Start-SPODataAccessGovernanceInsight
This cmdlet generates Data Access Governance (DAG) reports meant to provide insights into potential oversharing of sensitive data in SharePoint and/or OneDrive for Business. SharePoint Advanced Management (SAM) license is required to run these reports.
Syntax
Start-SPODataAccessGovernanceInsight
-ReportEntity <ReportEntityEnum>
-Workload <WorkloadEnum>-ReportType <ReportTypeEnum>
-Name <String>[-Template <System.Collections.Generic.List`1[Microsoft.Online.SharePoint.TenantAdministration.TemplateEnum]>][-Privacy <PrivacyEnum>][-SiteSensitivityLabelGUID <System.Collections.Generic.List`1[System.Guid]>][<CommonParameters>] Start-SPODataAccessGovernanceInsight
-ReportEntity <ReportEntityEnum>
-Workload <WorkloadEnum>-ReportType <ReportTypeEnum>
[<CommonParameters>] Start-SPODataAccessGovernanceInsight
-ReportEntity <ReportEntityEnum>-Workload <WorkloadEnum>-ReportType <ReportTypeEnum>
[-FileSensitivityLabelName <String>]
-FileSensitivityLabelGUID <Guid>[<CommonParameters>] Start-SPODataAccessGovernanceInsight
-ReportEntity <ReportEntityEnum>
-Workload <WorkloadEnum>-ReportType <ReportTypeEnum>
-Name <String>[-Template <System.Collections.Generic.List`1[Microsoft.Online.SharePoint.TenantAdministration.TemplateEnum]>][-Privacy <PrivacyEnum>]
[-SiteSensitivityLabelGUID <System.Collections.Generic.List`1[System.Guid]>]-CountOfUsersMoreThan <Int32>
[<CommonParameters>] Description
This cmdlet is used to generate DAG reports which deal with potential oversharing of sensitive data. These reports are present in Sharepoint admin center. Reports are currently available for the following scenarios:
- Sharing links created in last 28 days (Anyone, People-in-your-org, Specific people shared externally).
- Content shared with Everyone except external users (EEEU) in last 28 days.
- List of sites having labelled files, as of report generation time.
- List of sites having 'too-many-users', as of report generation time, to setup an oversharing baseline.
Examples
Example 1
Start-SPODataAccessGovernanceInsight -ReportEntity PermissionedUsers -Workload SharePoint -ReportType Snapshot -Name "OversharingBaselineReport" -CountOfUsersMoreThan 1000The above cmdlet generates a list of SharePoint sites which can be accessed by more than 1000 users, as of report generation day.
Parameters
-CountOfUsersMoreThan
Specifies the threshold of oversharing as defined by the number of users that can access the site. The number of users that can access the site are determined by expanding all users, groups across all permissions (at site level and at the level of any item with unqiue permissions), deduplicate and arrive at a unique number. Minimum value is 100.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-FileSensitivityLabelGUID
Specifies the GUID for the sensitivity label for the file.
| Type: | Guid |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-FileSensitivityLabelName
Specifies the name of the sensitivity label for the file.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Specifies the name to be given to the generated report.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Privacy
Specifies the privacy setting of the Microsoft 365 group. Relevant in case of filtering the report for group connected sites.
| Type: | PrivacyEnum |
| Accepted values: | All, Private, Public |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ReportEntity
Specifies the entity that could cause oversharing and hence tracked by these reports.
| Type: | ReportEntityEnum |
| Accepted values: | SharingLinks_Anyone, SharingLinks_PeopleInYourOrg, SharingLinks_Guests, SensitivityLabelForFiles, EveryoneExceptExternalUsersAtSite, EveryoneExceptExternalUsersForItems, PermissionedUsers |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ReportType
Specifies the time period of data based on which DAG report is generated. A 'Snapshot' report will have the latest data as of the report generation time. A 'RecentActivity' report will be based on data in the last 28 days.
| Type: | ReportTypeEnum |
| Accepted values: | Snapshot, RecentActivity |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SiteSensitivityLabelGUID
Specifies the GUID of the sensitivity label applied to the site.
| Type: | System.Collections.Generic.List`1[System.Guid] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Template
Specifies the template of the site. Relevant in case a report should be generated for that particular template.
| Type: | System.Collections.Generic.List`1[Microsoft.Online.SharePoint.TenantAdministration.TemplateEnum] |
| Accepted values: | AllSites, ClassicSites, CommunicationSites, TeamSites, OtherSites |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Workload
Specifies whether the report is for SharePoint sites or OneDrive accounts.
| Type: | WorkloadEnum |
| Accepted values: | SharePoint, OneDriveForBusiness |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
Outputs
System.Object