-
Notifications
You must be signed in to change notification settings - Fork 631
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #6992 from MicrosoftDocs/main
[OOB publish 11/19 @ 05:00 PM IST remove sam from toc by maggierui
- Loading branch information
Showing
8 changed files
with
367 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,157 @@ | ||
| --- | ||
| ms.date: 11/18/2024 | ||
| title: "Generate App insights reports" | ||
| ms.reviewer: goagarwal | ||
| ms.author: mactra | ||
| author: MachelleTranMSFT | ||
| manager: jtremper | ||
| audience: Admin | ||
| f1.keywords: | ||
| - NOCSH | ||
| ms.topic: article | ||
| ms.service: sharepoint-online | ||
| ms.localizationpriority: medium | ||
| ms.collection: | ||
| - Highpri | ||
| - Tier2 | ||
| - M365-sam | ||
| - M365-collaboration | ||
| - SAM-FY25 | ||
| search.appverid: | ||
| recommendations: false | ||
| description: "Learn how to generate App insights reports to view how non-Microsoft applications registered on your Microsoft Entra admin center access your SharePoint content." | ||
| --- | ||
|
|
||
| # Generate App insights reports | ||
|
|
||
| [!INCLUDE[Advanced Management](includes/advanced-management.md)] | ||
|
|
||
| App insights is a [SharePoint Advanced Management](advanced-management.md) feature that lets [IT administrators](/microsoft-365/admin/add-users/about-admin-roles) gain insights on the various non-Microsoft applications registered to your Microsoft Entra admin center and how they access your SharePoint content. This report can help you maintain and protect the integrity of your content. | ||
|
|
||
| The report is based on the Microsoft audit data logged when a non-Microsoft application accesses content through the following set of events: | ||
|
|
||
| - FileAccessed | ||
| - FileDownloaded | ||
| - FileModified | ||
| - FileUploaded | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| This feature requires Microsoft SharePoint Premium - SharePoint Advanced Management license. | ||
|
|
||
| ## App insights reports in SharePoint admin center | ||
|
|
||
| ### Create report | ||
|
|
||
| 1. Sign in to SharePoint admin center with your SharePoint admin credentials. | ||
| 2. In the left pane, expand **Reports** and then select **App insights**. | ||
| 3. Once on the **App insights** landing page, select **Add a report** to generate a new report. :::image type="content" alt-text="Screenshot of the create reports page for app insights dashboard in SharePoint admin center." source="media/app-insights/1-enterprise-app-insights-landing-page.png" lightbox="media/app-insights/1-enterprise-app-insights-landing-page.png"::: | ||
|
|
||
| Under **Report range**, you can specify and filter data from a respective time frame for your report. :::image type="content" alt-text="Screenshot of the report range for app insights in SharePoint admin center." source="media/app-insights/2-enterprise-app-insights-create-new-report.png" lightbox="media/app-insights/2-enterprise-app-insights-create-new-report.png"::: | ||
|
|
||
| 4. Select **Add and run**. | ||
|
|
||
| > [!NOTE] | ||
| > | ||
| > - It can take up to a several hours for generated reports to be available. | ||
| > - Only one report is allowed per report range. | ||
| > - Reports can be rerun after 24 hours. | ||
| ### Manage reports in SharePoint admin center | ||
|
|
||
| #### View report status | ||
|
|
||
| To check if a report is ready or when it was last updated, see the **Status** column. When a report is ready, select it to view the data. | ||
|
|
||
| :::image type="content" alt-text="Screenshot of created app insight report in SharePoint admin center." source="media/app-insights/3-enterprise-app-insights-view-report.png" lightbox="media/app-insights/3-enterprise-app-insights-view-report.png"::: | ||
|
|
||
| You're able to see the top 100 (by request volume) results on the screen. | ||
|
|
||
| You can also filter by App name, App permissions, and Site sensitivity to view relevant results form the top 100 rows. | ||
|
|
||
| :::image type="content" alt-text="Screenshot of list of insight reports in SharePoint admin center." source="media/app-insights/4-enterprise-app-insights-manage-reports.jpg" lightbox="media/app-insights/4-enterprise-app-insights-manage-reports.jpg"::: | ||
|
|
||
| > [!IMPORTANT] | ||
