You can use PowerShell or the Graph API to generate the sharing report across all users, but there's no going away from using elevated permissions. Here's a sample script I wrote a while back that does just that: https://practical365.com/reporting-on-onedrive-for-business-shared-files/
OneDrive Share Report for ex-employee (left multiple years ago)
We are performing clean-up tasks deleting users of employees who have left the company several years ago. There are many such users who have data on their OneDrives. Our concern is that these ex-employees may have shared their files/folders with other employees and by deleting the user we may cause issues for the end-users.
Is there a way we can pull a report from all OneDrives to see shared files and folders?
The option from Audit/Compliance is not working for us as the files/folders may have been shared long ago and the data would no longer be available there. Also using Audit get a report of who accessed who's files may not give proper results, as there might be files that are accessed rarely and thus again data for those will not be available in Audit.
Currently the "Run Sharing Report" option available for every OneDrive user meets our needs. But here we need a Global Admin to access the ex-employees OneDrive and generate the report. That is time consuming.
I mean this option, just in case I am not clear:
Just checking in to see if the information was helpful. Please let us know if you would like further assistance.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Sign in to comment
I have tried that script, but while I know my way around Powershell (but not an expert), I have troubles with APIs and Apps, thus probably I'm not setting it up correctly as the script doesn't work for me.
After a few seconds of running, as soon as the script gets to first user with OneDrive I get "Invoke-WebRequest : The remote server returned an error: (404) Not Found." (for line 223)
Try running the script with the -Verbose parameter, it will spill out more info about the execution, so we can narrow down the issue. Usually, it's the token, so make sure you enter the correct details at lines 259-261, and make sure the permissions are consented to.
Once you run the script, it should generate a Global variable $authheader, from where you can copy the token value. Use this with a tool such as jwt.ms to decode the token and verify that the required permissions are present.
Thanks. Did another go at the permissions and that was the issue. So now it is running like a charm.
But the script is not picking up all the files.
For example I have shared a file from my OneDrive located at - personal/me_mydomain_com/Documents/Desktop/Folder1/Folder2/Folder3/File.pptx
But the script doesn't seem to go deeper than personal/me_mydomain_com/Documents/Desktop
No errors, nothing. Just doesn't seem to pick up children from "Desktop".
By default, it looks only 2 levels deep. You can use the -Depth parameter if you want to go deeper... but remember that will likely greatly increase the runtime of the script.
This will cover any subfolders within the Desktop folder as well:
.\Graph_ODFB_shared_files.ps1 -ExpandFolders -depth 2
Sign in to comment