, and overhead during development and testing. Questions Has anyone else recently experienced this issue with SPFx local debugging? Has the debugManifestsFile query string approach been deprecated or restricted in SharePoint Online? If so, what is the recommended approach for debugging SPFx solutions locally now? Any insight from the community would be greatly appreciated. Thanks.
Microsoft 365 Purview Logs not showing Export List Events
We recently conducted an audit on our system - as we are part of a regulated industry - and had to clarify exactly which user events are captured in the Unified Audit Log. We did the usual confirmations and provided evidence of events where users add, update, delete items in SharePoint Lists and Libraries, however, we were asked specifically if events for exporting List Items to CSV or Excel were captured in the Log. We performed the usual test and waited for the events to appear in Purview, but to our suprise, there was nothing in the Log to indicate a user exporting to CSV or Excel. Can anyone confirm whether Export to CSV or Excel from a SharePoint List should be captured and is reportable in the Audit Log? This seems to be a massive oversight if these events are not auditable?Add items Permission level
Hi, I'd like to know a way to set permissions on a list so that users in the SharePoint site - Members group can't see existing items in the list that don't have unique permissions assigned. They can only add new items in this list. Once an item is created, a workflow would be triggered that would add a unique permission only for that item. The problem is that when creating a Permission Level with only the ability to add items, the user loses access to the custom item creation form.Sharepoint deleting data and sites
Hello, We have noticed an issue that started about a year ago in which data is being deleted in Sharepoint. When looking at this data in the Recycle bin, it will show it was modified/deleted by specific Users but these user deny ever doing such a thing. It is at the point in which we believe the Sharepoint system itself is actually deleting data possibly due to a bug. It would be odd for the employees tagged in the Modified By field to have deleted it. Our data is backed up so recovering any deleted items isn't the issue. The issue is that we are trying to get Microsoft to investigate. We have submitted tickets through the MS 365 portal but they state they only work on break/fix issues. Any recommendations? I can see searching the internet this issue has come up for many others in the past.
