Remove all sharing links and permissions for items in SharePoint Online or OneDrive for Business

A “proof of concept” script that you can use to remove all sharing links (sharing permissions) across all items stored in SharePoint Online and OneDrive for Business, including Teams sites. The script is indented to be run non-interactively and requires Sites.ReadWrite.All application permissions. …

Continue readingRemove all sharing links and permissions for items in SharePoint Online or OneDrive for Business

Reporting on SharePoint Online and OneDrive for Business item size with version history included using the Graph API

A Graph API based PowerShell script to report on storage usage in SharePoint Online and OneDrive for Business. The script allows you to generate a report down to individual items, with version history included, and can generate output resembling that of the Storage Metrics tool. You can run it against a single site, set of sites or all sites. …

Continue readingReporting on SharePoint Online and OneDrive for Business item size with version history included using the Graph API

My experience working with SharePoint/OneDrive for Business item versions via the Graph API

Before we get started, be warned – this is a rant post. While there are some interesting examples and potentially even some learnings you can find below, the post will predominantly focus on my frustration with (some of) the SharePoint Online endpoints on the Graph API. If you have more …

Continue readingMy experience working with SharePoint/OneDrive for Business item versions via the Graph API

Granular permissions for working with files, list items and lists added to the Graph API!

Microsoft has extended their permissions model for working with files, list items and lists within the Graph API. The newly introduced Files.SelectedOperations.Selected, ListItems.SelectedOperations.Selected and Lists.SelectedOperations.Selected scopes are available in both delegate and application permission flavors and allow you to granularly control application access! At the same time, they use the same model the Sites.Selected permissions used, so you can easily adopt them. …

Continue readingGranular permissions for working with files, list items and lists added to the Graph API!

Some ramblings around Continuous access evaluation, support for Graph and service principals

Does the Graph resource support Continuous Access Evaluation? How exactly are long-lived CAE tokens issued, and is it worth it to accept some additional risk as a tradeoff? But most importantly, beware of scenarios where CAE-capable service principal is compromised, as the advertised support for revocation seems to be a bit shady! …

Continue readingSome ramblings around Continuous access evaluation, support for Graph and service principals