| > To view up to 1 million results, you must select **Download detailed report**. | ||
| #### Delete report | ||
|
|
||
| To delete a report, select the existing report you want to delete and select **Delete report**. | ||
|
|
||
| #### Rerun a report | ||
|
|
||
| To get updated data for a given report range, select an existing report and select **Run**. | ||
|
|
||
| > [!TIP] | ||
| > A rerun prompt also appears if you select **Add a report** and select a report range for which there already exists a report. | ||
| ## App insights reports in SharePoint PowerShell Module | ||
|
|
||
| You can generate and manage App insights reports using SharePoint Online Management Shell. | ||
|
|
||
| 1. [Download](https://go.microsoft.com/fwlink/p/?LinkId=255251) and install the latest version of SharePoint Online Management Shell. | ||
| 2. Connect to SharePoint Online as a [SharePoint Administrator](sharepoint-admin-role.md) in Microsoft 365. For more information about SharePoint Online Management Shell, see [Getting started with SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online). | ||
| 3. Ensure you have the SharePoint Premium - SharePoint Advanced Management license. | ||
|
|
||
| ### PowerShell commands for App insights reports | ||
|
|
||
| To perform the necessary operations, use the following commands: | ||
|
|
||
| #### Create a one-day default duration report | ||
|
|
||
| To generate report for the default duration of one day, run the following command: | ||
|
|
||
| ```powershell | ||
| Start-SPOEnterpriseAppInsightsReport | ||
| ``` | ||
|
|
||
| #### Create report for any other duration | ||
|
|
||
| To generate report for any other duration, run the following command: | ||
|
|
||
| ```powershell | ||
| Start-SPOEnterpriseAppInsightsReport -ReportPeriodInDays $ReportPeriodInDays (possible values = 1, 7, 14, 28) | ||
| ``` | ||
|
|
||
| #### Check status of all active and available reports | ||
|
|
||
| To check status of all active and available reports, run the following command: | ||
|
|
||
| ```powershell | ||
| Get-SPOEnterpriseAppInsightsReport | ||
| ``` | ||
|
|
||
| #### Check status of a specific report | ||
|
|
||
| To check status of a specific report, run the following command: | ||
|
|
||
| ```powershell | ||
| Get-SPOEnterpriseAppInsightsReport -reportID $reportID (for the given report ID) | ||
| ``` | ||
|
|
||
| #### View a specific report | ||
|
|
||
| To view a specific report, run the following command: | ||
|
|
||
| ```powershell | ||
| Get-SPOEnterpriseAppInsightsReport -reportID $reportID | ||
| ``` | ||
|
|
||
| #### Download a report | ||
|
|
||
| To download the report, run the following command: | ||
|
|
||
| ```powershell | ||
| Get-SPOEnterpriseAppInsightsReport -reportID $reportID -action download | ||
| ``` | ||
|
|
||
| > [!IMPORTANT] | ||
| > Rerun and delete report capabilities are unavailable for PowerShell. The [Create report cmdlets](#create-a-one-day-default-duration-report) can be used with relevant report duration. | ||
| ## Known experiences | ||
|
|
||
| - In new tenants, it can take a few days for data to be available and for these reports to be generated successfully. In large tenants, the data can be delayed by up to 48 hours (about two days). | ||
| - A report can be rerun only after 24 hours since the last report generation. | ||
| - There can only be one report for each value of **Report range**. This means that you can see a maximum of four reports in the **Enterprise Application Insights** homepage. | ||
| - These reports are powered by Audit data and don't include all audit events. | ||
| - You might see App ID of the non-Microsoft app, or App name of a mid-tier app in some cases. |
57 changes: 57 additions & 0 deletions
57
SharePoint/SharePointOnline/manage-access-agents-in-sharepoint.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| --- | ||
| ms.date: 11/14/2024 | ||
| title: Manage access to agents in SharePoint | ||
| ms.reviewer: | ||
| ms.author: ruihu | ||
| author: maggierui | ||
| manager: jtremper | ||
| recommendations: true | ||
| audience: Admin | ||
| f1.keywords: | ||
| - NOCSH | ||
| ms.topic: how-to | ||
| ms.service: sharepoint-online | ||
| ms.collection: | ||
| - M365-collaboration | ||
| - m365copilot | ||
| - magic-ai-copilot | ||
| - Tier2 | ||
|
|
||
