Data Access Governance Reports in the SharePoint Admin Center

SharePoint Online is a widely recognized collaborative service that handles a vast volume of data flowing in and out of its environment every day. Crucial monitoring is essential to ensure the security and compliance of this data. This is where the data access governance reports step in. These reports play a pivotal role in facilitating a comprehensive review of data sharing, access, and classification within SharePoint Online. By leveraging these reports, you can effectively evaluate and manage the way data is accessed within the SharePoint Online environment.

This blog covers everything about the data access governance reports within the SharePoint admin center. Ready to explore? Then, here we go!

As SharePoint sites often house a vast amount of data, the data access governance (DAG) insights dashboard within the SharePoint admin center serves as a valuable tool. It helps in detecting instances of excessive resource sharing within SharePoint Online. Identifying the top 100 and top 10,000 sites among millions containing sensitive content enables admins to easily detect potential risks. They can take proactive measures to ensure proper governance and security.

Currently, there are two types of data access governance reports in SharePoint Online.

• Sharing links
• Sensitivity labels applied to files

In the SharePoint admin center, the data access governance reports are typically accessible to SharePoint administrators, global administrators, and other user accounts that are assigned admin permissions.

To access the data governance reports in SharePoint Online, follow the steps given below.

Step 1: Visit the SharePoint admin center.

Step 2: Navigate to Reports.

Step 3: Select ‘Data access governance’.

These reports provide a comprehensive overview of SharePoint sites where users created the highest number of sharing links which include the following.

Anyone links: Anonymous/Anyone links are public links that can be accessed by anyone with the link. This report lists sites that have the highest number of Anyone links created for the past 30 days.

People in the organization links: These links are also known as organization links, and they allow anyone in your organization to access the content. This report lists sites with the highest number of “People in the organization” links for the past 30 days.

Specific people links: These links can be shared with anyone, people inside and outside of your organization, but restricted only to specified individuals or groups. Using this report, admins can get details about the SharePoint site that has the highest number of specific people links created for the past 30 days.

Note: Before getting the latest data about the sharing links, you must first run the report using the ‘Run’ option.

After running the report, you have to wait for a few hours for the process to be completed. You can select ‘Refresh status’ to successfully see the status updated after a few hours. It is important to note that each report can be run only once in 24 hours.

When the report is ready, you get to view the following information about the site.

• Site name,
• URL to the site,
• Number of links created (last 30 days),
• Primary admin of the site,
• Site sensitivity,
• Unmanaged device policy, and
• External sharing status for that site.

The reports can be sorted by site sensitivity, unmanaged device access (No access, Limited web-only access, and Full access), and whether external sharing is enabled or disabled.

Note that this list view lists only up to 100 sites. You can download detailed reports using the ‘Download detailed report’ button into a .csv file to get information for up to 10,000 sites.

These reports help you monitor sensitive content roaming around SharePoint by reviewing the sites with sensitivity labels application. To view sensitivity labels for file reports, the first step is to add reports by selecting the sensitivity labels and then run the reports. You can add a report for each sensitivity label you want to monitor.

Note: The data access governance reports in SharePoint Online can only be generated for sensitivity labels that have been applied specifically to files.

As mentioned above, you have to run the report first and wait for a few hours to get the report ready.

When the report is ready, you can download it in the form of a .csv file. This report includes up to 10,000 sites covering the following information.

• Site ID
• Site URL
• Primary admin name
• Primary admin email
• Number of labeled files
• Site sensitivity label ID,
• Site sensitivity label name
• Unmanaged device policy
• External sharing status for the site.

IMPORTANT: To ensure the data access governance reports function correctly, you need to enable identifiable usernames in the Microsoft 365 admin center and uncheck the option that says, “Display concealed user, group, and site names in all reports.” This will enable the reports to show the actual names instead of pseudonyms for improved clarity and understanding.

• The data in these reports may experience delays of up to 48 hours.
• For new tenants, it might take a few days for these reports to be generated successfully.

Microsoft announced in a recent article that they are adding new enhancements to SharePoint Data Access Governance insights to power up the process of monitoring top sites that require attention. The enhancements include,

• Site access reviews
• Integration with restricted access control (RAC) policy
• New EEEU (Everyone except external users) report

These features require a Microsoft Syntex- SharePoint Advanced Management license and it is waiting to be generally available soon. We will update the blog once it’s rolled out. Stay tuned!

I hope this blog will help you gain a greater understanding of SharePoint reports for sharing, access, and data classification. For further assistance, feel free to reach us in the comments.