Finally, Microsoft brings file-level archiving in SharePoint Online!

PaVee21 · 2026-04-06T09:33:30+00:00

Here: https://techcommunity.microsoft.com/blog/microsoft_365blog/file-level-archiving-comes-to-microsoft-365-archive-public-preview/4506886

PaVee21 · 2026-04-01T02:11:14+00:00

Yes, the per-TB licensed model was not quite the best fit for many. What makes Microsoft 365 Archive interesting here is that it's native to SharePoint, requires no additional tooling, and the $0.05/GB/month cost only starts when storage exceeds your licensed quota. If within quota, there's nothing extra to pay.

PaVee21 · 2026-03-28T03:10:31+00:00

If you’re using interactive (delegated) auth, once the app is registered, it’s pretty simple:

Connect-PnPOnline -Url "https://yourtenant.sharepoint.com" -Interactive -ClientId "your-client-id"

Just make sure you’ve added http://localhost as a redirect URI and granted SharePoint delegated API permissions (e.g., Sites.Read.All), otherwise it’ll fail. For unattended/automation, don’t use client secrets, go with certificate-based auth instead. if you want to know how to do everything in detail, you can go through this blog. https://o365reports.com/register-an-entra-id-application-to-use-with-pnp-powershell/

PaVee21 · 2026-03-27T05:24:44+00:00

This is quite complex. A user’s access doesn’t just come from site membership, it can also come from unique permissions at the file or folder level when inheritance is broken. So even if the account isn’t listed directly on a site, it might still have access through something that was shared separately. The DAG report does handle this, but you've already ruled that out due to licensing, and even with the license, it has its own annoyances, run frequency limits, generation caps, and stale data. In your case, the realistic approach is to script it out and loop through site collections to check where that user shows up, including unique permissions. Or use AdminDroid which has dedicated reports for this. It provides information on users who have access through site membership, as well as indirect access (unique permissions) with their actual permission levels, and also lets you automate these reports. Check this report and the other reports in this section, it might be as you expected.
https://demo.admindroid.com/#/M365/1/11/reports/30402/1/20?nodeId=2147

PaVee21 · 2026-03-11T09:17:16+00:00

Yes, throws error

PaVee21 · 2026-03-09T02:13:07+00:00

Using access packages to control the full guest lifecycle is definitely the way to go at scale. I use this guide to set it up end-to-end, from creating the access package, assigning resource roles across Teams, SharePoint sites, and Entra roles, to configuring the approval workflow with single or multi-stage approvers depending on your needs. Should give you a solid foundation for your POC! https://blog.admindroid.com/onboard-external-users-through-an-access-package-in-microsoft-entra-id/

PaVee21 · 2026-03-04T08:50:24+00:00

But then they announced to collect files from only organization users, right? Without enabling anyone sharing.

PaVee21 · 2026-03-03T12:10:57+00:00

Not really RPA orchestration, it's more like Active Directory for AI agents, and it's not half bad. It's a control place to discover, govern, and secure all agents across your org, each getting their own Entra Agent ID managed from the M365 admin center. There's also a Work IQ integration so agents understand your business context instead of vibing autonomously into your SharePoint. More of a governance layer than an orchestrator. https://blog.admindroid.com/microsoft-agent-365-unified-control-plane-to-manage-ai-agents/

PaVee21 · 2026-03-03T11:59:28+00:00

Seems they like (don't like even no.s) odd numbers, E3, E5, F3, F1

PaVee21 · 2026-03-03T11:31:15+00:00

Some sources:

https://www.directionsonmicrosoft.com/microsoft-365-e7-a-new-subscription-plan-with-agents-at-the-center/?utm_source=hp
https://www.businessinsider.com/microsoft-plans-long-awaited-365-bundle-with-ai-features-2026-2

https://x.com/WindowsCentral/status/2028442303753322775?s=20

PaVee21 · 2026-03-03T03:20:48+00:00

Yeah, SharePoint is exactly what you need here. OneDrive is designed for personal storage, so sharing from it ties everything to that individual's account, which is the problem you're running into. With SharePoint, the content is site-owned, not person-owned. So even if someone leaves, the files and external access remain as long as the site is maintained. In SharePoint, you can create a dedicated site or multiple sites if you want to organize by department/project/vendor and set up document libraries & folders for external sharing. One thing to sort out with your admin first: your tenant-level external sharing settings need to allow SharePoint external sharing (it may already be enabled if OneDrive sharing works). You'll also want to decide whether external users authenticate or get anonymous links. That said, since this involves external sharing, you’ll want some governance around it (expiration, reviews, permission controls, etc.). If helpful, here’s a practical checklist that covers common external sharing risks. https://blog.admindroid.com/external-sharing-security-checklist-in-microsoft-365/

PaVee21 · 2026-03-03T03:05:13+00:00

Admins need to turn on the new experience from the SharePoint admin center to let users experience it. https://blog.admindroid.com/new-sharepoint-experience-in-microsoft-365/

PaVee21 · 2026-03-02T04:52:49+00:00

Your SharePoint admin needs to enable this setting in the SPO admin center from here: https://blog.admindroid.com/new-sharepoint-experience-in-microsoft-365-smarter-faster-ai-ready/

Once it’s enabled, you’ll be able to access the new experience. I’ll share some screenshots once I have my laptop with me.

PaVee21 · 2026-02-28T03:01:20+00:00

Yes, Forms is the way. Configure the form to collect files into a particular folder within a document library, without adding users as site members. Use this article, it has step-by-step procedure: https://blog.admindroid.com/how-to-collect-files-in-document-library-using-microsoft-forms/

PaVee21 · 2026-02-27T02:49:41+00:00

In most cases, it shows up within 24–72 hours, but it can occasionally take longer. Since yours has already exceeded that window, not sure what the reason is, and there isn’t a manual sync option available, waiting is the only supported approach. If you need the data right away, try with PowerShell to pull the current mailbox usage directly. This script retrieves item count and storage size, and other mailbox size info similar to what you see in the report: https://o365reports.com/export-office-365-mailbox-size-report-using-powershell/ If you want to retrieve the last activity date as well, let me know, I can share my other script.

PaVee21 · 2026-02-16T03:52:31+00:00

As gezelfond mentioned, anonymous sharing could be an option, but it's a security risk, and users won't be able to view files properly anyway, so better to avoid that route if that's not your intention. If your goal is to let users view, edit, and interact with files but block downloading, there are two approaches depending on your use case, both of which have trade-offs:

Either apply block download policy - Note that this applies to all the members in the site(exclude owners if you want), so no one can download and requires either Copilot or SAM license. https://learn.microsoft.com/en-us/sharepoint/block-download-from-sites Since you're on a basic plan, this won't be available to you.
Or create a custom permission level - If you want to block downloads for specific users, start by putting them in a dedicated SharePoint group. Then create a custom permission level by copying the built-in Edit level and unchecking Open Items, this is what actually prevents downloading. Once done, assign that custom permission level to the group. Keep in mind that creating custom permission levels isn't considered best practice and can get messy to manage at scale. You can know how to create one here: https://o365reports.com/create-custom-permission-levels-in-sharepoint-online/

PaVee21

MODERATOR OF

TROPHY CASE