External collaboration in SharePoint Online is essential for certain projects and tasks that might involve users from external organizations. External sharing in SharePoint Online and the ability to grant them access to our resources simplifies communication and bridges the collaboration gaps. However, inadvertently granting access to sensitive resources or unwanted setting changes could lead to potential data loss. Remember that external users can create folders and upload files to authorized sites if the required permission has been given. It raises the risk of malicious file uploads, a significant security concern. Therefore, it is crucial to securely share SPO sites and monitor the files & folders created by external users to secure your data. Let’s dive in!
Manage SharePoint Resources Created by External Users in Microsoft 365
In native admin centers, admins can get external sharing report, SharePoint usage, data governance report, etc. However, they don’t provide an option to view a list of SharePoint Online files and folders created by external users. So, admins must go with SharePoint PnP PowerShell. Using the Get-PnPListItem cmdlet, they can retrieve items created by external users. However, customizing this data to meet specific needs is difficult and time consuming.
No worries! We have crafted a PowerShell script to solve all your specific cases efficiently within seconds!
Script Highlights
- The script automatically verifies and installs the PnP module (if not installed already) upon your confirmation.
- Retrieves all files and folders created by external users for all sites.
- Gets files and folders created by external users on a specific site.
- Finds files and folders created by a specific external user.
- Allows to filter the data to display either files or folders created by external users.
- The script can be executed with an MFA-enabled account too.
- The script supports Certificate-based authentication (CBA) too.
- Exports the report results to a CSV file.
Download Script: ListSPOItemsCreatedbyExternalUsers.ps1
Sample Output
The script verifies and exports all the files and folders created by the external users for all SharePoint Online sites with the following attributes:
- Site Name
- Site URL
- File/Folder Name
- Created External User
- Resource Type
- Created On
- Relative URL
SharePoint Online Files & Folders Created by External Users – Script Execution Methods
- Download the script.
- Start the Windows PowerShell.
- Select any of the methods provided to execute the script.
Method 1: You can run the script with MFA and non-MFA accounts
1 |
./ListSPOItemsCreatedbyExternalUsers.ps1 |
This example lets you export all the files and folders created by external users for each site into a CSV file.
Note: When running the script, you will need to authorize for each site available in the organization. So, we recommend using method 3 (Certificate-based authentication) when running the script to avoid sign-in prompts for each site. You can also pass credentials to avoid sign-in prompts, if required.
Method 2: You can explicitly pass credentials (username and password) and execute the script.
1 |
./ListSPOItemsCreatedbyExternalUsers.ps1 -UserName <UPN> -Password <Password> |
You can schedule the script using task scheduler for non-MFA admin accounts.
Method 3: You can also run the script using certificate-based authentication, which is also scheduler friendly. When you want to run the script unattended, you can choose this method. To do this, you must register the app in Azure AD.
1 |
./ListSPOItemsCreatedbyExternalUsers.ps1 -TenantId <TenantId> -ClientID <AppId> -CertificateThumbPrint <CertThumbPrint> |
You can use either a certificate issued by a recognized certificate authority (CA) or create a self-signed SSL certificate.
Monitor SharePoint Files and Folders Created by External Users in Microsoft 365
Utilize the PowerShell script and get customized solutions tailored to your specific needs. Explore the cases below.
- Find all external users’ files and folders in SharePoint Online
- Get all the files & folders created by external users in a specific SharePoint site
- Find a list of files & folders created by external users in multiple sites
- Get all files & folders created by a specific external user
- Get all the files created by external users
- Get all the folders created by external users
1. Find all External Users’ Files and Folders in SPO
Managing SharePoint Online resources effectively involves not just monitoring file and folder storage consumption but also keeping an eye on content created by external users. This helps to mitigate attacks and verify that the files are not malicious.
To find a list of files and folders created by external users in SharePoint Online, run the below cmdlet.
1 |
./ListSPOItemsCreatedbyExternalUsers.ps1 |
Admins can retrieve the file/folder name, who created the item, creation time, respective site, and more.
Note: Admins can also get all the external users in SharePoint Online, to find the list of all the external users who have access to the resources in your organization. Also, you can export all document library in SPO to verify the files & folder count, library size, etc., and to optimize storage.
