Auditing External SharePoint File Sharing with PowerShell

gistfile1.txt

# Blog article at https://jamesachambers.com/auditing-external-file-sharing-in-microsoft-365-with-powershell/
# Get SharePoint or OneDrive sites (adjust for specific sites or drives if needed)
$sites = Get-MgSite -All

# Initialize an array to store results
$externallySharedFiles = @()

# Loop through each site and its drives (OneDrive and SharePoint sites)
foreach ($site in $sites) {
    Write-Host "Checking site: $($site.DisplayName)"

    # Get all drives (document libraries) within the site
    $drives = Get-MgSiteDrive -SiteId $site.Id

    foreach ($drive in $drives) {
        # Get all items (files and folders) from the drive
        $items = Get-MgDriveItem -DriveId $drive.Id -Filter "Shared ne null" -PageSize 5000
        Write-Host "Checking drive: $($drive.Name) - Count: $($items.Count)"

        foreach ($item in $items) {
            # Check if the item has any sharing permissions or links
            $permissions = Get-MgDriveItemPermission -DriveId $drive.Id -DriveItemId $item.Id

            foreach ($permission in $permissions) {
                if ($null -ne $permission.Invitation.Email -or
                    ($null -ne $permission.Link.Scope -and "organization" -ne $permission.Link.Scope)) {
                    Write-Host "Externally shared files found $($permission.Invitation.Email)"
                    if ($null -ne $permission.GrantedToIdentities) {
                        $SharedWithUser   = $permission.GrantedToIdentities.User.DisplayName -join ", "
                        $SharedWithApp    = $permission.GrantedToIdentities.Application.DisplayName -join ", "
                        $SharedWithDevice = $permission.GrantedToIdentities.Device.DisplayName -join ", "
                    } elseif ($null -ne $permission.GrantedTo) {
                        $SharedWithUser   = $permission.GrantedTo.User.DisplayName -join ", "
                        $SharedWithApp    = $permission.GrantedTo.Application.DisplayName -join ", "
                        $SharedWithDevice = $permission.GrantedTo.Device.DisplayName -join ", "
                    }
                    $SharedFile = [pscustomobject]@{
                        SiteName         = $site.DisplayName
                        DriveName        = $drive.Name
                        FileName         = $item.Name
                        FileId           = $item.Id
                        DriveId          = $drive.Id
                        ShareScope       = $permission.Link.Scope
                        ShareType        = $permission.Link.Type
                        WebUrl           = $permission.Link.WebUrl
                        SharedWithUser   = $SharedWithUser
                        SharedWithApp    = $SharedWithApp
                        SharedWithDevice = $SharedWithDevice
                        InvitationEmail  = $permission.Invitation.Email
                    }
                    $SharedFile
                    # The file has been shared externally
                    $externallySharedFiles += $SharedFile
                }
            }
        }
    }
}

# Output the externally shared files
if ($externallySharedFiles.Count -gt 0) {
    Write-Host "Externally shared files found:"
    $externallySharedFiles | Format-Table -AutoSize
} else {
    Write-Host "No externally shared files found."
}

# Optionally, export results to CSV
$externallySharedFiles | Export-Csv -Path "ExternallySharedFiles.csv" -NoTypeInformation