Sharepoint

There are some limitations for what types of Sharepoint sites can be shared externally and what sites can be scanned via API by default based on the structure of how Microsoft365 creates and handles the Sharepoint sites.

  • Communication sites can be shared to internal users but cannot be shared externally by default.
    • There is a workaround that involves running a powershell command to enable a communication site to be shared with an external user. You can follow the instructions on this site: https://support.office.com/en-us/article/Turn-external-sharing-on-or-off-for-SharePoint-Online-6288296a-b6b7-4ea4-b4ed-c297bf833e30#ID0EAABAAA=Office_365_Groups
  • After setting up the API connection to Sharepoint via an app-only token, the API can only scan Sharepoint sites that have the global Sharepoint administrator account added to it.
    • Team sites that are created should automatically add this account to the site. However, if the user selects private during creation the admin account will not be added to the site. Similarly, communication sites often times do not automatically add this admin account to the site permissions. Therefore those sites without the admin account added to it cannot be scanned.
  • List items that are named like a file with the extension as part of the name will cause a DLP scan timeout. Please ensure the name of list items are normal names and not named in the format of a file.