Introduction Understanding the sensitivity and retention labels applied to files in your SharePoint Online sites is essential for maintaining data security and compliance. These labels enable you to manage and protect your data by defining retention periods and handling sensitive information appropriately. This is particularly important for initiatives like the Microsoft 365 Copilot rollout, ensuring that the correct files are stored within the appropriate SharePoint sites. For example, if a SharePoint site is a public Team site, files labeled as confidential should be moved to a private Team site or existing Team site updated from public to private.

The script checks the ‘SharePoint Online Web Client Extensibility’ Principal within Entra ID for the actual assigned permissions as the SPFx solutions requests are all be added to that single shared permission group. As hilghlighted by “Wes Hackett”: I’ve personally seen plenty of tenants with Mailbox permissions with no corresponding solutions live in the app catalogs. Early SPFx doc examples encouraged the use of MS Graph into Mailbox permissions in one of the how to learn samples, older tenants sometimes have this breadcrumb left behind.

Have you ever needed to gather detailed information about SPFx solutions installed in your SharePoint environment, such as API permissions, for auditing, inventory, or compliance purposes? The PowerShell script below helps you retrieve these details from both the tenant-level and site collection app catalogs for auditing with the aim to improve security posture by removing unneeded apps and access rights. To execute this script, you must have Global Administrator or SharePoint Administrator roles.