| ms.localizationpriority: medium | ||
| search.appverid: | ||
| - MET150 | ||
| description: "Learn how to manage access to agents in SharePoint with built-in SharePoint premission models, SharePoint Advanced Management features such as restricted access control, and restricted content discovery." | ||
| --- | ||
| # Manage access to agents in SharePoint | ||
|
|
||
| Agents in SharePoint, powered by AI, help employees quickly find information and insights on SharePoint sites, pages, and document libraries. Agents in SharePoint access your organization's data the same way [Copilot in other Microsoft 365 apps](/sharepoint/sharepoint-copilot-best-practices#copilot-and-sharepoint) does, responding to users based on their access permissions to the data. As a SharePoint admin, you can manage employees' access to an agent in multiple ways by managing: | ||
| - Who can access the agents | ||
| - What information the user can access through the agent | ||
| - Whether agents are available in a specific SharePoint site | ||
|
|
||
| ## Manage who can access the agents | ||
|
|
||
| Currently, users with a [Microsoft 365 Copilot license](/copilot/microsoft-365/microsoft-365-copilot-licensing) can use the agents. You can use the [Microsoft 365 Copilot setup guide](https://admin.microsoft.com/Adminportal/Home?Q=learndocs#/modernonboarding/microsoft365copilotsetupguide) in the Microsoft 365 admin center to assign the required licenses to users. For more information, see [Assign licenses to users in the Microsoft 365 admin center](/microsoft-365/admin/manage/assign-licenses-to-users) and [Microsoft 365 Copilot requirements](/copilot/microsoft-365/microsoft-365-copilot-requirements). | ||
|
|
||
| ## Manage what information a user can access through the agents | ||
|
|
||
| ### With built-in SharePoint features | ||
|
|
||
| Agents in SharePoint use SharePoint sites, pages and document libraries as knowledge sources to respond to the user. You can control a user’s access to the information when they use an agent by controlling their access to the site. SharePoint provides many tools to control access to a site: | ||
|
|
||
| - Make a site private to ensure only the people who have explicit permission to access the site. | ||
| - If the site is associated with a Microsoft 365 group and the site is private, control group membership to control who can visit the site. | ||
| - If the site isn’t associated with a group and is private, use site permissions to control access. | ||
| - Use access governance policies available in the SharePoint admin center and PowerShell to control access based on other criteria. | ||
|
|
||
| Learn more about using SharePoint built-in features to control access [here](/sharepoint/sharepoint-copilot-best-practices#step-2---prevent-oversharing-and-control-access-with-sharepoint-and-onedrive). | ||
|
|
||
| ## With SharePoint Advanced Management | ||
|
|
||
| Currently, to restrict access to a site by Microsoft 365 Copilot, the SharePoint Admin can set up a [restricted access control policy](/sharepoint/restricted-access-control). As a result, all access to the site is restricted to only the group of users specified in the policy. Accordingly, the content from this site is visible in Microsoft 365 Copilot only for this restricted group of users. You can restrict access to individual sites or OneDrive. | ||
| Learn more about additional features to prevent oversharing, control access, and enhance your content governance with SharePoint Advanced Management [here](/sharepoint/get-ready-copilot-sharepoint-advanced-management). | ||
|
|
||
| ## Turn off agents in SharePoint with restricted content discovery | ||
|
|
||
| You as a SharePoint Admin can turn off all agent-related features on individual sites with the [restricted content discovery](/sharepoint/restricted-access-control). Once a site is flagged with restricted content discovery, users can't see the Copilot icon on the upper right of the site. Therefore, they don’t have access to use the ready-made agent, create new agents, or add content from that site to any other agents. The restricted content discovery policy leaves site access unchanged but prevents the site's content from being surfaced in Microsoft 365 Copilot or organization-wide Search for all users. | ||
|
|
Binary file added
BIN
