Updated 3 months ago

9 Essential PowerShell Scripts for SharePoint Online Security

by Shan

6 min read

No Comments

As we navigate the digital age, SharePoint Online has emerged as a pivotal platform for organizational collaboration. However, with great connectivity comes great responsibility, particularly in safeguarding our digital ecosystem. Data breaches, excessive access rights, oversharing, etc., pose significant challenges in maintaining security in SharePoint Online. Recognizing that security is not a destination but a journey, we’ve compiled a set of 9 essential SPO PowerShell scripts designed to enhance your SharePoint Online security. Let’s delve into the PowerShell scripts crafted for monitoring SharePoint Online.

  1. Track SharePoint Online file activities
  2. Monitor SPO external users and their activities
  3. View SharePoint Online permissions and access

NOTE: You can easily schedule the PowerShell scripts using Windows Task Scheduler, as most of them are designed to be scheduler-friendly.

Track SharePoint Online File Activities

1. Audit SPO File Downloads to Ensure Data Integrity

A sudden increase in file downloads by an employee who usually doesn’t access such data can signal a potential insider threat or a compromised account. In these scenarios, it’s crucial to track SPO file downloads to ensure data security and compliance. Auditing file downloads in SharePoint Online helps track who accessed these documents and when aiding in detecting unauthorized access attempts or potential data breaches.

Report and Audit File Downloads in SPO – Shows the audit log of SharePoint file downloads for the last 180 days.

PowerShell script for SharePoint file downloads audit

2. Check SharePoint Online File Access to Protect Confidential Information

File access encompasses every interaction a user has with a file, including viewing, editing, or simply opening it. Monitoring file access is essential to ensure that only authorized users access sensitive information. It provides an audit trail that can help administrators understand file usage trends across the organization, and detect anomalous access patterns that may indicate a security threat.

Audit File Access in SharePoint Online – Exports report on file access, detailing which files were accessed, by whom, and when, in SharePoint Online and OneDrive.

Audit file access in SPO

3. Audit File Deletions in SharePoint Online to Prevent Data Loss

Accidental or intentional file deletions pose a real threat to data security. Consider a situation where crucial project files are mistakenly wiped from SharePoint Online by an employee. In such cases, the ability to audit SPO file deletions becomes a lifeline for administrators, allowing them to swiftly pinpoint and recover lost data. This capability is essential for maintaining seamless operations and data safety. Deleting a file also removes its version history. Additionally, review the file version history report to prevent losing valuable previous versions.

Audit File Deletion Report – Helps to monitor who deleted what file and when from SharePoint Online and OneDrive.

PowerShell script for SharePoint Online file deletion audit

Note: Also, you can use this pre-built script for retrieving all file and folder activities in SharePoint Online and OneDrive. It display file and folder activities, such as file/folder access, deletions, modifications, preview, downloads, and more. Thus, it assists to identify suspicious actions and safeguard data in the Microsoft 365 environment.


Monitor SPO External User Activities

1. View All External Users in SharePoint Online to Limit Guest Access

SharePoint Online is widely recognized for its communication and collaboration capabilities. It not only supports internal collaboration and content management but also extends its functionalities to external users. Ensuring the security of these external users is paramount, as they may have varying levels of access and could potentially present security risks. To maintain a secure environment, it’s important to verify and monitor all external users in SharePoint Online.

SharePoint Online External Users Report – Lists all external users in SharePoint Online along with their email addresses, domain name, etc.

Get all external users in SPO

2. Audit External Sharing to Safeguard SharePoint Online Assets

Identifying external users is crucial, but it’s even more important to monitor the SharePoint resources they access. Oversharing and external sharing of SharePoint Online files and documents can lead to unauthorized access to sensitive data. To safeguard confidential information from falling into the wrong hands, auditing resources shared with external users in SharePoint Online is essential.

Audit SPO External Sharing Report – Tracks who share what resources with an external user in SharePoint Online, including files shared with ‘anyone’ access, as it is a critical threat.

Audit External Sharing PowerShell script

3. Track SPO Files Accessed by External Users to Secure Sensitive Data

Collaborating with external partners or consultants on projects often requires companies to share sensitive materials through SharePoint Online. These can include project plans, financial documents, or proprietary information. This need highlights the importance of auditing external user file access. It ensures that crucial documents are accessible only to intended external parties. Moreover, it’s vital that their access is revoked after the collaboration ends, protecting the company’s sensitive data.

