Modifier

Partager via


Start-SPODataAccessGovernanceInsight

This cmdlet generates Data Access Governance (DAG) reports meant to provide insights into potential oversharing of sensitive data in SharePoint and/or OneDrive for Business. SharePoint Advanced Management (SAM) license is required to run these reports.

Syntax

Start-SPODataAccessGovernanceInsight
     -ReportEntity <ReportEntityEnum>
     -Workload <WorkloadEnum>-ReportType <ReportTypeEnum>
     -Name <String>[-Template <System.Collections.Generic.List`1[Microsoft.Online.SharePoint.TenantAdministration.TemplateEnum]>][-Privacy <PrivacyEnum>][-SiteSensitivityLabelGUID <System.Collections.Generic.List`1[System.Guid]>][<CommonParameters>]
Start-SPODataAccessGovernanceInsight
     -ReportEntity <ReportEntityEnum>
     -Workload <WorkloadEnum>-ReportType <ReportTypeEnum>
     [<CommonParameters>]
Start-SPODataAccessGovernanceInsight
     -ReportEntity <ReportEntityEnum>-Workload <WorkloadEnum>-ReportType <ReportTypeEnum>
     [-FileSensitivityLabelName <String>]
     -FileSensitivityLabelGUID <Guid>[<CommonParameters>]
Start-SPODataAccessGovernanceInsight
     -ReportEntity <ReportEntityEnum>
     -Workload <WorkloadEnum>-ReportType <ReportTypeEnum>
     -Name <String>[-Template <System.Collections.Generic.List`1[Microsoft.Online.SharePoint.TenantAdministration.TemplateEnum]>][-Privacy <PrivacyEnum>]
     [-SiteSensitivityLabelGUID <System.Collections.Generic.List`1[System.Guid]>]-CountOfUsersMoreThan <Int32>
     [<CommonParameters>]

Description

This cmdlet is used to generate DAG reports which deal with potential oversharing of sensitive data. These reports are present in Sharepoint admin center. Reports are currently available for the following scenarios:

  • Sharing links created in last 28 days (Anyone, People-in-your-org, Specific people shared externally).
  • Content shared with Everyone except external users (EEEU) in last 28 days.
  • List of sites having labelled files, as of report generation time.
  • List of sites having 'too-many-users', as of report generation time, to setup an oversharing baseline.

Examples

Example 1

Start-SPODataAccessGovernanceInsight -ReportEntity PermissionedUsers -Workload SharePoint -ReportType Snapshot -Name "OversharingBaselineReport" -CountOfUsersMoreThan 1000

The above cmdlet generates a list of SharePoint sites which can be accessed by more than 1000 users, as of report generation day.

Parameters

-CountOfUsersMoreThan

Specifies the threshold of oversharing as defined by the number of users that can access the site. The number of users that can access the site are determined by expanding all users, groups across all permissions (at site level and at the level of any item with unqiue permissions), deduplicate and arrive at a unique number. Minimum value is 100.

Type:Int32
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-FileSensitivityLabelGUID

Specifies the GUID for the sensitivity label for the file.

Type:Guid
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-FileSensitivityLabelName

Specifies the name of the sensitivity label for the file.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies the name to be given to the generated report.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Privacy

Specifies the privacy setting of the Microsoft 365 group. Relevant in case of filtering the report for group connected sites.

Type:PrivacyEnum
Accepted values:All, Private, Public
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ReportEntity

Specifies the entity that could cause oversharing and hence tracked by these reports.

Type:ReportEntityEnum
Accepted values:SharingLinks_Anyone, SharingLinks_PeopleInYourOrg, SharingLinks_Guests, SensitivityLabelForFiles, EveryoneExceptExternalUsersAtSite, EveryoneExceptExternalUsersForItems, PermissionedUsers
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ReportType

Specifies the time period of data based on which DAG report is generated. A 'Snapshot' report will have the latest data as of the report generation time. A 'RecentActivity' report will be based on data in the last 28 days.

Type:ReportTypeEnum
Accepted values:Snapshot, RecentActivity
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-SiteSensitivityLabelGUID

Specifies the GUID of the sensitivity label applied to the site.

Type:System.Collections.Generic.List`1[System.Guid]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Template

Specifies the template of the site. Relevant in case a report should be generated for that particular template.

Type:System.Collections.Generic.List`1[Microsoft.Online.SharePoint.TenantAdministration.TemplateEnum]
Accepted values:AllSites, ClassicSites, CommunicationSites, TeamSites, OtherSites
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Workload

Specifies whether the report is for SharePoint sites or OneDrive accounts.

Type:WorkloadEnum
Accepted values:SharePoint, OneDriveForBusiness
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

System.Object