Determine whether calling the Sharepoint REST API directly can acquire numerous fields missing in the PnP and Sharepoint cmdlets

[twneale]

💡 Summary

This issue expands on #143 which was to find out if a single Sharepoint configuration setting related to security groups was available in the Sharepoint REST API. There are other missing Sharepoint fields which are explored here and are listed below:

• For Pnp = MS.SHAREPOINT.1.2v1
• For PnP = MS.SHAREPOINT.3.2v1
• For PnP & Sharepoint = MS.SHAREPOINT.4.1v1

Motivation and context

We don't currently get these fields via the PnP or Sharepoint powershell cmdlets used by Scubagear, but they may be available in the REST API.

Implementation notes

• Via proof of concept Proof of Concept - Sharepoint provider MSAL authentication and REST API to get missing fields and uniform API invocation #957 determine if these fields are available.

[twneale]

Iterative List of fields that are missing from Sharepoint and/or PnP powershell modules and where to acquire them in the REST API

There two REST endpoints that provide these fields:

• https://tenantName-admin.sharepoint.com/_api/SPO.Tenant
• https://tenanName-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery

Policy ID	Can we get required data elements from REST API?	Notes
MS.SHAREPOINT.1.3v1 Security group setting	Yes. GuestSharingGroupAllowListInTenantByGroupId	Missing from both PnP & Sharepoint modules
MS.SHAREPOINT.1.2v1	Yes. OnedriveSharingCapability In the underlying JSON that comes back from the endpoint this field is named ODBSharingCapability	Missing from PnP module

The fields below are OBE now but I left them here for historical reference. We either already have them or they are no longer necessary.

Policy ID	Can we get required data elements from REST API?	Notes
MS.SHAREPOINT.3.2v1	FileAnonymousLinkType: https://tenanName-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery, FolderAnonymousLinkType: https://tenanName-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery	Missing from PnP module - This is incorrect. I found out that PnP does actually contain these fields
MS.SHAREPOINT.4.1v1	This setting relates to whether users can run custom scripts on OneDrive. The ability to control this setting has evidently removed as of March 2024. See https://techcommunity.microsoft.com/t5/sharepoint/removing-custom-scripting-on-sharepoint-sites/m-p/4055563. It is possible to temporarily allow this with powershell somehow. But it's no longer possible to add, remove, or modify custom scripts. I'm not sure what that means for this control.	This setting has been removed by Microsoft and is no longer in the Admin portal

[tkol2022]

OneDriveSharingCapability is in the current provider export as of this morning. If your run as a service principal the field is not there so run as interactive login.

[tkol2022]

Are the PnP and Sharepoint modules both calling this API endpoint? https://tenantname-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery

[tkol2022]

Are the PnP and Sharepoint modules both calling this API endpoint? https://tenantname-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery

Thom answered yes to this when we met.

[tkol2022]

Met with Thom today and then updated the table above. We can get all of the fields via the Sharepoint REST API except for 4.1 and 4.2 (those two fields may be going away - not sure so opened a new issue for someone to perform an impact analysis).

[tkol2022]

I verified that setting MS.SHAREPOINT.4.1v1 has been removed from the MS Sharepoint admin portal so we will be removing it from the baseline. That leaves the list of settings that could potentially be retrieved by an alternative way of calling the Sharepoint REST API to a total of 3 settings. Refer to the table in an earlier comment for a list.

[tkol2022]

Based on some more recent testing, I re-verified that by calling the Sharepoint REST API https://tenantname-admin.sharepoint.com/_vti_bin/client.svc/ProcessQuery directly we can acquire all of the fields currently missing from ScubaGear. There are only 2 settings that the current version of ScubaGear does not get from the existing Powershell modules that we are using. See the first two rows in the table above.