Updates from: 09/19/2024 01:11:10
Service Microsoft Docs article Related commit history on GitHub Change details
SharePoint Data Access Governance Reports https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/data-access-governance-reports.md
Previously updated : 07/02/2024 Last updated : 09/18/2024 Title: "Data access governance reports for SharePoint sites"
When a report is ready, select the name of the report to view the data. Each sha
You can also download the reporting as a .csv file for up to 10,000 sites.
+> [!NOTE]
+> If you have SharePoint SharePoint Premium - SharePoint Advanced Management license, you can download up to 1 million sites.
+ ## Sensitivity labels for files reports
-The Sensitivity labels for files report lets you control access to sensitive content by finding sites storing [Office files that have sensitivity labels applied](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files). You can review these sites to ensure the correct policies are applied.
+The sensitivity labels for files report feature lets you control access to sensitive content by finding sites storing [Office files that have sensitivity labels applied](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files). You can review these sites to ensure the correct policies are applied.
### Add the reports
After you run a report, select the report to download the data. The report inclu
## Content shared with 'Everyone except external users' (EEEU) reports
+> [!IMPORTANT]
+> This report is ONLY available if you have SharePoint Premium - SharePoint Advanced Management license
+ Everyone except external users (EEEU) is part of a built-in group that represents the entire organization without any external guests. It's used in following scenarios where content needs to be visible to the entire organization: - Public sites - The site is publicly visible to users within your entire organization - Everyone except external users (EEEU) group is part of the site membership, that is, site owners/visitors/members.
When creating a report, you can select various options like create focused repor
- Template: Lists categories of SharePoint site templates (Classic sites, Communication sites, Team sites, others). You can choose multiple values or 'All sites'. - Privacy: Applicable for Team sites in the scope. You can select 'Private', 'Public' or 'All'. - Site sensitivity: Lists all sensitivity labels. Select one or many labels if you want to report to run within the scope of labeled sites. For for example: 'Identify files within sites labeled as 'Confidential', that were shared with EEEU in the last 28 days.-- Report type: To select the scenario as discussed above, that is, whether you want a report for recent 'public sites' or for recent 'public items'.
+- Report type: To select the scenario as discussed earlier, whether you want a report for recent 'public sites' or for recent 'public items'.
### Run Everyone except external users reports
To get the latest data for a report, run the report. You can run all reports or
### View EEEU reports
-Each EEEU report includes data as shown in the screenshot below
+Each EEEU report includes data as shown in the following screenshot:
:::image type="content" source="media/data-access-governance/dag-eeeu-report.png" alt-text="Screenshot that shows eeeu report details" lightbox="media/data-access-governance/dag-eeeu-report.png"::: - Up to 100 sites with highest number of items/groups shared with EEEU in the last 28 days.-- Policies applied to these sites ΓÇô [site sensitivity](/microsoft-365/compliance/sensitivity-labels-teams-groups-sites), site privacy and [site external sharing policy](external-sharing-overview.md).
+- Policies applied to these sites ΓÇô [site sensitivity](/microsoft-365/compliance/sensitivity-labels-teams-groups-sites), site privacy, and [site external sharing policy](external-sharing-overview.md).
- Primary admin for each site. > [!NOTE]
After running the report, select the report to download the data. In the report:
## Limitations or known issues - Reports work if you have nonpseudonymized report data selected for your organization. To change this setting, you must be a Global Administrator. Go to the [Reports setting in the Microsoft 365 admin center](https://admin.microsoft.com/#/Settings/Services/:/Settings/L1/Reports) and clear **Display concealed user, group, and site names in all reports**.-- Report data may be delayed by up to 48 hours. In new tenants, it can take a few days for data to be generated successfully and available for viewing.
+- Report data can be delayed for up to 48 hours. In new tenants, it can take a few days for data to be generated successfully and available for viewing.
## Remedial actions from Data access governance reports
+> [!IMPORTANT]
+> These remedial actions from DAG reports are ONLY available if you have SharePoint Premium - SharePoint Advanced Management license
+ Once you run the Data access governance reports to discover potential oversharing, the next step is to take actions to remediate such risks. We recommend considering factors like sensitivity of the content, amount of content exposed and disruption to existing status. If immediate action needs to be taken, you can configure [Restricted access control (RAC)](./restricted-access-control.md) and restrict access to a specified group (currently in preview). You can also use the ['Change history' report](./change-history-report.md) to identify recent changes to site properties that could lead to oversharing.
SharePoint Get Ready Copilot Sharepoint Advanced Management https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/get-ready-copilot-sharepoint-advanced-management.md
For business-critical sites, you want to take proactive measures to ensure the c
## Coming up
-The following policies are currently in preview and will soon be generally available. [*Sign up to participate in the preview by following instructions here*](https://forms.office.com/pages/responsepage.aspx?id=v4j5cvGGr0GRqy180BHbRw8ueKeaH4JIsskRInqtJE5UNjhYVkg5NDRNWkMxRlI0TFVDR0FYSUNGUi4u&route=shorturl).
+> [!IMPORTANT]
+> The following policies are currently in preview and will soon be generally available. [*Sign up to participate in the preview by following instructions here*](https://forms.office.com/pages/responsepage.aspx?id=v4j5cvGGr0GRqy180BHbRw8ueKeaH4JIsskRInqtJE5UNjhYVkg5NDRNWkMxRlI0TFVDR0FYSUNGUi4u&route=shorturl).
### Use the Site Ownership policy to ensure all sites have valid owners
SharePoint Restricted Sharepoint Search https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/restricted-sharepoint-search.md
As a [SharePoint Administrator](/sharepoint/sharepoint-admin-role) or [above](/m
Restricted SharePoint Search is off by default. If you decide to enable it, Copilot and non-Copilot users are able to find and use content from: - An allowed list of curated SharePoint sites set up by admins (with *up to 100 SharePoint sites*), honoring sitesΓÇÖ existing permissions.-- Content from their frequently visited SharePoint sites. - UsersΓÇÖ OneDrive files, chats, emails, calendars they have access to.
+- Files from their frequently visited SharePoint sites.
- Files that were shared directly with the users. - Files that the users viewed, edited, or created. > [!NOTE]
-> The limit of up to 100 SharePoint sites includes Hub sites, but not their associated sites. When you enable Hub sites, the associated sites of a Hub site are included in the allowed-list but do not count towards the 100-site limit. This approach allows for greater flexibility while still adhering to the existing constraints. When you are picking Hub sites, make sure all the associated sites have proper permissions.
+> - The limit of up to 100 SharePoint sites includes Hub sites, but not their associated sites. When you enable Hub sites, the associated sites of a Hub site are included in the allowed-list but do not count towards the 100-site limit. This approach allows for greater flexibility while still adhering to the existing constraints. When you are picking Hub sites, make sure all the associated sites have proper permissions.
+> - The total number of files included from the last three bullet points (frequently visited sites, files shared directly with the user, and files the users viewed, edited, or created) is limited to the last 2,000 entities.
The following diagram shows an example of an HR Hub site with eight associated sites: ![A diagram of a hub site with associated sites.](media/rss-hubsite-example.png) All eight associated sites plus the HR Hub site are counted as one site in the allowed-list.