Skip to main content

Site Permissions Across Your Organization Report

The Site Permissions Across Your Organization report shows administrators how broadly content is exposed across every SharePoint site and OneDrive account in the tenant. Part of the Data Access Governance reports in the SharePoint Admin Center, it counts files with unique permissions and files shared through each type of sharing link, site by site. The result is a clear map of where oversharing risk lives, exactly what you need to see before switching on Microsoft 365 Copilot.
Related Features
Data Access Governance (DAG) Reports, Everyone Except External Users (EEEU) Report, Sharing Links Activity Reports, Site Permissions for Users Report

Common Use Cases

  • Pre-Copilot risk map: seeing oversharing across the whole tenant before enabling Copilot
  • Finding broken inheritance: counting files with unique permissions per site
  • Sharing-link exposure: counting files shared through each link type
  • Prioritizing audits: identifying the highest-risk sites to dig into
  • OneDrive coverage: a parallel report for all users’ OneDrive accounts
  • Baseline for other reports: the starting point other DAG reports build on

Benefits

  • Tenant-wide visibility: every SharePoint site and OneDrive account in one pass
  • Pinpoints risk: ranks where content is exposed more broadly than it should be
  • Two reports per run: SharePoint sites and OneDrive accounts
  • Complete data in CSV: the full data set beyond the on-screen top 100
  • Copilot prerequisite: exactly what to review before switching Copilot on
  • Foundation report: other Data Access Governance reports build on it

How It Works

  • Lives in the SharePoint Admin Center: App Launcher, Admin, SharePoint admin center, Data access governance under Reports, Reports tab, Site permissions across your organization
  • Run reports refreshes data: the page keeps some data populated from previous runs; clicking Run reports refreshes it
  • Counts exposure per site: files with unique permissions (broken inheritance) and files shared through each link type
  • Admin only: only SharePoint and Microsoft 365 administrators can run and view it; site owners and regular users have no access
  • Licensing: the tenant needs either the SharePoint Advanced Management add-on license or a Microsoft 365 Copilot license, which includes Advanced Management
  • Output: two reports per run, one for all SharePoint sites and one for all OneDrive accounts, each viewable or downloadable as a detailed CSV

Limits and Nuances

  • Run reports refreshes data: the page keeps some data from previous runs; clicking Run reports refreshes both the SharePoint and OneDrive reports
  • Generation time: after clicking Run reports, generation may take several hours or longer
  • On-screen cap: the on-screen view lists only the top 100 sites; always download the CSV for the complete data set
  • Where, not who: it identifies where high-risk sites exist; pair it with other tools when you need the who and why behind a specific share

Common Questions About the Site Permissions Report

What does the Site Permissions Across Your Organization report show?

For every SharePoint site and OneDrive account in the tenant, it shows the number of files with unique permissions (broken inheritance) and counts of files shared through each type of sharing link. That makes it the fastest way to see which sites expose content more broadly than they should.

What license is required to run this report?

You need either the SharePoint Advanced Management add-on license or a Microsoft 365 Copilot license, which includes Advanced Management. Licensing packages change often, so check Microsoft’s official requirements before planning around it.

Who can run and view the report?

Only SharePoint and Microsoft 365 administrators. It lives in the Data Access Governance section of the SharePoint Admin Center, which is not accessible to site owners or regular users.

Why does the report only show 100 sites?

The on-screen view is limited to the top 100 sites. The full data set is available in the CSV download – so for any serious review, always download the detailed report rather than relying on what is displayed on the page.

Does the report show who shared a file, or why?

No. It is a where report, not a who report – it identifies which sites carry high oversharing risk, but it does not name the person who shared a specific file or explain the reason. For the who behind admin setting changes, pair it with the Change History Report.

Where can I find a step-by-step guide to running the report?

Greg covers the whole process with screenshots – generating both the SharePoint and OneDrive reports and downloading the CSVs – in his guide How to Audit SharePoint Site Permissions Across Your Organization on the SharePoint Maven blog.