Closed twneale closed 7 months ago
Policy ID | Can we get required data elements from REST API? | Notes |
---|---|---|
MS.SHAREPOINT.1.3v1 Security group setting | GuestSharingGroupAllowListInTenantByGroupId : https://tenanName-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery |
Missing from both PnP & Sharepoint modules |
MS.SHAREPOINT.1.2v1 | OnedriveSharingCapability : https://tenanName-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery In the underlying JSON that comes back from the endpoint this field is named ODBSharingCapability |
Missing from PnP module |
MS.SHAREPOINT.3.2v1 | FileAnonymousLinkType : https://tenanName-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery, FolderAnonymousLinkType : https://tenanName-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery |
Missing from PnP module - This is incorrect. I found out that PnP does actually contain these fields |
MS.SHAREPOINT.4.1v1 | This setting relates to whether users can run custom scripts on OneDrive. The ability to control this setting has evidently removed as of March 2024. See https://techcommunity.microsoft.com/t5/sharepoint/removing-custom-scripting-on-sharepoint-sites/m-p/4055563. It is possible to temporarily allow this with powershell somehow. But it's no longer possible to add, remove, or modify custom scripts. I'm not sure what that means for this control. | This setting has been removed by Microsoft and is no longer in the Admin portal |
@tkol2022 Everything looks good except the OneDriveSharingCapability
. I can't find that one anywhere, including in the current provider export, so I'm not sure what's up with that one.
OneDriveSharingCapability is in the current provider export as of this morning. If your run as a service principal the field is not there so run as interactive login.
Are the PnP and Sharepoint modules both calling this API endpoint? https://tenantname-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery
Are the PnP and Sharepoint modules both calling this API endpoint? https://tenantname-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery
Thom answered yes to this when we met.
Met with Thom today and then updated the table above. We can get all of the fields via the Sharepoint REST API except for 4.1 and 4.2 (those two fields may be going away - not sure so opened a new issue for someone to perform an impact analysis).
I verified that setting MS.SHAREPOINT.4.1v1 has been removed from the MS Sharepoint admin portal so we will be removing it from the baseline. That leaves the list of settings that could potentially be retrieved by an alternative way of calling the Sharepoint REST API to a total of 3 settings. Refer to the table in an earlier comment for a list.
Based on some more recent testing, I re-verified that by calling the Sharepoint REST API https://tenantname-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery directly we can acquire all of the fields currently missing from ScubaGear. There are only 2 settings that the current version of ScubaGear does not get from the existing Powershell modules that we are using. See the first two rows in the table above.
💡 Summary
This issue expands on #143 which was to find out if a single Sharepoint configuration setting related to security groups was available in the Sharepoint REST API. There are other missing Sharepoint fields which are explored here and are listed below:
Motivation and context
We don't currently get these fields via the PnP or Sharepoint powershell cmdlets used by Scubagear, but they may be available in the REST API.
Implementation notes