External User File Access Report – Displays a list of files accessed by external users and the corresponding access timestamps.

PowerShell script for SharePoint external user file access


View SharePoint Online Permissions and Access

1. Detect SharePoint Group Membership Changes to Block Unauthorized Access

In SharePoint Online, changes to group memberships can have significant security implications. For example, if an employee is mistakenly added to a sensitive project group, it could lead to unauthorized access to confidential information. By auditing group membership changes, organizations can quickly identify and rectify such errors, ensuring that access permissions remain appropriate and data protection is upheld. Regular auditing of group memberships is essential for maintaining a secure SharePoint environment.

Audit SPO Group Membership Changes – Tracks changes in SharePoint Online group membership, such as additions and removals of members.

Audit SPO Group Membership Changes

Unauthenticated sharing, such as the use of anonymous links, offers the simplest method for sharing content externally but carries a significant risk of unintended exposure. Given that the default settings in SharePoint Online and OneDrive permit this form of sharing, it’s critical to diligently monitor such activities. That’s why auditing anonymous access in SharePoint Online is significant.

Audit Anonymous Link Access Report – Helps to monitor creation, modification, removal, and access of anonymous links in SharePoint Online and OneDrive.

Audit Anonymous Link Access Report

3. Get the URL of Teams’ SharePoint Sites to Enhance Collaboration Security

Microsoft Teams automatically creates SharePoint sites to store shared documents. In a scenario where a team collaborates on a project using Teams, administrators need to track the SharePoint site URL. This enables them to monitor and secure shared documents effectively, ensuring data security and compliance.

View Microsoft Teams and their SharePoint URL – Lists all Teams’ site URLs, their corresponding team names, primary SMTP addresses, and access logs.

View Teams and their SharePoint URL using PowerShell script

We’ve covered a lot of ground discussing scripts to boost your SharePoint Online security. But let’s be real, manually running these scripts and checking their results can be tiresome. Wouldn’t it be great to get all the reports you need in just one click? If you’re nodding along, then AdminDroid Microsoft 365 Reporter is the solution you’ve been wishing for. It not only streamlines the process for easy handling and efficiency but also enhances security!

Secure SharePoint Online Effortlessly with AdminDroid Reports!

AdminDroid’s SharePoint Online reporting tool provides 180+ reports, simplifying the process of monitoring your SharePoint Online environment. Whether it’s site permissions, storage, inactive users, file sharing and access, or lists and document libraries, AdminDroid has got you covered.

SharePoint Site Reports:

  • All site collections & sites
  • Site external sharing configurations
  • Inactive sites
  • Inactive users by site
  • SharePoint groups
  • SharePoint group members

SharePoint Usage Reports

  • Site usage summary based on active files, file access, etc
  • User activity summary based on file access, file sharing, etc

SharePoint Online Audit Reports

  • Reports on File activities like file access, deletions, sharing, etc
  • Reports on Folder activities like creation, modification, deletion, etc
  • Reports on DLP actions

External Sharing and Permission Reports

  • Company & anonymous link creation, access, modifications, etc
  • External sharing and access reports

AdminDroid SharePoint Online Reports

Dive deeper into SharePoint with AdminDroid’s SharePoint Online auditing tool! Track SPO activities, monitor user permissions, oversee DLP actions, delve into SharePoint usage & adoption insights, and beyond! Admins can easily analyze report data and enhance SharePoint Online management effortlessly.

AdminDroid SharePoint Online Dashboard

AdminDroid isn’t just for SharePoint reporting or auditing—it goes far beyond that. It offers a treasure trove of over 1800+ detailed reports and 30+ eye-catching dashboards for Microsoft 365 administration. Explore a wide range of reports covering services such as Microsoft Entra, Exchange Online, MS Teams, Power BI, Stream, OneDrive, and more.

With real-time alerting, quick scheduling, granular delegation, and advanced customization filters, it’s the ultimate tool for managing your Microsoft 365 environment. Don’t wait, start your 15-day trial with AdminDroid today and unlock seamless Microsoft 365 management!

From tracking file activities to monitoring external user access, these scripts offer valuable insights and control over your SharePoint environment. Implementing these scripts is a step towards embracing SharePoint Online security best practices, significantly enhancing the organization’s security posture, safeguarding sensitive data, and ensuring regulatory compliance. We hope these PowerShell scripts for SharePoint Online security come in handy and prove useful. Feel free to contact us for any queries or assistance in the comments section.

Share article