Merge pull request #762 from reshmee011/UpdateSiteSharing

Update to add sensitivity label, type of m365 group and allowtoaddguest
pnp · Oct 27, 2024 · 8d771e9 · 8d771e9
2 parents fbed27b + 55941a2
commit 8d771e9
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 4 deletions.
diff --git a/scripts/spo-get-site-sharing-settings/README.md b/scripts/spo-get-site-sharing-settings/README.md
@@ -41,6 +41,8 @@ $adminConnection = Get-PnPConnection
             $sharingsetting = Get-PnPTenantSite -url $_.Url -DisableSharingForNonOwnersStatus -Connection $adminConnection| select `
             Title, `
             Url, `
+            Type, `
+            Template, `
             ShowPeoplePickerSuggestionsForGuestUsers, `
             SharingCapability, `
             ExternalUserExpirationInDays, `
@@ -66,21 +68,36 @@ $adminConnection = Get-PnPConnection
             RequestFilesLinkExpirationInDays, `
             RestrictedAccessControl, `
             RestrictedAccessControlGroups, `
-            RestrictContentOrgWideSearch
+            RestrictContentOrgWideSearch, `
+            SensitivityLabel
             # DefaultShareLinkScope and DefaultShareLinkRole will replace DefaultSharingLinkType and DefaultLinkPermission
-
             $restUrl = $_.Url +'/_api/web?$select=MembersCanShare,TenantAdminMembersCanShare,RequestAccessEmail,UseAccessRequestDefault,AccessRequestSiteDescription'
             connect-PnPOnline -Url $_.Url -interactive -WarningAction SilentlyContinue
             $siteconnection = Get-PnPConnection
             $response = invoke-pnpsprestmethod -Url $restUrl -Method Get -Connection $siteconnection
+            $groupType = ""
+            $allowToAddGuests = $null;
+            $m365Group = $null;
+            #find if the site is linked to a m365 group and retrieve visibility 
+            if($_.groupId  -ne [guid]::Empty){
+                $m365Group = Get-PnPMicrosoft365Group -Identity $_.groupId -Connection $adminConnection | select Visibility
+                $m365GroupSettings =  Get-PnPMicrosoft365GroupSettings -Identity $_.GroupId -Connection $adminConnection
+                $allowToAddGuests = $m365GroupSettings.Values | Where-Object {$_.Name -eq 'AllowToAddGuests'}
+                #Get group type (group, team, yammer)
+                $gEndPoint = Get-PnPMicrosoft365GroupEndpoint -Identity $_.groupId
+                $groupType = $gEndPoint ? $gEndPoint.Providername : "SharePoint Team Site or Outlook";
+                #Get guest user count
+                #$settings = New-PnPMicrosoft365GroupSettings  -Identity $_.groupId -DisplayName "Group.Unified.Guest" -TemplateId "08d542b9-071f-4e16-94b0-74abb372e3d9" -Values @{"AllowToAddGuests"="false"} 
+            }
 
+ 
             [PSCustomObject]@{
                 ##add the properties from the $sharingsetting object
                 Title = $sharingsetting.Title
                 Url = $sharingsetting.Url
                 ShowPeoplePickerSuggestionsForGuestUsers = $sharingsetting.ShowPeoplePickerSuggestionsForGuestUsers
                 SharingCapability = $sharingsetting.SharingCapability
-                ExternalUserExpirationInDays = $sharingsetting.ExternalUserExpirationInDays
+                ExternalUserExpirationInDays = $sharingsetting.ExternalUserExpirationInDaysre
                 SharingAllowedDomainList = $sharingsetting.SharingAllowedDomainList
                 SharingBlockedDomainList = $sharingsetting.SharingBlockedDomainList
                 SharingDomainRestrictionMode = $sharingsetting.SharingDomainRestrictionMode
@@ -102,12 +119,19 @@ $adminConnection = Get-PnPConnection
                 RequestFilesLinkExpirationInDays = $sharingsetting.RequestFilesLinkExpirationInDays
                 RestrictContentOrgWideSearch = $sharingsetting.RestrictContentOrgWideSearch
                 DisableSharingForNonOwners = $sharingsetting.DisableSharingForNonOwnersStatus
+                SensitivityLabel = $sharingsetting.SensitivityLabel
+                SiteType = If($sharingsetting.Template -eq "GROUP#0"){"Group"} elseif ($sharingsetting.Template -eq "TEAMCHANNEL#1" -or $sharingsetting.Template -eq "TEAMCHANNEL#0"){"Team Channel"} else {"Site"}
                 ##add the properties from the $response object
                 MembersCanShare = $response.MembersCanShare
                 TenantAdminMembersCanShare = $response.TenantAdminMembersCanShare
                 RequestAccessEmail = $response.RequestAccessEmail
                 UseAccessRequestDefault = $response.UseAccessRequestDefault
                 AccessRequestSiteDescription = $response.AccessRequestSiteDescription
+                ##add m365 group settings if site is linked to a m365 group
+                m365GroupId = if($_.groupId -ne [guid]::Empty){$_.groupId}
+                m365GroupVisibility = $m365Group.Visibility
+                m365GroupAllowToAddGuests = $allowToAddGuests.Value ?? "Default"
+                m365GroupType = $groupType
             }
         }
         catch {

diff --git a/scripts/spo-get-site-sharing-settings/assets/sample.json b/scripts/spo-get-site-sharing-settings/assets/sample.json
@@ -9,7 +9,7 @@
        "Managing permissions in SharePoint is a critical aspect of maintaining data security and compliance within organisations. However, as SharePoint environments grow in complexity, manually auditing and managing permissions becomes increasingly challenging.Copilot for Microsoft m365 can access data from all the tenant, whether it’s Outlook emails, Teams chats and meetings, SharePoint and OneDrive. SharePoint is where all most documents, videos, and more are stored. Hence permission audit across sensitive sites to ensure 'Least privilege' is a must to avoid data leak while using Copilot for Microsoft m365 which makes it easier to discover content through prompts."
     ],
     "creationDateTime": "2024-08-28",
-    "updateDateTime": "2024-09-05",
+    "updateDateTime": "2024-10-27",
     "products": [
       "SharePoint",
       "Sharing settings",