From e04ec3538fc44a996019934864af36ef4c0ba125 Mon Sep 17 00:00:00 2001 From: Kartik P V R Date: Thu, 9 Jan 2025 16:45:25 +0530 Subject: [PATCH 1/4] Documentation for the new private preview feature --- .../Get-SPODataAccessGovernanceInsight.md | 2 +- .../Start-SPODataAccessGovernanceInsight.md | 33 +++++++++++++++++-- 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/sharepoint/sharepoint-ps/sharepoint-online/Get-SPODataAccessGovernanceInsight.md b/sharepoint/sharepoint-ps/sharepoint-online/Get-SPODataAccessGovernanceInsight.md index e9fda4b93..0e869a362 100644 --- a/sharepoint/sharepoint-ps/sharepoint-online/Get-SPODataAccessGovernanceInsight.md +++ b/sharepoint/sharepoint-ps/sharepoint-online/Get-SPODataAccessGovernanceInsight.md @@ -53,7 +53,7 @@ Specifies the entity that could cause oversharing and hence tracked by these rep Type: ReportEntityEnum Parameter Sets: GetAllReportsParameterSet Aliases: -Accepted values: SharingLinks_Anyone, SharingLinks_PeopleInYourOrg, SharingLinks_Guests, SensitivityLabelForFiles, EveryoneExceptExternalUsersAtSite, EveryoneExceptExternalUsersForItems, PermissionedUsers +Accepted values: SharingLinks_Anyone, SharingLinks_PeopleInYourOrg, SharingLinks_Guests, SensitivityLabelForFiles, EveryoneExceptExternalUsersAtSite, EveryoneExceptExternalUsersForItems, PermissionedUsers, PermissionsReport (Preview) Required: True Position: Named diff --git a/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md b/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md index 6f5ea22c2..be1d6a75f 100644 --- a/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md +++ b/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md @@ -69,6 +69,18 @@ Start-SPODataAccessGovernanceInsight [] ``` +### UserPermissionsParameterSet + +``` +Start-SPODataAccessGovernanceInsight +-ReportEntity +-Workload +-ReportType +-Name +-UserIDList +[] +``` + ## DESCRIPTION This cmdlet is used to generate DAG reports which deal with potential oversharing of sensitive data. These reports are present in Sharepoint admin center. Reports are currently available for the following scenarios: @@ -77,6 +89,7 @@ This cmdlet is used to generate DAG reports which deal with potential oversharin - Content shared with Everyone except external users (EEEU) in last 28 days. - List of sites having labelled files, as of report generation time. - List of sites having 'too-many-users', as of report generation time, to setup an oversharing baseline. +- List of sites with direct or indirect permissions to given users. *(Private Preview)* ## EXAMPLES @@ -179,7 +192,7 @@ Specifies the entity that could cause oversharing and hence tracked by these rep Type: ReportEntityEnum Parameter Sets: (All) Aliases: -Accepted values: SharingLinks_Anyone, SharingLinks_PeopleInYourOrg, SharingLinks_Guests, SensitivityLabelForFiles, EveryoneExceptExternalUsersAtSite, EveryoneExceptExternalUsersForItems, PermissionedUsers +Accepted values: SharingLinks_Anyone, SharingLinks_PeopleInYourOrg, SharingLinks_Guests, SensitivityLabelForFiles, EveryoneExceptExternalUsersAtSite, EveryoneExceptExternalUsersForItems, PermissionedUsers, PermissionsReport (Preview) Required: True Position: Named @@ -227,7 +240,7 @@ Specifies the template of the site. Relevant in case a report should be generate ```yaml Type: System.Collections.Generic.List`1[Microsoft.Online.SharePoint.TenantAdministration.TemplateEnum] -Parameter Sets: EEEUParameterSet, SitePermissionsParameterSet +Parameter Sets: EEEUParameterSet, SitePermissionsParameterSet, UserPermissionsParameterSet Aliases: Accepted values: AllSites, ClassicSites, CommunicationSites, TeamSites, OtherSites @@ -255,6 +268,22 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -UserIDList + +Specifies the AAD/Entra object IDs of the users for whom permissions report should be generated. Can be fetched using the ```Get-MgUser``` command from Microsoft Graph PowerShell. + +```yaml +Type: System.Collections.Generic.List`1[System.Guid] +Parameter Sets: UserPermissionsParameterSet +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). From 6353b5c3e8b0d62cad7223dc4b232943917fcd58 Mon Sep 17 00:00:00 2001 From: Kartik P V R Date: Sat, 22 Feb 2025 08:45:00 +0530 Subject: [PATCH 2/4] Updating min value for CountOfUsers --- .../sharepoint-online/Start-SPODataAccessGovernanceInsight.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md b/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md index be1d6a75f..8f4616a26 100644 --- a/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md +++ b/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md @@ -96,7 +96,7 @@ This cmdlet is used to generate DAG reports which deal with potential oversharin ### Example 1 ```powershell -Start-SPODataAccessGovernanceInsight -ReportEntity PermissionedUsers -Workload SharePoint -ReportType Snapshot -Name "OversharingBaselineReport" -CountOfUsersMoreThan 1000 +Start-SPODataAccessGovernanceInsight -ReportEntity PermissionedUsers -Workload SharePoint -ReportType Snapshot -Name "OversharingBaselineReport" -CountOfUsersMoreThan 0 ``` The above cmdlet generates a list of SharePoint sites which can be