For those of you that don’t follow Practical365.com (why!?), here’s the next round of PowerShell scripts I published. The first one addresses a gap that Microsoft has left unfilled for years now, namely reporting on any files that your OneDrive for Business users have shared. The script uses the Graph API to get a list of all users in the tenant, then for each user checks the presence of a OneDrive for Business (sadly, no way to just list all users that have ODFB enabled). Then, for each ODFB drive, it enumerates all the files and checks whether a given file has been shared, either by direct permissions, sharing link or invitation. In addition, the script will try to determine whether the file has been shared externally, by comparing the email addresses of the invitee with the list of domains registered in your tenant.
The other “inventory” script I published will help you get a comprehensive inventory of all RBAS assignments in your organization. Auditing role assignments is something you should be doing regularly, especially when it comes to more sensitive roles such as Application Impersonation. The script will help you with this task by listing each individual user that has any assignments, effectively expanding the membership of any Role Groups and mail-enabled security groups that have been assigned roles. It will also help you identify those users, as they are only referenced by their display name in Exchange Online. Optionally, the script can also list any Role Groups that have no assignments, so you can get the full picture.