Know exactly who has access to what across your entire SharePoint Online environment.
Managing SharePoint permissions at scale is one of the most time-consuming and error-prone tasks in Microsoft 365 administration. Sites accumulate owners, members, and visitors over time. Folders get shared with individuals via links that nobody can find afterwards. Microsoft 365 Groups add another layer of membership that doesn’t show up in the standard SharePoint admin center. The result is a permissions landscape that’s almost impossible to audit manually — until now.
SharePoint Permissions Discovery connects to your Microsoft 365 tenant and produces a single, structured Excel workbook covering every site in your environment. No clicking through admin portals. No manual exports. No spreadsheets stitched together by hand.
What you get:
- Site inventory — every
/sites/and/teams/site in one place, with storage usage, sensitivity labels, hub site membership, Teams connectivity, and governance settings - Per-person permissions — one row per user per site, broken out by role (Site Collection Admin, Owner, Member, Visitor), with full Microsoft 365 Group membership expansion so the real people behind group-connected sites are always visible
- Folder-level unique permissions — surfaces every location where permissions have been broken from site inheritance, so nothing is hidden inside a document library
- Active sharing links — full detail on every sharing link in use: who it’s shared with, whether it’s view or edit, the scope (specific people, organisation-wide, or anonymous), password protection status, and expiry date
- Error log tab — any sites that couldn’t be processed are listed separately, so the rest of your report is never affected by a single problem site
How it works:
The script registers itself as an application in your Entra ID tenant (one-time setup, fully automated), then connects using certificate-based app-only authentication — no licensed user account required for the data collection, and no passwords stored anywhere. Run it once, get the full picture. Re-run it any time permissions change.
Requirements: PowerShell 7, a Microsoft 365 Global Admin or SharePoint Admin account for initial setup, and the free PnP.PowerShell and ImportExcel modules (the tool installs these for you).
https://store.thecloudgeezer.com/products/sharepoint-sites-files-discovery-report
The YouTube channel for The Cloud Geezer can be found here – https://youtube.com/thecloudgeezer
Mark – The Cloud Geezer – mark@thecloudgeezer.com
