Start-SPODataAccessGovernanceInsight
This cmdlet generates Data Access Governance (DAG) reports meant to provide insights into potential oversharing of sensitive data in SharePoint and/or OneDrive for Business. SharePoint Advanced Management (SAM) license is required to run these reports.
Start-SPODataAccessGovernanceInsight
-ReportEntity <ReportEntityEnum>
-Workload <WorkloadEnum>-ReportType <ReportTypeEnum>
-Name <String>[-Template <System.Collections.Generic.List`1[Microsoft.Online.SharePoint.TenantAdministration.TemplateEnum]>][-Privacy <PrivacyEnum>][-SiteSensitivityLabelGUID <System.Collections.Generic.List`1[System.Guid]>][<CommonParameters>]Start-SPODataAccessGovernanceInsight
-ReportEntity <ReportEntityEnum>
-Workload <WorkloadEnum>-ReportType <ReportTypeEnum>
[<CommonParameters>]Start-SPODataAccessGovernanceInsight
-ReportEntity <ReportEntityEnum>-Workload <WorkloadEnum>-ReportType <ReportTypeEnum>
[-FileSensitivityLabelName <String>]
-FileSensitivityLabelGUID <Guid>[<CommonParameters>]Start-SPODataAccessGovernanceInsight
-ReportEntity <ReportEntityEnum>
-Workload <WorkloadEnum>-ReportType <ReportTypeEnum>
-Name <String>[-Template <System.Collections.Generic.List`1[Microsoft.Online.SharePoint.TenantAdministration.TemplateEnum]>][-Privacy <PrivacyEnum>]
[-SiteSensitivityLabelGUID <System.Collections.Generic.List`1[System.Guid]>]-CountOfUsersMoreThan <Int32>
[<CommonParameters>]Start-SPODataAccessGovernanceInsight
-ReportEntity <ReportEntityEnum>
-Workload <WorkloadEnum>-ReportType <ReportTypeEnum>
-Name <String>
-UserIDList <System.Collections.Generic.List`1[System.Guid]>[<CommonParameters>]This cmdlet is used to generate DAG reports which deal with potential oversharing of sensitive data. These reports are present in Sharepoint admin center. Reports are currently available for the following scenarios:
- Sharing links created in last 28 days (Anyone, People-in-your-org, Specific people shared externally).
- Content shared with Everyone except external users (EEEU) in last 28 days.
- List of sites having labelled files, as of report generation time.
- List of sites having 'too-many-users', as of report generation time, to setup an oversharing baseline.
- List of sites with direct or indirect permissions to given users. (Private Preview)
Start-SPODataAccessGovernanceInsight -ReportEntity PermissionedUsers -Workload SharePoint -ReportType Snapshot -Name "OversharingBaselineReport" -CountOfUsersMoreThan 0The above cmdlet generates a list of SharePoint sites which can be accessed by more than 1000 users, as of report generation day.
Specifies the threshold of oversharing as defined by the number of users that can access the site. The number of users that can access the site are determined by expanding all users, groups across all permissions (at site level and at the level of any item with unqiue permissions), deduplicate and arrive at a unique number. Minimum value is 0.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the GUID for the sensitivity label for the file.
| Type: | Guid |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the name of the sensitivity label for the file.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the name to be given to the generated report.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the privacy setting of the Microsoft 365 group. Relevant in case of filtering the report for group connected sites.
| Type: | PrivacyEnum |
| Accepted values: | All, Private, Public |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the entity that could cause oversharing and hence tracked by these reports.
| Type: | ReportEntityEnum |
| Accepted values: | SharingLinks_Anyone, SharingLinks_PeopleInYourOrg, SharingLinks_Guests, SensitivityLabelForFiles, EveryoneExceptExternalUsersAtSite, EveryoneExceptExternalUsersForItems, PermissionedUsers, PermissionsReport |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the time period of data based on which DAG report is generated. A 'Snapshot' report will have the latest data as of the report generation time. A 'RecentActivity' report will be based on data in the last 28 days.
| Type: | ReportTypeEnum |
| Accepted values: | Snapshot, RecentActivity |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the GUID of the sensitivity label applied to the site.
| Type: | System.Collections.Generic.List`1[System.Guid] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the template of the site. Relevant in case a report should be generated for that particular template.
| Type: | System.Collections.Generic.List`1[Microsoft.Online.SharePoint.TenantAdministration.TemplateEnum] |
| Accepted values: | AllSites, ClassicSites, CommunicationSites, TeamSites, OtherSites |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the Entra object IDs of the users for whom permissions report should be generated. Can be fetched using the Get-MgUser command from Microsoft Graph PowerShell.
| Type: | System.Collections.Generic.List`1[System.Guid] |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies whether the report is for SharePoint sites or OneDrive accounts.
| Type: | WorkloadEnum |
| Accepted values: | SharePoint, OneDriveForBusiness |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
None
System.Object