2. Get all the Files & Folders Created by External Users in a Specific SharePoint Site
Organizations allow external users only to the required site based on their needs. Admins must monitor the external user file access, files or folder creation, and file deletions that happen on the site. In such scenarios, admins can run the script by specifying the respective site URL in the ‘-SiteAddress’ parameter.
1 |
./ListSPOItemsCreatedbyExternalUsers.ps1 -SiteAddress ‘https://contoso.sharepoint.com/sites/Solution’ |
In the above format, admins will get all the external users’ files and folders created in the ‘Solution’ site.
Sample Output:
Note: If you want to limit external user access in SharePoint Online, you can set guest access expiration to allow access only for a certain period.
3. Find a List of Files & Folders Created by External Users in Multiple Sites
In larger organizations, external users might be involved in multiple projects and granted access to multiple sites. In such scenarios, you can specify all the desired site’s URLs in a CSV file. Then, run the script by including the path to your CSV file in the ‘-SitesCsv’ parameter.
1 |
./ListSPOItemsCreatedbyExternalUsers.ps1 -SitesCsv <filepath> |
Remember that you should provide the list of site URLs with a column name ‘SitesUrl’.
Sample Input:
Also, admins can find critical file downloads in SharePoint Online to avoid data misuse.
4. Get all Files & Folders Created by a Specific External User
In some cases, admins may want to track the files or folders created by a specific external user. For instance, inactive external users might have uploaded sensitive files, which need to be monitored to ensure they are not left accessible or unmanaged. To achieve this, run the script by providing the respective username in the ‘-CreatedBy’ parameter.
1 |
./ListSPOItemsCreatedbyExternalUsers.ps1 -CreatedBy ‘peter@brandglobal.com’ |
The exported result will show the files and folders created by peter in your organization. While handling external users in critical projects, admins can consider following the best practices for sharing files and folders with anonymous users.
Tip: You can also use a PS script to export the version history details of files created by a specific user.
5. Get all the Files Created by External Users in SPO
External users creating files on a site does not often happen in many cases. So, admins might want to find all the files created by external users in SharePoint Online. To achieve this, run the script with the ‘-FilesOnly’ parameter.
1 |
./ListSPOItemsCreatedbyExternalUsers.ps1 -FilesOnly |
The exported result displays all the files created by external users in SPO, eliminating noise in the report.
You can also pass ‘-CreatedBy’ and ‘-SiteAddress’ parameters as shown below to get all the files created by a specific user in a specific site.
1 |
./ListSPOItemsCreatedbyExternalUsers.ps1 -FilesOnly –CreatedBy peter@contoso.com -SiteAddress ‘https://contoso.sharepoint.com/sites/Solution’ |
The results will show all the files created by peter in the ‘Solution’ site.
6. Get all the SPO Folders Created by External Users
If admins want to export all the SharePoint Online folders created by external users, run the script with the ‘-FoldersOnly’ parameter as shown below.
1 |
./ListSPOItemsCreatedbyExternalUsers.ps1 -FoldersOnly |
Admins can retrieve all the folders created by external users in the organization.
Things to Consider…
- Remember that the script will verify and provide the files or folders created by external users on sites in which you are the Site Admin or Site Owner. For other sites, you will get errors like ‘Access is denied’ or ‘unauthorized operation’ while execution.
- Use the Certificate-based authentication (CBA) method to avoid ‘Access denied’ errors and to get the files or folders created by external users on sites even if you are not a Site Admin or Site Owner.
- Ensure that you have the PowerShell 7 version to run the script.
The above script will list all the files or folders created by external users. For efficient external user management and external sharing, admins require a lot more details. AdminDroid SharePoint Online management tool covers everything! It includes
- Files shared by external users
- Files shared to external users
- File/Folder accesses by external users
- File/Folder deletions and restorations
- Anonymous user activities
- Anonymous link sharing
- Anonymous link accessed, and more
AdminDroid stands out with its detailed reports, stunning graphs, customizable data, alert generation capabilities, etc.! Also, it provides 1800+ reports and 30+ dashboards on Microsoft 365 services, including Teams, OneDrive, Azure AD, Exchange, etc., to enhance overall Microsoft 365 management.
Download AdminDroid today to step up your external user management effectively and improve security!
Hope this blog provides steps to solve the specific requirements for admins to find the files & folders created by external users in SharePoint Online. Drop your queries in the comment section.