Whether you are taking on a new customer or preparing for Copilot for Microsoft 365, understanding the current sharing permissions for SharePoint Online is one of the more difficult and laborious tasks you need to complete. With the new ‘Get SharePoint Online File Permissions Report’ and ‘Get SharePoint Online Sites Report’, we have made that a whole lot easier.
Customers vary in their approach to managing SharePoint data governance. Some companies strictly control permissions and limit data sharing, while others take a more relaxed approach. This becomes more complex when certain data needs to be widely shared across the organization. End users may unknowingly contribute to data oversharing, for example, by not paying attention to the permissions of the site, library, or folder where they store files, potentially exposing sensitive content to others, including external users. Additionally, users often prefer to share files with large groups rather than individuals, increasing the risk of oversharing.
Additionally, Microsoft 365 Copilot accesses all the data a user has permission to view, which may include files shared more broadly than the user realizes. As a result, some users may feel that Copilot exposes overshared information. To mitigate this, it’s essential to follow best practices for managing SharePoint permissions and access control to prevent unintended data exposure.
This is where ‘Get SharePoint Online File Permissions Report’ comes into play to help you ‘Get It Done’:
- If you select ‘Include All Site’ the report may take a lot longer to complete, approximately 8-9 minutes per 1000 items in a document library.
- Select ‘Include Files with Unique Permissions Only’ to report only on files and folders with unique permissions to reduce processing time and noise in the report.
- Select either CSV, HTML or both under ‘Report Output Type’ depending on how you want to use the data later.
Other Top Tips for this command to ‘Get It Done’ are:
- Sort by ‘Is Shared Externally’ to see all of the files that might be available to people outside the organisation, you might want to lock down these first.
- Sort by ‘Has Unique Permissions’ and maybe start with these files at they have been shared specifically with a set of people so can be reviewed first.
- The customer admin (the user account used to connect SharePoint connector) must have permissions (for example, Site Admin) to the selected SharePoint sites to run this solution. You will also need to ensure the SharePoint connect is in place for this customer.
- We have also added this script to the ‘Plan and Deploy Microsoft 365 Copilot’ workflow so it’s integrated right into your Copilot onboarding process already.
We have also added this script to the ‘Plan and Deploy Microsoft 365 Copilot’ workflow so it’s integrated right into your Copilot onboarding process already.
In addition to permissions, you may also want to understand where most of your data is stored, perhaps to tackle these first or actively exclude them from Copilot. This is where ‘Get SharePoint Online Sites Report’ comes into play to help you ‘Get It Done’:
- Select the correct option in ‘Report View’ depending on what type of usage you are looking for. Go for ‘All Sites’ initially and change this setting based on the report output.
- Select the correct ‘Site Activity Report Period’ but bear in mind that extending the period will generate more information in the report.
- Select either CSV, HTML or both under ‘Report Output Type’ depending on how you want to use the data later.
Other Top Tips for this command to ‘Get It Done’ are:
- Using ‘Report View’ can also be used to find SharePoint sites that are no longer used (Least Active Sites) that you may want to delete or sites that have External Sharing allowed (External Sharing Allowed Sites)
- Use the ‘Last Activity in Days’ to discover sites that are no longer active and delete the content if it’s no longer relevant. ‘Page Views’ may give you a similar list of files or sites to remove.
- Sort by ‘External Sharing’ to understand sites that have External Sharing configured. You might want to look at these first.
As always, keep an eye out for more information and updates on either the blog, the ‘Lets Get It Done’ emails or by checking for new scripts in Workbench > Updates.
