SharePoint - SharePoint Sites

Compliance Suite monitors SharePoint Online and provides, at site, list, folder and document/item level, the following options for the organization:

Use the Compliance Suite roles to secure access to SharePoint Online areas.
Use Compliance Suite to remove unwanted shares from protected areas in SharePoint Online.
See individual rights for items and areas that do not inherit rights from parent items. This provides an overview of rights on people as well as on SharePoint Online.

When you link a role to a SharePoint Online site, the role members are placed in the Microsoft default groups: Owner, Member, and Visitor in SharePoint Online.

For each site on SharePoint Online that has unique rights, a SharePoint Site is created in Compliance Suite.

When you set a Compliance Suite role to either Owner, Member or Visitor, the inheritance of rights in SPO is broken and subsequently Compliance Suite uses the Entra ID groups to manage access to the SharePoint area.

The SharePoint Online feature has the same option as the AD DS and Entra ID groups where you can accept or remove shares made directly on SharePoint Online – KeepAccess/RemoveAccess

Choose	Description
KeepAccess	If you share documents or SharePoint Online sites with users outside the roles, those users and shares will be imported and displayed in the Compliance Suite. The group now has the members from the role as well as the manually added members.
RemoveAccess	If you share documents or SharePoint Online sites with users directly in SharePoint Online, bypassing the role, those shares will be removed again by Compliance Suite. The Remove Access setting thus ensures that access is only available to users who have one of the associated roles.

Choose

Description

KeepAccess

If you share documents or SharePoint Online sites with users outside the roles, those users and shares will be imported and displayed in the Compliance Suite. The group now has the members from the role as well as the manually added members.

RemoveAccess

If you share documents or SharePoint Online sites with users directly in SharePoint Online, bypassing the role, those shares will be removed again by Compliance Suite.

The Remove Access setting thus ensures that access is only available to users who have one of the associated roles.

External shares

On those SharePoint Online domains where external sharing is allowed, you will be able to see the shares in Compliance Suite.

When the remote user accepts the invitation, the person is subsequently created in Entra ID and then in Compliance Suite. In Compliance Suite, you will have the ability to edit properties of the person, e.g. set a Company, Person Type etc. The external users are all set up as Guests in Compliance Suite.

When you find the person in Compliance Suite, you will be able to see which areas and SharePoint items are shared with the person.