accessed by more than 1000 users, as of report generation day. @@ -105,7 +105,7 @@ The above cmdlet generates a list of SharePoint sites which can be accessed by m ### -CountOfUsersMoreThan -Specifies the threshold of oversharing as defined by the number of users that can access the site. The number of users that can access the site are determined by expanding all users, groups across all permissions (at site level and at the level of any item with unqiue permissions), deduplicate and arrive at a unique number. Minimum value is 100. +Specifies the threshold of oversharing as defined by the number of users that can access the site. The number of users that can access the site are determined by expanding all users, groups across all permissions (at site level and at the level of any item with unqiue permissions), deduplicate and arrive at a unique number. Minimum value is 0. ```yaml Type: Int32 From 7b9ef2b921b5ba550c7ca897339c0f4948f44a73 Mon Sep 17 00:00:00 2001 From: Kartik P V R Date: Sat, 22 Feb 2025 16:50:40 +0530 Subject: [PATCH 3/4] Incorporating all feedback --- .../sharepoint-online/Get-SPODataAccessGovernanceInsight.md | 2 +- .../sharepoint-online/Start-SPODataAccessGovernanceInsight.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sharepoint/sharepoint-ps/sharepoint-online/Get-SPODataAccessGovernanceInsight.md b/sharepoint/sharepoint-ps/sharepoint-online/Get-SPODataAccessGovernanceInsight.md index 0e869a362..ccf386de9 100644 --- a/sharepoint/sharepoint-ps/sharepoint-online/Get-SPODataAccessGovernanceInsight.md +++ b/sharepoint/sharepoint-ps/sharepoint-online/Get-SPODataAccessGovernanceInsight.md @@ -53,7 +53,7 @@ Specifies the entity that could cause oversharing and hence tracked by these rep Type: ReportEntityEnum Parameter Sets: GetAllReportsParameterSet Aliases: -Accepted values: SharingLinks_Anyone, SharingLinks_PeopleInYourOrg, SharingLinks_Guests, SensitivityLabelForFiles, EveryoneExceptExternalUsersAtSite, EveryoneExceptExternalUsersForItems, PermissionedUsers, PermissionsReport (Preview) +Accepted values: SharingLinks_Anyone, SharingLinks_PeopleInYourOrg, SharingLinks_Guests, SensitivityLabelForFiles, EveryoneExceptExternalUsersAtSite, EveryoneExceptExternalUsersForItems, PermissionedUsers, PermissionsReport Required: True Position: Named diff --git a/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md b/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md index 8f4616a26..575f41047 100644 --- a/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md +++ b/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md @@ -192,7 +192,7 @@ Specifies the entity that could cause oversharing and hence tracked by these rep Type: ReportEntityEnum Parameter Sets: (All) Aliases: -Accepted values: SharingLinks_Anyone, SharingLinks_PeopleInYourOrg, SharingLinks_Guests, SensitivityLabelForFiles, EveryoneExceptExternalUsersAtSite, EveryoneExceptExternalUsersForItems, PermissionedUsers, PermissionsReport (Preview) +Accepted values: SharingLinks_Anyone, SharingLinks_PeopleInYourOrg, SharingLinks_Guests, SensitivityLabelForFiles, EveryoneExceptExternalUsersAtSite, EveryoneExceptExternalUsersForItems, PermissionedUsers, PermissionsReport Required: True Position: Named @@ -270,7 +270,7 @@ Accept wildcard characters: False ### -UserIDList -Specifies the AAD/Entra object IDs of the users for whom permissions report should be generated. Can be fetched using the ```Get-MgUser``` command from Microsoft Graph PowerShell. +Specifies the Entra object IDs of the users for whom permissions report should be generated. Can be fetched using the `Get-MgUser` command from [Microsoft Graph PowerShell](/powershell/module/microsoft.graph.users/get-mguser). ```yaml Type: System.Collections.Generic.List`1[System.Guid] From 0769c5db7f9ef74b2333fd277b154bd2bf740078 Mon Sep 17 00:00:00 2001 From: Kartik P V R Date: Mon, 24 Feb 2025 10:51:07 +0530 Subject: [PATCH 4/4] Adding language identifier --- .../Start-SPODataAccessGovernanceInsight.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md b/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md index 575f41047..2a135c17a 100644 --- a/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md +++ b/sharepoint/sharepoint-ps/sharepoint-online/Start-SPODataAccessGovernanceInsight.md @@ -21,7 +21,7 @@ This cmdlet generates Data Access Governance (DAG) reports meant to provide insi ### EEEUParameterSet -``` +```powershell Start-SPODataAccessGovernanceInsight -ReportEntity -Workload @@ -35,7 +35,7 @@ Start-SPODataAccessGovernanceInsight ### SharingLinkParameterSet -``` +```powershell Start-SPODataAccessGovernanceInsight -ReportEntity -Workload @@ -44,7 +44,7 @@ Start-SPODataAccessGovernanceInsight ### LabelParameterSet -``` +```powershell Start-SPODataAccessGovernanceInsight -ReportEntity -Workload @@ -56,7 +56,7 @@ Start-SPODataAccessGovernanceInsight ### SitePermissionsParameterSet -``` +```powershell Start-SPODataAccessGovernanceInsight -ReportEntity -Workload @@ -71,7 +71,7 @@ Start-SPODataAccessGovernanceInsight ### UserPermissionsParameterSet -``` +```powershell Start-SPODataAccessGovernanceInsight -ReportEntity -Workload