powershell - Web 或 PowerShell 上的 Microsoft 365 Sharepoint 和 OneDrive 共享报告
问题描述
是否有可能通过 Web 报告或 Power Shell 提取 Microsoft 365 Sharepoint 和 OneDrive 共享报告,我可以在其中获取当前和历史信息,例如:
- 已共享且可能已共享的所有资源
- 谁、何时以及向谁共享资源
- 谁访问资源以及何时访问
我尝试使用 Excel 本地生成的标准站点使用数据,但它的信息量不是很大,尤其是在将其呈现给业务和管理层时。
解决方案
请执行以下步骤:
1.下载脚本:ExternalSharingReport.ps1
<#
=============================================================================================
Name: Office 365 external user file access report
Description: This script exports SharePoint Online external user file access report to CSV
Version: 1.0
Website: o365reports.com
Script by: O365Reports Team
For detailed script execution: https://o365reports.com/2021/05/20/audit-sharepoint-online-external-sharing-using-powershell
============================================================================================
#>
Param
(
[Parameter(Mandatory = $false)]
[Nullable[DateTime]]$StartDate,
[Nullable[DateTime]]$EndDate,
[switch]$SharePointOnline,
[switch]$OneDrive,
[string]$AdminName,
[string]$Password
)
Function Connect_Exo
{
#Check for EXO v2 module inatallation
$Module = Get-Module ExchangeOnlineManagement -ListAvailable
if($Module.count -eq 0)
{
Write-Host Exchange Online PowerShell V2 module is not available -ForegroundColor yellow
$Confirm= Read-Host Are you sure you want to install module? [Y] Yes [N] No
if($Confirm -match "[yY]")
{
Write-host "Installing Exchange Online PowerShell module"
Install-Module ExchangeOnlineManagement -Repository PSGallery -AllowClobber -Force
}
else
{
Write-Host EXO V2 module is required to connect Exchange Online.Please install module using Install-Module ExchangeOnlineManagement cmdlet.
Exit
}
}
Write-Host Connecting to Exchange Online...
#Storing credential in script for scheduling purpose/ Passing credential as parameter - Authentication using non-MFA account
if(($AdminName -ne "") -and ($Password -ne ""))
{
$SecuredPassword = ConvertTo-SecureString -AsPlainText $Password -Force
$Credential = New-Object System.Management.Automation.PSCredential $AdminName,$SecuredPassword
Connect-ExchangeOnline -Credential $Credential
}
else
{
Connect-ExchangeOnline
}
}
$MaxStartDate=((Get-Date).AddDays(-89)).Date
#Getting external user file access for past 90 days
if(($StartDate -eq $null) -and ($EndDate -eq $null))
{
$EndDate=(Get-Date).Date
$StartDate=$MaxStartDate
}
$startDate
#Getting start date to generate external sharing report
While($true)
{
if ($StartDate -eq $null)
{
$StartDate=Read-Host Enter start time for report generation '(Eg:04/28/2021)'
}
Try
{
$Date=[DateTime]$StartDate
if($Date -ge $MaxStartDate)
{
break
}
else
{
Write-Host `nExternal sharing report can be retrieved only for past 90 days. Please select a date after $MaxStartDate -ForegroundColor Red
return
}
}
Catch
{
Write-Host `nNot a valid date -ForegroundColor Red
}
}
#Getting end date to generate external sharing report
While($true)
{
if ($EndDate -eq $null)
{
$EndDate=Read-Host Enter End time for report generation '(Eg: 04/28/2021)'
}
Try
{
$Date=[DateTime]$EndDate
if($EndDate -lt ($StartDate))
{
Write-Host End time should be later than start time -ForegroundColor Red
return
}
break
}
Catch
{
Write-Host `nNot a valid date -ForegroundColor Red
}
}
$OutputCSV=".\ExternalSharingReport_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
$IntervalTimeInMinutes=1440 #$IntervalTimeInMinutes=Read-Host Enter interval time period '(in minutes)'
$CurrentStart=$StartDate
$CurrentEnd=$CurrentStart.AddMinutes($IntervalTimeInMinutes)
#Check whether CurrentEnd exceeds EndDate
if($CurrentEnd -gt $EndDate)
{
$CurrentEnd=$EndDate
}
if($CurrentStart -eq $CurrentEnd)
{
Write-Host Start and end time are same.Please enter different time range -ForegroundColor Red
Exit
}
Connect_EXO
$AggregateResults = @()
$CurrentResult= @()
$CurrentResultCount=0
$AggregateResultCount=0
Write-Host `nRetrieving external sharing events from $StartDate to $EndDate...
