51CTO Blog地址:https://blog.51cto.com/u_13969817
为了方便方便企业内部员工可以快速的获取资料,Microsoft支持了Everyone except external users组,该组包括组织中的所有用户,但不包括外部用户或来宾,它是一个广泛的群体,用于与广泛的内部受众共享内容,而无需手动添加个人用户。
默认的情况下,用户在新建Public类型的Teams时,该组会存在member group里,有访问权限,但当Teams从Public转换为Private Teams时,该Everyone except external users组将会被删除。
当然了,有些人为了方便授权,直接针对teams或者某个library授权给该组,使其teams中的资料过度分享给组织内成员,所以作为管理员我们需要:
· 生成Tenant里所有网站包含Everyone except external users组的报告进行分析
· 敏感的网站,移除Everyone except external users组授权
Sample Code:通过脚本生成 tenant里所有网站包含Everyone except external users组的报告
$AdminCenterURL = "https://ruihengliu-admin.sharepoint.com/"
$CSVPath = "C:\Temp\EveryoneExceptGrp.csv"
Connect-PnPOnline -URL $AdminCenterURL
$TenantID = Get-PnPTenantId
$SearchGroupID = "spo-grid-all-users/$TenantID" #Everyone except external users
$AllSites = Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")
$Result = @()
ForEach($Site in $AllSites)
{
Write-host -f Yellow "Processing site:" $Site.URL
Connect-PnPOnline -URL $Site.URL -Interactive
$Groups = Get-PnPSiteGroup -Site $Site.Url | Where-Object { $_.Users -contains $SearchGroupID }
If($Groups)
{
Write-host -f Green "`tFound the Group under:" ($Groups.Title -join "; ")
$Result += [PSCustomObject][ordered]@{
SiteName = $Site.Title
URL = $Site.URL
Permissions = "Group(s): $($Groups.Title -join "; ")"
}
}
Else
{
$EEEUsers = Get-PnPUser | Where {$_.Title -eq "Everyone except external users"}
If($EEEUsers)
{
Write-host -f Green "`tFound the 'Everyone except external users' group with direct permissions!"
$Result += [PSCustomObject][ordered]@{
SiteName = $Site.Title
URL = $Site.URL
Permissions = "Direct Permissions"
}
}
}
}
$Result | Format-Table
$Result | Export-Csv -Path $CSVPath
Sample Code:从特定的SharePoint 网站组中删除Everyone except external users
$SiteURL = "https://ruihengliu.sharepoint.com/sites/Sales"
Connect-PnPOnline -URL $SiteURL -Interactive
$TenantID = Get-PnPTenantId
$SearchGroupID = "spo-grid-all-users/$TenantID"
$EEEUsersID = "c:0-.f|rolemanager|$SearchGroupID"
$Groups = Get-PnPSiteGroup -Site $SiteUrl | Where-Object { $_.Users -contains $SearchGroupID }
If($Groups)
{
Write-host -f Yellow -NoNewline "Found the Group under:" ($Groups.Title -join "; ")
$Groups | ForEach-Object { Remove-PnPGroupMember -LoginName $EEEUsersID -Identity $_.Title }
Write-host -f Green "`tRemoved from the Group(s)!"
}
Sample Code:从所有SharePoint网站中删除Everyone except external users组
$AdminCenterURL = "https://ruihengliu-admin.sharepoint.com/"
Connect-PnPOnline -URL $AdminCenterURL -Interactive
$AllSites = Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")
ForEach($Site in $AllSites)
{
Write-host -f Magenta "Processing site:" $Site.URL
Connect-PnPOnline -URL $Site.URL -Interactive
$EEEUsers = Get-PnPUser | Where {$_.Title -eq "Everyone except external users"}
If($EEEUsers)
{
Write-host -f Yellow -NoNewline "`tFound the 'Everyone except external users' group on the site! "
Remove-PnPUser -Identity "Everyone except external users" -Force
Write-host -f Green "Removed!"
}
}
谢谢大家的阅读,希望能帮助大家日后的管理