question

MoralesEmmaLSTFCTR-0654 avatar image
0 Votes"
MoralesEmmaLSTFCTR-0654 asked YiLu-MSFT commented

script for scanning permission groups

Hello,

I'm in need of running a scan on a Sharepoint Online tenant to detect any changes to permission groups. Thank you

office-sharepoint-onlinemicrosoft-graph-permissions
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

YiLu-MSFT avatar image
0 Votes"
YiLu-MSFT answered YiLu-MSFT commented

Hi @MoralesEmmaLSTFCTR-0654
You could use the following code:

 Search-UnifiedAuditLog -EndDate (Get-Date) -StartDate (Get-Date).AddDays(-90) -Operations "GroupAdded","GroupRemoved" | export-csv c:\AuditReport.csv

You could add the cmdlet into "Operations" such as "AddedToGroup","GroupRemoved" as your own need, you could refer to this article to find the cmdlet:
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide#site-permissions-activities


If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @MoralesEmmaLSTFCTR-0654
Would you please provide me with some update of this issue? I am free to hear.

0 Votes 0 ·

Hello Yilu,
Thank you for getting back to me. Do I need to run the command you shared in Powershell? Do I need to be an Admin? Also is there a quick tutorial? As you could see, I'm very new to Sharepoint. Thank you

0 Votes 0 ·
YiLu-MSFT avatar image YiLu-MSFT MoralesEmmaLSTFCTR-0654 ·

Hi @MoralesEmmaLSTFCTR-0654
This is run by Exchange online management shell.

You need to install the module in powershell first, you could refer to this article for the steps:
https://thesysadminchannel.com/how-to-install-exchange-online-powershell-module/


If you get error when you run the code as the article shows, you may need to update the version of your powershell, you could get the new version as your need from this link:
https://github.com/PowerShell/powershell/releases

As a result, after running the code I provided in the answer, you will get an excel file.

143708-image.png


143668-image.png



Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

0 Votes 0 ·
image.png (9.4 KiB)
image.png (42.5 KiB)

Hi Yilu, These were good instructions thank you. I wrestled with installing version 7. Then, I was stuck with running command: Connect-ExchangeOnline -UserPrincipalName upn@domain.com ... It told me, Create Powershell Session is failed using OAuth. I tried to activate basic authentication, but could not. So I couldn't run the command Search-UnifiedAuditLog which you were kind and generous to provide at the beginning of this journey. I also wasn't sure if I have to set the directory to 'PS C:\>' when running Install-Module -Name ExchangeOnlineManagement -Scope AllUsers. I did so because that's what shows on the instructions you provided.

How can I enable Baasic Auth so I can run 'Connect-ExchangeOnline -UserPrincipalName upn@domain.com'

0 Votes 0 ·
YiLu-MSFT avatar image YiLu-MSFT MoralesEmmaLSTFCTR-0654 ·

Hi @MoralesEmmaLSTFCTR-0654
This is my whole test process after installing 7.15 version, you could refer to the screenshot:

143969-image.png


0 Votes 0 ·
image.png (123.3 KiB)

Hi Yilu, I see that you are signed in as an Admin. Is there a script for non admins? Or way to pass non-admin credentials to the command: Install-Module -Name ExchangeOnlineManagement -Scope AllUsers
144639-144228-image.png


0 Votes 0 ·
144228-image.png (25.6 KiB)
Show more comments