Determine whether calling the Sharepoint REST API directly can acquire numerous fields missing in the PnP and Sharepoint cmdlets

[twneale]

💡 Summary

This issue expands on #143 which was to find out if a single Sharepoint configuration setting related to security groups was available in the Sharepoint REST API. There are other missing Sharepoint fields which are explored here and are listed below:

• For Pnp = MS.SHAREPOINT.1.2v1
• For PnP = MS.SHAREPOINT.3.2v1
• For PnP & Sharepoint = MS.SHAREPOINT.4.1v1

Motivation and context

We don't currently get these fields via the PnP or Sharepoint powershell cmdlets used by Scubagear, but they may be available in the REST API.

Implementation notes

• [ ] Via proof of concept #957 determine if these fields are available.

[twneale]

Policy ID	Can we get required data elements from REST API?	Notes
MS.SHAREPOINT.1.3v1 Security group setting	GuestSharingGroupAllowListInTenantByGroupId: https://tenanName-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery	Missing from both PnP & Sharepoint modules
MS.SHAREPOINT.1.2v1	OnedriveSharingCapability: https://tenanName-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery In the underlying JSON that comes back from the endpoint this field is named ODBSharingCapability	Missing from PnP module
MS.SHAREPOINT.3.2v1	FileAnonymousLinkType: https://tenanName-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery, FolderAnonymousLinkType: https://tenanName-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery	Missing from PnP module - This is incorrect. I found out that PnP does actually contain these fields
MS.SHAREPOINT.4.1v1	This setting relates to whether users can run custom scripts on OneDrive. The ability to control this setting has evidently removed as of March 2024. See https://techcommunity.microsoft.com/t5/sharepoint/removing-custom-scripting-on-sharepoint-sites/m-p/4055563. It is possible to temporarily allow this with powershell somehow. But it's no longer possible to add, remove, or modify custom scripts. I'm not sure what that means for this control.	This setting has been removed by Microsoft and is no longer in the Admin portal

@tkol2022 Everything looks good except the OneDriveSharingCapability. I can't find that one anywhere, including in the current provider export, so I'm not sure what's up with that one.

[tkol2022]

OneDriveSharingCapability is in the current provider export as of this morning. If your run as a service principal the field is not there so run as interactive login.

[tkol2022]

Are the PnP and Sharepoint modules both calling this API endpoint? https://tenantname-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery

[tkol2022]

Are the PnP and Sharepoint modules both calling this API endpoint? https://tenantname-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery

Thom answered yes to this when we met.

[tkol2022]

Met with Thom today and then updated the table above. We can get all of the fields via the Sharepoint REST API except for 4.1 and 4.2 (those two fields may be going away - not sure so opened a new issue for someone to perform an impact analysis).

[tkol2022]

I verified that setting MS.SHAREPOINT.4.1v1 has been removed from the MS Sharepoint admin portal so we will be removing it from the baseline. That leaves the list of settings that could potentially be retrieved by an alternative way of calling the Sharepoint REST API to a total of 3 settings. Refer to the table in an earlier comment for a list.

[tkol2022]

Based on some more recent testing, I re-verified that by calling the Sharepoint REST API https://tenantname-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery directly we can acquire all of the fields currently missing from ScubaGear. There are only 2 settings that the current version of ScubaGear does not get from the existing Powershell modules that we are using. See the first two rows in the table above.