Get-MgSite Can't find site assigned the block download policy #3061
Description
Describe the bug
The SharePoint block download policy https://office365itpros.com/2024/12/12/block-download-policy-labels/ allows administrators to force users to work with files online and doesn't allow them to download files to print, work with Office desktop apps, etc. When a site is configured (using SharePoint Online PowerShell or a sensitivity label) with the block download policy, Get-MgSite can't search for the site.
Here's an example of trying to use the Graph Explorer to search for a site with a block download policy applied (the same site as used as an example in the article referenced above)
Expected behavior
I expect Get-MgSite to be able to find the site and then to be able to access details of drives and files in the site.
How to reproduce
- Configure a site with the block download policy directly https://learn.microsoft.com/en-us/sharepoint/block-download-from-sites or with a sensitivity label https://office365itpros.com/2024/12/12/block-download-policy-labels/
- Run Get-MgSite to search for the site. The operation should fail.
e.g.,
$uri = 'https://redmondassociates.sharepoint.com/sites/Seattle.Workshop'
Get-MgSite -Search $uri
SDK Version
2.25
Latest version known to work for scenario above?
N/A
Known Workarounds
None. The Graph API doesn't work either (as per Graph Explorer example)
Debug output
Click to expand log
```Get-MgSite -Search $uri -debug
DEBUG: [CmdletBeginProcessing]: - Get-MgSite begin processing with parameterSet 'List'.
DEBUG: [Authentication]: - AuthType: 'Delegated', TokenCredentialType: 'InteractiveBrowser', ContextScope: 'CurrentUser', AppName: 'Microsoft Graph Command Line Tools'.
DEBUG: [Authentication]: - Scopes: [AccessReview.Read.All, Agreement.Read.All, Analytics.Read, APIConnectors.Read.All, Application.Read.All, Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All, AuditLog.Read.All, AuditLogsQuery.Read.All, BackupRestore-Control.Read.All, Calendars.Read, Calendars.ReadWrite, Channel.ReadBasic.All, ChannelMessage.Read.All, ChannelMessage.ReadWrite, ChannelMessage.Send, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All, Chat.Create, Chat.ManageDeletion.All, Chat.ReadWrite, Community.ReadWrite.All, Contacts.ReadWrite, CopilotSettings-LimitedMode.ReadWrite, CrossTenantUserProfileSharing.Read, CrossTenantUserProfileSharing.Read.All, DelegatedPermissionGrant.ReadWrite.All, DeviceManagementManagedDevices.Read.All, Directory.AccessAsUser.All, Directory.Read.All, Directory.ReadWrite.All, DirectoryRecommendations.Read.All, Domain.Read.All, eDiscovery.Read.All, email, EntitlementManagement.Read.All, Files.Read, Files.Read.All, Group.Read.All, Group.ReadWrite.All, GroupMember.Read.All, GroupMember.ReadWrite.All, IdentityProvider.Read.All, IdentityProvider.ReadWrite.All, IdentityRiskEvent.Read.All, IdentityRiskyUser.Read.All, IdentityRiskyUser.ReadWrite.All, IdentityUserFlow.Read.All, InformationProtectionPolicy.Read, Mail.Read, Mail.ReadWrite, Mail.Send, Mail.Send.Shared, MailboxSettings.ReadWrite, Notes.Create, OnlineMeetingArtifact.Read.All, OnlineMeetings.Read, OnPremDirectorySynchronization.ReadWrite.All, openid, Organization.Read.All, PeopleSettings.Read.All, PeopleSettings.ReadWrite.All, Place.Read.All, Policy.Read.All, Policy.Read.ConditionalAccess, Policy.Read.PermissionGrant, Policy.ReadWrite.ApplicationConfiguration, Policy.ReadWrite.AuthenticationMethod, Policy.ReadWrite.ConditionalAccess, POP.AccessAsUser.All, PrivilegedAccess.Read.AzureAD, PrivilegedAccess.Read.AzureResources, profile, RecordsManagement.Read.All, Reports.Read.All, ReportSettings.ReadWrite.All, RoleAssignmentSchedule.Read.Directory, RoleAssignmentSchedule.ReadWrite.Directory, RoleEligibilitySchedule.Read.Directory, RoleEligibilitySchedule.ReadWrite.Directory, RoleEligibilitySchedule.Remove.Directory, RoleManagement.Read.All, RoleManagement.Read.Directory, RoleManagement.ReadWrite.Directory, SecurityActions.ReadWrite.All, SecurityEvents.Read.All, SecurityEvents.ReadWrite.All, ServiceHealth.Read.All, ServiceMessage.Read.All, SharePointTenantSettings.ReadWrite.All, Sites.FullControl.All, Sites.Manage.All, Sites.Read.All, Sites.ReadWrite.All, Tasks.Read, Tasks.ReadWrite, Team.ReadBasic.All, TeamMember.Read.All, TeamSettings.Read.All, TeamsTab.Read.All, TeamworkTag.ReadWrite, User.Read, User.Read.All, User.ReadBasic.All, User.ReadWrite, User.ReadWrite.All, UserActivity.ReadWrite.CreatedByApp, UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All, User-ConvertToInternal.ReadWrite.All, VirtualEvent.Read, WindowsUpdates.Read.All].
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
GET
Absolute Uri:
https://graph.microsoft.com/v1.0/sites?$search="https%3A%2F%2Fredmondassociates.sharepoint.com%2Fsites%2FSeattle.Workshop"
Headers:
FeatureFlag : 00000043
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.26100; en-IE),PowerShell/7.4.6
Accept-Encoding : gzip
SdkVersion : graph-powershell/2.25.0
client-request-id : 267ed3f0-9b6a-4a6e-a38a-45433b5b29fd
Body:
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
OK
Headers:
Cache-Control : no-store, no-cache
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : e3b75969-fef3-4c7c-9f2d-aaccce2f38fd
client-request-id : 267ed3f0-9b6a-4a6e-a38a-45433b5b29fd
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"North Europe","Slice":"E","Ring":"4","ScaleUnit":"007","RoleInstance":"DU6PEPF0000B5DB"}}
x-searchplatform : Substrate
odata-version : 4.0
Date : Mon, 23 Dec 2024 15:26:27 GMT
Body:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#sites",
"value": []
}
DEBUG: [CmdletEndProcessing]: - Get-MgSite end processing.
</details>
### Configuration
_No response_
### Other information
Name Value
---- -----
PSVersion 7.4.6
PSEdition Core
GitCommitId 7.4.6
OS Microsoft Windows 10.0.26100
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0