$ProcessedAuditCount=0
$OutputEvents=0
$ExportResult=""
$ExportResults=@()
while($true)
{
#Getting exteranl sharing audit data for given time range
$Results=Search-UnifiedAuditLog -StartDate $CurrentStart -EndDate $CurrentEnd -Operations "Sharinginvitationcreated,AnonymousLinkcreated,AddedToSecureLink" -SessionId s -SessionCommand ReturnLargeSet -ResultSize 5000
$ResultCount=($Results | Measure-Object).count
foreach($Result in $Results)
{
$ProcessedAuditCount++
$MoreInfo=$Result.auditdata
$Operation=$Result.Operations
$AuditData=$Result.auditdata | ConvertFrom-Json
$Workload=$AuditData.Workload
#Filter for SharePointOnline external Sharing events
If($SharePointOnline.IsPresent -and ($Workload -eq "OneDrive"))
{
continue
}
If($OneDrive.IsPresent -and ($Workload -eq "SharePoint"))
{
continue
}
#Check for Guest sharing
if($Operation -ne "AnonymousLinkcreated")
{
If($AuditData.TargetUserOrGroupType -ne "Guest")
{
continue
}
$SharedWith=$AuditData.TargetUserOrGroupName
}
else
{
$SharedWith="Anyone with the link can access"
}
$ActivityTime=Get-Date($AuditData.CreationTime) -format g
$SharedBy=$AuditData.userId
$SharedResourceType=$AuditData.ItemType
$sharedResource=$AuditData.ObjectId
$SiteURL=$AuditData.SiteURL
#Export result to csv
$OutputEvents++
$ExportResult=@{'Shared Time'=$ActivityTime;'Sharing Type'=$Operation;'Shared By'=$SharedBy;'Shared With'=$SharedWith;'Shared Resource Type'=$SharedResourceType;'Shared Resource'=$SharedResource;'Site url'=$Siteurl;'Workload'=$Workload;'More Info'=$MoreInfo}
$ExportResults= New-Object PSObject -Property $ExportResult
$ExportResults | Select-Object 'Shared Time','Shared By','Shared With','Shared Resource Type','Shared Resource','Site URL','Sharing Type','Workload','More Info' | Export-Csv -Path $OutputCSV -Notype -Append
}
Write-Progress -Activity "`n Retrieving external sharing events from $CurrentStart to $CurrentEnd.."`n" Processed audit record count: $ProcessedAuditCount"
$currentResultCount=$CurrentResultCount+$ResultCount
if($CurrentResultCount -ge 50000)
{
Write-Host Retrieved max record for current range.Proceeding further may cause data loss or rerun the script with reduced time interval. -ForegroundColor Red
$Confirm=Read-Host `nAre you sure you want to continue? [Y] Yes [N] No
if($Confirm -match "[Y]")
{
Write-Host Proceeding audit log collection with data loss
[DateTime]$CurrentStart=$CurrentEnd
[DateTime]$CurrentEnd=$CurrentStart.AddMinutes($IntervalTimeInMinutes)
$CurrentResultCount=0
$CurrentResult = @()