+126 KB
.../SharePointOnline/media/app-insights/1-enterprise-app-insights-landing-page.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+205 KB
...ePointOnline/media/app-insights/2-enterprise-app-insights-create-new-report.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+125 KB
...t/SharePointOnline/media/app-insights/3-enterprise-app-insights-view-report.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+457 KB
...harePointOnline/media/app-insights/4-enterprise-app-insights-manage-reports.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
130 changes: 130 additions & 0 deletions
130
SharePoint/SharePointOnline/restricted-content-discovery.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,130 @@ | ||
| --- | ||
| ms.date: 11/14/2024 | ||
| title: "Restrict discovery of SharePoint sites and content" | ||
| ms.reviewer: nibandyo | ||
| manager: jtremper | ||
| recommendations: true | ||
| ms.author: mactra | ||
| author: MachelleTranMSFT | ||
| audience: Admin | ||
| f1.keywords: | ||
| - NOCSH | ||
| ms.topic: article | ||
| ms.service: sharepoint-online | ||
| ms.localizationpriority: medium | ||
| ms.custom: | ||
| - has-azure-ad-ps-ref | ||
| ms.collection: | ||
| - M365-collaboration | ||
| - M365-SAM | ||
| - Tier2 | ||
| search.appverid: | ||
| description: "Learn how to restrict the discovery of SharePoint sites from Microsoft 365 Copilot Business Chat and tenant-wide search." | ||
| --- | ||
|
|
||
| # Restrict discovery of SharePoint sites and content | ||
|
|
||
| [!INCLUDE[Advanced Management](includes/advanced-management.md)] | ||
|
|
||
| For organizations onboarding to Microsoft 365 Copilot, maintaining strong data governance controls for SharePoint content is critical to deploying Copilot in a safe manner. Sites identified with the highest risk of oversharing can use Restricted Content Discovery to protect content while taking time to ensure that permissions are accurate and well-managed. | ||
|
|
||
| ## What is Restricted Content Discovery? | ||
|
|
||
| With Restricted Content Discovery, organizations can limit the ability of end users to search for files from specific SharePoint sites. Enabling Restricted Content Discovery for each site prevents the sites from surfacing in organization-wide search and Microsoft 365 Copilot Business Chat, unless a user had a recent interaction. | ||
|
|
||
| > [!NOTE] | ||
| > Restricted Content Discovery does not impact existing permissions on sites. Users with access can still open files on sites with Restricted Content Discovery toggled on. | ||
| While child content is hidden by default, users in your organization can still discover files they own or recently interacted with. End users can still find relevant content they need for their day-to-day tasks, even if Restricted Content Discovery is applied to the parent site. | ||
|
|
||
| Restricted Content Discovery doesn't affect searches originating from a site context or other intelligent features such as Microsoft 365 Feed and Recommendations. | ||
|
|
||
| ## Use cases for Restricted Content Discovery | ||
|
|
||
| Restricted Content Discovery can be applied to any SharePoint site in your organization. The key use case for this feature is to prevent accidental discovery of high-risk sites. | ||
|
|
||
| We recommend using tools such as Data access governance reports and SharePoint admin center's **Active sites** tab to first compile a selective list of targeted sites. | ||
|
|
||
| > [!NOTE] | ||
| > This feature can't be applied to OneDrive sites. | ||
| > [!CAUTION] | ||
| > Overuse of Restricted Content Discovery can negatively affect performance across search, SharePoint, and Copilot. Removing sites or files from tenant-wide discovery means that there's less content for search and Copilot to ground on, leading to inaccurate or incomplete results. | ||
| Restricted Content Discovery is a site-level setting that needs to be propagated to the search index, a large number of transactions could lead to a long queue in the ingestion pipeline and higher update latency times. | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| The Restricted Content Discover policy requires the following prerequisites: | ||
|
|
||
| - Have a [Microsoft SharePoint Premium - SharePoint Advanced Management subscription](advanced-management.md). | ||
