Archives pour la catégorie SHAREPOINT

SHAREPOINT

Sharepoint user profils – disable one drive access

If some users are licensed to use OneDrive, but you don’t want them to create a OneDrive (perhaps for regulatory reasons), you can prevent them from doing so. Note that if a user already created a OneDrive, changing the following setting won’t delete it.

  1. Sign in to Office 365 as a global admin or SharePoint admin.

  2. Select the app launcher icon The app launcher icon in Office 365 in the upper-left and choose Admin to open the Office 365 admin center. (If you don’t see the Admin tile, you don’t have Office 365 administrator permissions in your organization.)

  3. In the left pane, choose Admin centers > SharePoint.
  4. Click user profiles in the left pane.
  5. Under People, click Manage User Permissions.

    The Manage User Permissions link on the user profiles page

  6. By default, everyone except external users are allowed to create a OneDrive. Remove that group and add specific groups to allow only a subset of licensed users to create a OneDrive.

    The permissions dialog box for controlling who can create a OneDrive

  7. Click OK.
SHAREPOINT

Block or limit access to specific SharePoint site collections or OneDrive accounts

https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices

To block or limit access to specific sites, you must set the organization-wide policy to « Allow full access from desktop apps, mobile apps, and the web. »

 

    • Sign in to Office 365 as a global admin or SharePoint admin.

    • Select the app launcher icon The app launcher icon in Office 365 in the upper-left and choose Admin to open the Office 365 admin center. (If you don’t see the Admin tile, you don’t have Office 365 administrator permissions in your organization.)

    • In the left pane, choose Admin centers > SharePoint.
    • In the SharePoint admin center, click access control.
    • Select Allow full access from desktop apps, mobile apps, and the web.
    • Click OK.The limited access setting on the access control page

Then follow these steps to manually create a policy in the Azure AD admin center and run PowerShell cmdlets.

    1. In the Azure AD admin center, select Conditional access, and then click Add.
    2. Under Users and groups, select whether you want the policy to apply to all users or only specific security groups.
    3. Under Cloud apps, select Office 365 SharePoint Online.
    4. Under Conditions, select both Mobile apps and desktop clients and Browser.
    5. Under Session, select Use app enforced restrictions. This tells Azure to use the settings you’ll specify in SharePoint.
    6. Enable the policy and save it.Creating a policy in the Azure AD admin center to use app-enforced restrictions
    7. Download the latest SharePoint Online Management Shell.
    8. Connect to SharePoint Online as a global admin or SharePoint admin in Office 365. To learn how, see Getting started with SharePoint Online Management Shell.
    9. To block access, run Set-SPOSite -Identity https://<SharePoint online URL>/sites/<name of site collection or OneDrive account> -ConditionalAccessPolicy BlockAccess.
    10. To limit access, run Set-SPOSite -Identity https://<SharePoint online URL>/sites/<name of site collection or OneDrive account> -ConditionalAccessPolicy AllowLimitedAccess.

Policy recommandations
https://docs.microsoft.com/en-us/microsoft-365/enterprise/sharepoint-file-access-policies

POWERSHELL Office365, SHAREPOINT

SharePoint Online Management Shell

Download sharepoint Online Management Shell

https://www.microsoft.com/en-us/download/details.aspx?id=35588

connection
$adminUPN= »<the full email address of a SharePoint administrator account, example: jdoe@contosotoycompany.onmicrosoft.com> »
$orgName= »<name of your Office 365 organization, example: contosotoycompany> »
$userCredential = Get-Credential -UserName $adminUPN -Message « Type the password. »
Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential

tester Get-SPOSite
Lister commande: Get-Command -Module « online »

cmdlet
https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/index?view=sharepoint-ps

 

SHAREPOINT

Default link – sharing

To change the setting, navigate to the SharePoint Online admin center:

  1. Sign in to Office 365 as a global admin or SharePoint admin.
  2. Select the app launcher icon The app launcher icon in Office 365 in the upper-left and choose Admin to open the Office 365 admin center. (If you don’t see the Admin tile, you don’t have Office 365 administrator permissions in your organization.)
  3. In the left pane, choose Admin centers > SharePoint.
  1. In the left pane, choose sharing.
  2. Under Default link type choose the option you want to show by default when a user gets a link.

    Default link type dialog box

  3. Under Default link permission choose whether you want the default permission to be view or edit.

    Screenshot of default link permissions which are view and edit.

  1. In the left pane, choose site collections.
  2. Select the site collection that you want to change, and then click Sharing.
  3. Under Default link type, clear the Respect default organization setting check box, and then choose the option you want to show by default when a user gets a link.

    Screenshot of default link type settings for a site collection

  4. Under Default link permission, clear the Respect default organization setting check box, and then choose whether you want the default permission to be view or edit.

    Screenshot of default link permissions setting for a site collection

  5. Click Save.

gouvernance et securite, SHAREPOINT

Office 365 Groups vs Azure AD Security Groups

Office 365 Groups vs Azure AD Security Groups

probleme d’acces via groupe office365, recherche de site, hung workflow

https://threewill.com/office-365-groups-vs-azure-ad-security-groups/

mail enabled security group or not
https://www.imanami.com/mail-enable-an-active-directory-security-group-or-not/

best practise:
Do not add AD group directly to the site! Create a SharePoint group and add an AD group inside of a SharePoint group.

SHAREPOINT

sharepoint liens utiles

en cours

script connexion sharepoint
$adminUPN= »@mail »
$orgName= »domaine sharepoint »
$userCredential = Get-Credential -UserName $adminUPN -Message « Type the password. »
Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential

Deconnexion sharepoint

Disconnect-SPOService

https://technet.microsoft.com/fr-fr/library/fp161372.aspx

powershell groupe et permissions sharepoint

https://www.sherweb.com/blog/how-to-use-powershell-for-sharepoint/

CONNEXION Exchange online

Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

deconnexion

Remove-PSSession $Session