Category Archives: Office 365

M365Permissions v1.0.2 – Exchange Online

This version I’ve added Exchange Online to the supported resources!

All updates / changes since v1.0.1:

  1. Exchange Online Admin Roles
  2. Exchange Online Send As rights (groups, mailboxes etc etc)
  3. Exchange Online Send On Behalf (mailboxes)
  4. Exchange other Mailbox Permissions (full control etc)
  5. enhanced token handling (1 prompt instead of per API)
  6. auto setup and instructions at module load
  7. Ignore Current User support for the EntraID resource

For more info, check the M365Permissions module page, Github or PSGallery

Microsoft Teams permission auditing

I lied, not just Teams, also Sharepoint and Onedrive!

As I am asked often how to report on specific permissions granted to individual (groups) of (internal/external) users….and Microsoft doesn’t have a good built-in solution, nor does the community seem to yet….this something was just asking to be coded!

My TeamPermissions PowerShell module will do exactly the above, a full report in XLSX, CSV or HTML format that contains ALL unique permissions for a given Team, Sharepoint site or Onedrive location for all files, folders, lists, list items etc. Example:

It uses the safe Entra Delegated Permission Flow for authentication so your credentials/tokens stay with you, but this does mean you have to run it as a Sharepoint Administrator (or Global Admin), there is no support for MI/SPN runs yet but can be added easily if there is much demand.

Since it exports to Excel in append mode, you could run it for multiple (or all) team sites and use e.g. Pivots to view all permissions for a given user.

Do note that although some work has been done on performance, it does not scan multiple locations in parallel yet, this will be added in a future version.

Example:

Install-PSResource -Name TeamPermissions -Repository PSGallery

#then get xlsx/html reports for the INT-Finance Department Team:

Get-TeamPermissions -teamName "INT-Finance Department" -ExpandGroups -OutputFormat XLSX,HTML

#Or get all permission for a Sharepoint site:

Get-TeamPermissions -TeamSiteUrl "https://tenant.sharepoint.com/sites/site" -ExpandGroups -OutputFormat Default

Notes

Required PS modules: PnP.PowerShell, ImportExcel

Running multiple times will append data if you don’t move the (xlsx, csv, html) file, turning the report into a multi-location report.

Populating Sharepoint Choice Column with Entra Group Names

If you want to allow users in Sharepoint to select e.g. security groups or teams from a dropdown in a List and don’t want to manually keep that list of choices up to date….this is for you!

I’ve used Power Automate Flow for this specific scenario, but Logic Apps will of course work just as well.

First, define some variables and retrieve all the groups you want to show up in the Choice column:

Then, create a string with all the group’s names using a simple loop:

Then use ‘Send an HTTP request to Sharepoint’ to retrieve current columns (fields) defined in the list if you don’t know the GUID yet. This step is optional and uses GET to the _api/web/Lists/GetById(”)/Fields method.

Finally, use another Send an HTTP request to Sharepoint to Patch the column definition of the Choice column with the new group names.

Note we’re using PATCH for the _api/Web/Lists(guid”)/Fields(guid”) method and that I’m removing the trailing comma (,) from the data we’re patching in.

Also note that if you’re not using multiple choice but single choice you’ll need to adjust the SP.FieldMultiChoice and 15 values.