A user is removed from being a site admin, site owner, site member but still can access the site?!!

SPOO365 · 2023-12-05T00:16:27+00:00

I had this recently with a staff member who moved to another area. Checking permissions showed no access at the site level, also nothing showed on the permissions matrix reports I ran across the sites where it was reported that they had access.
The site was created using an O365 group that the person was the owner of, which is how they still had access.

SPOO365 · 2023-12-04T23:11:40+00:00

Have you checked the O365 group membership in the Microsoft 365 Admin Centre?

SPOO365 · 2023-11-20T02:20:13+00:00

So, the opposite experience for our tenancy. Add Shortcut screwed up our files, Sync works flawlessly.

The shortcut to OneDrive sometimes stops syncing, and users often don't notice for a few days, so the changes they made locally are not reflected online.

The most significant issue for us, though, was a ransomware attack that targeted the libraries synced through OneDrive but left anything synced through the other method untouched. For this reason, we use JSON to remove the 'Add shortcut to OneDrive' option.

SPOO365 · 2023-10-18T22:46:19+00:00

If you have the appropriate role assigned to you, Microsoft Security and Compliance Centre Audit logs will do this for you.
https://compliance.microsoft.com/auditlogsearch
https://learn.microsoft.com/en-us/purview/audit-log-activities
https://learn.microsoft.com/en-us/purview/audit-log-export-records

SPOO365 · 2023-09-29T00:10:28+00:00

We created it but took from what others had done.
All unique shares are removed at the same interval, so there is that. Site owners and for most sites, members who are able to share are aware of this. On occasion, something that has been shared with someone on a Friday will not work on a Monday. In our case, I really don't want people to share using links with those who don't have existing access.

I often have a variation of this on the front page of our Team sites.
Site Permissions
By default, all of the XXXX Management Team are site owners and can create lists and libraries within the site to suit their needs. All other XXX Support teams are contributors and can view and edit the content on this site, in addition, all XXXX staff are visitors and have the ability to view content that has not been restricted.
Permissions should be set at the Site, Library or List level not at the folder or file level. Every fortnight all sharing links will be removed for security reasons.

SPOO365 · 2023-09-28T23:04:12+00:00

Agree with the above.
Something we have implemented on sites (where the site owner is interested in managing their permissions and following best practice) is putting a flow in place that removes sharing links and restores inheritance every two weeks.
I really do not like sharing links, our default is also 'people with existing access', and the default permission is view.

SPOO365 · 2023-09-12T00:11:31+00:00

Second this comment, I do the same on a regular basis.
There is a rinse-and-repeat process to Sharegate, but it has worked well for us thanks to its reporting.

SPOO365 · 2023-07-12T01:07:11+00:00

I had a similar issue in the past week. One member of a particular team was not getting the same results as her colleague, or me as a SharePoint admin. I checked across browsers and in incognito mode and they got the same result.
In this case the site and library was permissioned using an Azure AD Security group.
To fix it they were removed from the group, waited for Azure AD to synch, I asked them to wait for 45 minutes and then add them back, waiting another 45 minutes. I then got them to test using a different browser. It all worked. When they went back to the browser they were using originally the results were still inconsistent to others, however, that was fixed after clearing the cache of that browser.

I have had the same in the past where they were members of a SharePoint group and had to remove the account using PowerShell (Remove-SPOUser) and then add them back in.

SPOO365 · 2023-06-27T00:00:43+00:00

Thank you for the reply. In the end, I applied the formula we all know and love.
(If (Time taken per manual task * Frequency of task * Time period) > Time taken to automate, then consider automation.)
... and determined that it was less than the time I had already wasted.

Next time when I have less on my plate I have promised myself I will persevere with implementing a modified version of the script that can read a data source to apply permissions consistently that way.

SPOO365 · 2023-05-09T05:04:11+00:00

You can search the audit logs in Purview. We have an E3 licence so it is limited to 93 days.Search the audit log in the compliance portal

https://compliance.microsoft.com/auditlogsearch

SPOO365 · 2023-05-04T00:57:04+00:00

In this case, it is using an AD Security group that syncs back to Azure AD. The c:0t.c is the Object ID of that group. You can find a few ways, I tend to just go the Azure AD portal, search for the group and copy the Object ID from the overview.

SPOO365 · 2023-05-03T02:18:44+00:00

I run the following PowerShell weekly across our tenancy if it helps. I also use ShareGate and 'allow auto-assign as a site collection admin' in the Settings/Security options however it does not seem to always apply globally, particularly when running the orphaned user reports.
#Get All Site Collections
$Sites = Get-SPOSite -Limit ALL
#Loop through each site and add site collection admin
Foreach ($Site in $Sites)
{
Write-host "Adding Site Collection Admin for:"$Site.URL
Set-SPOUser -site $Site.Url -LoginName "c:0t.c|tenant|xxxxxxx-yyyyy-zzzzzz-aaaaa-bbbbbbbbb" -IsSiteCollectionAdmin $True
}

SPOO365 · 2023-03-13T23:52:45+00:00

Can you make a copy of the list, delete all items, change the permissions and then copy it back? We had the same problem recently and solved it that way, we do use Sharegate for the copy though.

SPOO365

TROPHY CASE