Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Start-SPODataAccessGovernanceInsight
This cmdlet generates Data Access Governance (DAG) reports meant to provide insights into potential oversharing of sensitive data in SharePoint and/or OneDrive for Business. SharePoint Advanced Management (SAM) license is required to run these reports.
Syntax
EEEUParameterSet
Start-SPODataAccessGovernanceInsight
-ReportEntity <ReportEntityEnum>
-Workload <WorkloadEnum>
-ReportType <ReportTypeEnum>
-Name <String>
[-Template <System.Collections.Generic.List`1[Microsoft.Online.SharePoint.TenantAdministration.TemplateEnum]>]
[-Privacy <PrivacyEnum>]
[-SiteSensitivityLabelGUID <System.Collections.Generic.List`1[System.Guid]>]
[<CommonParameters>]
SharingLinkParameterSet
Start-SPODataAccessGovernanceInsight
-ReportEntity <ReportEntityEnum>
-Workload <WorkloadEnum>
-ReportType <ReportTypeEnum>
[<CommonParameters>]
LabelParameterSet
Start-SPODataAccessGovernanceInsight
-ReportEntity <ReportEntityEnum>
-Workload <WorkloadEnum>
-ReportType <ReportTypeEnum>
-FileSensitivityLabelGUID <Guid>
[-FileSensitivityLabelName <String>]
[<CommonParameters>]
SitePermissionsParameterSet
Start-SPODataAccessGovernanceInsight
-ReportEntity <ReportEntityEnum>
-Workload <WorkloadEnum>
-ReportType <ReportTypeEnum>
-Name <String>
-CountOfUsersMoreThan <Int32>
[-Template <System.Collections.Generic.List`1[Microsoft.Online.SharePoint.TenantAdministration.TemplateEnum]>]
[-Privacy <PrivacyEnum>]
[-SiteSensitivityLabelGUID <System.Collections.Generic.List`1[System.Guid]>]
[<CommonParameters>]
UserPermissionsParameterSet
Start-SPODataAccessGovernanceInsight
-ReportEntity <ReportEntityEnum>
-Workload <WorkloadEnum>
-ReportType <ReportTypeEnum>
-Name <String>
-UserPrincipalNames <System.Collections.Generic.List`1[System.String]>
[<CommonParameters>]
DetailedEEEUParameterSet
Start-SPODataAccessGovernanceInsight
-ReportEntity <ReportEntityEnum>
-ReportType <ReportTypeEnum>
[<CommonParameters>]
Description
This cmdlet is used to generate DAG reports which deal with potential oversharing of sensitive data. These reports are present in Sharepoint admin center. Reports are currently available for the following scenarios:
- Sharing links created in last 28 days (Anyone, People-in-your-org, Specific people shared externally).
- Content shared with Everyone except external users (EEEU) in last 28 days.
- List of sites having labelled files, as of report generation time.
- List of sites having 'too-many-users', as of report generation time, to setup an oversharing baseline.
- List of sites with direct or indirect permissions to given users.
Examples
Example 1
Start-SPODataAccessGovernanceInsight -ReportEntity PermissionedUsers -Workload SharePoint -ReportType Snapshot -Name "OversharingBaselineReport" -CountOfUsersMoreThan 0
The above cmdlet generates a list of SharePoint sites which can be accessed by more than 1000 users, as of report generation day.
Example 2
Start-SPODataAccessGovernanceInsight -ReportEntity EveryoneExceptExternalUsers -ReportType Snapshot
The above cmdlet generates a detailed report for all content shared with 'Everyone except external users' (Sites, groups and files) across both SharePoint sites and OneDrive accounts, as of report generation time.
Parameters
-CountOfUsersMoreThan
Specifies the threshold of oversharing as defined by the number of users that can access the site. The number of users that can access the site are determined by expanding all users, groups across all permissions (at site level and at the level of any item with unqiue permissions), deduplicate and arrive at a unique number. Minimum value is 0.
Parameter properties
| Type: | System.Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-FileSensitivityLabelGUID
Specifies the GUID for the sensitivity label for the file.
Parameter properties
| Type: | System.Guid |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-FileSensitivityLabelName
Specifies the name of the sensitivity label for the file.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Name
Specifies the name to be given to the generated report.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Privacy
Specifies the privacy setting of the Microsoft 365 group. Relevant in case of filtering the report for group connected sites.
Parameter properties
| Type: | Microsoft.Online.SharePoint.TenantAdministration.PrivacyEnum |
| Default value: | None |
| Accepted values: | All, Private, Public |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ReportEntity
Specifies the entity that could cause oversharing and hence tracked by these reports.
Parameter properties
| Type: | Microsoft.Online.SharePoint.TenantAdministration.ReportEntityEnum |
| Default value: | None |
| Accepted values: | Everyone, EveryoneExceptExternalUsers, EveryoneExceptExternalUsersAtSite, EveryoneExceptExternalUsersForItems, PermissionedUsers, PermissionsReport, SensitivityLabelForFiles, SharingLinks_Anyone, SharingLinks_Guests, SharingLinks_PeopleInYourOrg |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ReportType
Specifies the time period of data based on which DAG report is generated. A 'Snapshot' report will have the latest data as of the report generation time. A 'RecentActivity' report will be based on data in the last 28 days.
Parameter properties
| Type: | Microsoft.Online.SharePoint.TenantAdministration.ReportTypeEnum |
| Default value: | None |
| Accepted values: | Snapshot, RecentActivity |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-SiteSensitivityLabelGUID
Specifies the GUID of the sensitivity label applied to the site.
Parameter properties
| Type: | System.Collections.Generic.List`1[System.Guid] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Template
Specifies the template of the site. Relevant in case a report should be generated for that particular template.
Parameter properties
| Type: | System.Collections.Generic.List`1[Microsoft.Online.SharePoint.TenantAdministration.TemplateEnum] |
| Default value: | None |
| Accepted values: | AllSites, ClassicSites, CommunicationSites, TeamSites, OtherSites |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-UserPrincipalNames
Specifies the user principal names of the users for whom permissions report should be generated.
Parameter properties
| Type: | System.Collections.Generic.List`1[System.String] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Workload
Specifies whether the report is for SharePoint sites or OneDrive accounts.
Parameter properties
| Type: | Microsoft.Online.SharePoint.TenantAdministration.WorkloadEnum |
| Default value: | None |
| Accepted values: | SharePoint, OneDriveForBusiness |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
None
Outputs
System.Object
Related Links
Feedback
Was this page helpful?