| - Download and install the latest version of SharePoint Online Management Shell. | ||
| - Connect to SharePoint Online as a SharePoint Administrator in Microsoft 365. | ||
|
|
||
| ## Configure Restricted Content Discovery | ||
|
|
||
| By default, Restricted Content Discovery is off for all sites. As an IT administrator, you can enable or disable this feature, and check the current state of a given site. | ||
|
|
||
| ### Enable Restricted Content Discovery for a site | ||
|
|
||
| Complete the following steps to apply Restricted Content Discovery on a site: | ||
|
|
||
| To apply Restricted Content Discovery on a SharePoint site, run the following command: | ||
|
|
||
| ```powershell | ||
| Set-SPOSite –identity <site-url> -RestrictContentOrgWideSearch $true | ||
| ``` | ||
|
|
||
| ### Check the state of Restricted Content Discovery | ||
|
|
||
| Check for the state of Restricted Content Discovery with the following command: | ||
|
|
||
| ```powershell | ||
| Get-SPOSite –identity <site-url> | Select RestrictContentOrgWideSearch | ||
| ``` | ||
|
|
||
| ### Remove Restricted Content Discovery from a site | ||
|
|
||
| To remove Restricted Content Discovery on a SharePoint site, run the following command: | ||
|
|
||
| ```powershell | ||
| Set-SPOSite –identity <site-url> -RestrictContentOrgWideSearch $false | ||
| ``` | ||
|
|
||
| ## Next steps | ||
|
|
||
| Restricted Content Discovery gives organizations time to review and/or audit permissions and deploy access controls while onboarding Copilot in a safe manner. | ||
|
|
||
| Ultimately for sites that are overshared, the goal is to ensure that proper controls are in place to manage access. SharePoint Advanced Management has a suite of features, such as advanced site content lifecycle management, to help site owners and admins create a robust SharePoint governance framework. | ||
|
|
||
| ## Frequently Asked Questions | ||
|
|
||
| **Is my organization eligible to use Restricted Content Discovery?** | ||
|
|
||
| Customers who are licensed for Copilot and have SharePoint Advanced Management available to them can configure Restricted Content Discovery. | ||
|
|
||
| **What search scenarios enforce Restricted Content Discovery?** | ||
|
|
||
| Restricted Content Discovery only affects tenant-wide search (SharePoint home, Office.com, Bing) and Microsoft 365 Copilot. Only Copilot Discovery scenarios are in scope; Copilot experiences that use data-in-use, such as "summarize the current document" in Word aren't impacted. | ||
|
|
||
| **Does Restricted Content Discovery impact other features with dependencies on the search index, such as the Microsoft Purview product suite?** | ||
|
|
||
| No, Restricted Content Discovery doesn't remove content from the tenant search index, which means Microsoft Purview features such as eDiscovery and autolabeling aren't impacted. | ||
|
|
||
| **How soon can I expect Search and Copilot to reflect an update made to the Restricted Content Discovery configuration of a site?** | ||
|
|
||
| Restricted Content Discovery is a site-level property. Index update latency is highly dependent on the number of items in the site and the number of sites getting updated at the same time. For sites with more than 500,000 items, the Restricted Content Discovery update could take more than a week to fully process and reflect in search and Copilot. | ||
|
|
||
| **How does Restricted Content Discovery affect the end user experience in Copilot?** | ||
|
|
||
| Based on usage of this feature, Copilot has less information available to reference, which could negatively affect its ability to provide accurate and comprehensive responses. | ||
|
|
||
| **How does Restricted Content Discovery fit into an overall approach to prepare SharePoint data for Microsoft 365 Copilot?** | ||
|
|
||
| Restricted Content Discovery is designed to limit the ability of end users to search for content from specific SharePoint sites. For a more comprehensive guidance on preparing your data for Copilot, check out this [blueprint](https://aka.ms/Copilot/OversharingBlueprintLearn). | ||
|
|
||
| ## Related topics | ||
|
|
||
| [Overview of SharePoint Advanced Management](advanced-management.md) | ||
|
|
||
| [Manage access agents in SharePoint](manage-access-agents-in-sharepoint.md) |
Oops, something went wrong.