if($CurrentEnd -gt $EndDate)
{
$CurrentEnd=$EndDate
}
}
else
{
Write-Host Please rerun the script with reduced time interval -ForegroundColor Red
Exit
}
}
if($Results.count -lt 5000)
{
#$AggregateResultCount +=$CurrentResultCount
if($CurrentEnd -eq $EndDate)
{
break
}
$CurrentStart=$CurrentEnd
if($CurrentStart -gt (Get-Date))
{
break
}
$CurrentEnd=$CurrentStart.AddMinutes($IntervalTimeInMinutes)
$CurrentResultCount=0
$CurrentResult = @()
if($CurrentEnd -gt $EndDate)
{
$CurrentEnd=$EndDate
}
}
}
If($OutputEvents -eq 0)
{
Write-Host No records found
}
else
{
Write-Host `nThe output file contains $OutputEvents audit records
if((Test-Path -Path $OutputCSV) -eq "True")
{
Write-Host `nThe Output file availble in $OutputCSV -ForegroundColor Green
$Prompt = New-Object -ComObject wscript.shell
$UserInput = $Prompt.popup("Do you want to open output file?",`
0,"Open Output File",4)
If ($UserInput -eq 6)
{
Invoke-Item "$OutputCSV"
}
}
}
#Disconnect Exchange Online session
Disconnect-ExchangeOnline -Confirm:$false -InformationAction Ignore -ErrorAction SilentlyContinue
脚本亮点:
- 该脚本使用新式身份验证连接到 Exchange Online。
- 该脚本也可以使用启用 MFA 的帐户执行。
- 将报告结果导出到 CSV 文件。
- 允许您为自定义期间生成外部共享报告。
- 确认后自动安装 EXO V2 模块(如果尚未安装)。
- 该脚本对调度程序友好。即,凭据可以作为参数传递,而不是保存在脚本中。
导出 SharePoint Online 和 OneDrive 外部共享活动报告。
#Execute script with MFA and non-MFA account
./ExternalSharingReport.ps1
#Execute script by explicitly mentioning credential (Scheduler friendly)
#./ExternalSharingReport.ps1 -AdminName Admin@contoso.com -Password xxxx
如果您想获取 OneDrive 外部共享活动,请使用“OneDrive”开关参数运行脚本。
./ExternalSharingReport.ps1 -OneDrive
要在线审核 SharePoint 中的外部共享活动,您可以使用“SharePoint”开关参数运行脚本。
./ExternalSharingReport.ps1 -SharePointOnline
如果您想获取在特定时间范围内与外部用户共享的资源列表,您可以使用“StartDate”和“EndDate”参数运行脚本。
#The exported report contains list of files and folders that are shared with external users from April 13, 2021 to May 14, 2021.
./ExternalSharingReport.ps1 -StartDate 4/13/21 -EndDate 5/14/21
要获取有关文件和文件夹共享的月度报告,您可以按如下方式运行脚本
./ExternalSharingReport.ps1 -StartDate ((Get-Date).AddDays(-30)) -EndDate (Get-Date)
推荐阅读
- laravel - Laravel Virgin:在 phpunit 集成测试中设置和销毁数据库
- machine-learning - 使用一个变量的随机森林
- vue.js - 如何在 vue.js 中实现完全喜欢的面包屑
- oracle - 使用 binary_ai 和语言搜索/comp 避免性能缺陷
- angular7 - 列表已更新但值未反映在 angular7 的 HTML 中?
- javascript - 我怎样才能创建一个帖子,我有两个猫鼬模型互相引用
- azure-pipelines - 如何在自托管代理中配置不同版本的 Ruby/任何其他软件?
- excel - 连接字符串数组作为过滤器的多个条件
- visual-studio-code - 自动建议在 Visual Studio Code 中未按预期工作
- mysql - 具有压缩行格式的 MySQL:错误代码:1709。索引列大小太大。最大列大小为 767 字节