SharePoint & OneDrive management policies

Description

This playbook helps you identify SharePoint sites that have been inactive for at least 30 days. 

It provides the site URL, the site's title, the last activity date, and the names of the site owners. Additionally, it shows the primary administrator and whether the site is marked for deletion, along with the site template type.

It's a practical tool for managing and reviewing the usage of SharePoint sites within your organization.

Remediation action

1. Send attestation to a specified recipient (optional)
2. Execute the action “Delete SharePoint site”

What you can configure

• Change the recipient of the attestation to either the site owners, a custom address, or choose not to send the attestation
• Insert an additional message
• Set time-out days (min: 1 day – max: 180 days)
• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This playbook is designed to identify SharePoint sites that allow anonymous sharing. 

It lists the URL of each site and provides the title, along with the sharing capability setting that permits anonymous access. 

This tool aids administrators in overseeing site sharing settings to ensure compliance with company policies on data security and privacy.

Remediation action

1. Send attestation to a specified recipient (optional)
2. Execute the action "Manage SharePoint external sharing" to disable external and anonymous sharing

What you can configure

• Change the recipient of the attestation to either the site owners, a custom address, or choose not to send the attestation
• Insert an additional message
• Set time-out days (min: 1 day – max: 180 days)
• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This playbook is designed to monitor SharePoint sites that have enabled anonymous sharing and are tagged with a certain sensitivity label. 

It lists files with non-empty sensitivity labels, the site URL, the primary administrator, site owners, the site title, and the sharing capability settings. Additionally, it includes the expiration settings for external users. 

This tool is essential for managing data protection policies and controlling external access to sensitive information.

Remediation action

1. Send attestation to a specified recipient (optional)
2. Execute the action "Manage SharePoint external sharing" to disable external and anonymous sharing

What you can configure

• Change the recipient of the attestation to either the site owners, a custom address, or choose not to send the attestation
• Insert an additional message
• Set time-out days (min: 1 day – max: 180 days)
• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This playbook targets SharePoint sites that permit anonymous sharing and do not have a link expiration policy.

It provides the site URL, the primary administrator, the site owners, and the date when the anonymous link was created or shared. It also lists the files involved, confirms that there is no expiration set for the anonymous links, and outlines the sharing capability settings. 

This tool is crucial for managing access control and ensuring that anonymous sharing does not compromise the organization's data security.

Remediation action

1. Send attestation to a specified recipient (optional)
2. Execute the action "Set expiration policy for anonymous links" to set a customizable expiration policy

What you can configure

• Change the recipient of the attestation to either the site owners, a custom address, or choose not to send the attestation
• Insert an additional message
• Set time-out days (min: 1 day – max: 180 days)
• Define the number of days after which the links expire
• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This playbook identifies SharePoint sites that allow external sharing without an expiration policy.

It lists the files shared, the site URL, the primary administrator, the site owners, the site title, and the sharing capability settings. 

It also shows that there is no set expiration for external users, which is important for administrators to review to ensure that sharing practices align with the organization's security policies.

Remediation action 

1. Send attestation to a specified recipient (optional)
2. Execute the action "Set expiration policy for external links" to set a customizable expiration policy

What you can configure

• Change the recipient of the attestation to either the site owners, a custom address, or choose not to send the attestation
• Define the number of days after which the links expire
• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This playbook tracks OneDrive accounts where files have been shared externally over the last 30 days.

It displays the user principal name, the date when the last file was shared, the most recent activity on the account, and the licenses assigned to the user. 

Additionally, it provides insights into the number of active files, synced files, files shared internally, and crucially, files shared outside the organization during that timeframe. 

This tool enables monitoring and governance of external file sharing activities, helping maintain data security and compliance within the organization.

Remediation action

1. Generate a report containing the list of SharePoint sites that have been shared externally in the last 30 days
2. Send the report to the designated recipients

What you can configure

• Define when to send the report
• Choose the report format (Excel, CSV, PDF)
• Insert an additional message
• Choose the report recipient(s)
• Schedule the recurrence of the remediation action

Description

This event-based playbook is set up to alert administrators about external invitations sent from SharePoint. 

It filters events by the SharePoint workload and specific operations related to invitations. The playbook also tracks the creation time of the invitation, the user ID of the person who sent it, and the object ID involved. 

This tool is crucial for monitoring and securing external access to SharePoint resources.

Remediation action

1. Send a notification to a custom email whenever a new event related to external invitations and access requests is recorded 

What you can configure

• Choose the alert recipient(s)

Description

This playbook is tailored to track OneDrive accounts with files that have been shared with external parties. 

It displays the user principal name, the date when the file was shared, the last activity date on the account, and the licenses associated with the user. It also shows the number of active files, files synced, and files shared both internally and externally over the last 30 days. 

This tool is crucial for overseeing external file sharing and maintaining data security.

Remediation action

1. Generate a report containing the list of OneDrive accounts that have been sharing files externally in the last 30 days
2. Send the report to the designated recipients

What you can configure

• Define when to send the report
• Choose the report format (Excel, CSV, PDF)
• Insert an additional message
• Choose the report recipient(s)
• Schedule the recurrence of the remediation action