{"id":4220,"date":"2024-08-13T10:50:54","date_gmt":"2024-08-13T09:50:54","guid":{"rendered":"https:\/\/www.lieben.nu\/liebensraum\/?p=4220"},"modified":"2024-08-13T10:50:54","modified_gmt":"2024-08-13T09:50:54","slug":"microsoft-teams-permission-auditing","status":"publish","type":"post","link":"https:\/\/lieben.nu\/liebensraum\/2024\/08\/microsoft-teams-permission-auditing\/","title":{"rendered":"Microsoft Teams permission auditing"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/image.cartoongen.com\/repli-aVsfJKW2Vu.webp\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">I lied, not just Teams, also Sharepoint and Onedrive!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As I am asked often how to report on specific permissions granted to individual (groups) of (internal\/external) users&#8230;.and Microsoft doesn&#8217;t have a good built-in solution, nor does the community seem to yet&#8230;.this something was just asking to be coded!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">My <a href=\"https:\/\/www.powershellgallery.com\/packages\/TeamPermissions\">TeamPermissions PowerShell module<\/a> will do exactly the above, a full report in XLSX, CSV or HTML format that contains ALL <strong>unique permissions<\/strong> for a given Team, Sharepoint site or Onedrive location for all files, folders, lists, list items etc. Example:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2024\/08\/image-3.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1824\" height=\"548\" src=\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2024\/08\/image-3.png\" alt=\"\" class=\"wp-image-4223\" srcset=\"https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2024\/08\/image-3.png 1824w, https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2024\/08\/image-3-300x90.png 300w, https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2024\/08\/image-3-1024x308.png 1024w, https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2024\/08\/image-3-768x231.png 768w, https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2024\/08\/image-3-1536x461.png 1536w\" sizes=\"auto, (max-width: 1824px) 100vw, 1824px\" \/><\/a><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">It uses the safe <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity-platform\/v2-oauth2-on-behalf-of-flow\">Entra Delegated Permission Flow<\/a> for authentication so your credentials\/tokens stay with you, but this does mean you have to run it as a Sharepoint Administrator (or Global Admin), there is no support for MI\/SPN runs yet but can be added easily if there is much demand.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Since it exports to Excel in append mode, you could run it for multiple (or all) team sites and use e.g. Pivots to view all permissions for a given user.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Do note that although some work has been done on performance, it does not scan multiple locations in parallel yet, this will be added in a future version.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2024\/08\/image-2.png\"><img loading=\"lazy\" decoding=\"async\" width=\"841\" height=\"223\" src=\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2024\/08\/image-2.png\" alt=\"\" class=\"wp-image-4222\" srcset=\"https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2024\/08\/image-2.png 841w, https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2024\/08\/image-2-300x80.png 300w, https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2024\/08\/image-2-768x204.png 768w\" sizes=\"auto, (max-width: 841px) 100vw, 841px\" \/><\/a><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Example:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\nInstall-PSResource -Name TeamPermissions -Repository PSGallery\n\n#then get xlsx\/html reports for the INT-Finance Department Team:\n\nGet-TeamPermissions -teamName \"INT-Finance Department\" -ExpandGroups -OutputFormat XLSX,HTML\n\n#Or get all permission for a Sharepoint site:\n\nGet-TeamPermissions -TeamSiteUrl \"https:\/\/tenant.sharepoint.com\/sites\/site\" -ExpandGroups -OutputFormat Default\n<\/pre><\/div>\n\n\n<p class=\"wp-block-paragraph\"><strong>Notes<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Required PS modules: PnP.PowerShell, ImportExcel<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Running multiple times will append data if you don&#8217;t move the (xlsx, csv, html) file, turning the report into a multi-location report.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I lied, not just Teams, also Sharepoint and Onedrive! As I am asked often how to report on specific permissions granted to individual (groups) of (internal\/external) users&#8230;.and Microsoft doesn&#8217;t have a good built-in solution, nor does the community seem to yet&#8230;.this something was just asking to be coded! My TeamPermissions PowerShell module will do exactly &hellip; <a href=\"https:\/\/lieben.nu\/liebensraum\/2024\/08\/microsoft-teams-permission-auditing\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Microsoft Teams permission auditing<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[4,27,32,39,43,44],"tags":[],"class_list":["post-4220","post","type-post","status-publish","format-standard","hentry","category-automation","category-microsoft-teams","category-office-365","category-powershell","category-security","category-sharepoint-online"],"_links":{"self":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts\/4220","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/comments?post=4220"}],"version-history":[{"count":0,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts\/4220\/revisions"}],"wp:attachment":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/media?parent=4220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/categories?post=4220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/tags?post=4220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}