Audit SharePoint Online Group Membership Changes

Native Solution

Microsoft 365 Permission Required

High

Global Admin, Exchange Admin, or Compliance Admin.

Option 1 Using Microsoft 365 Audit Logs

Login to the Microsoft Purview compliance portal.
Under the Solutions section, select Audit.
If required, customize the date and time range.
Click on the Activities – friendly names drop-down and select "Added user or group to SharePoint group" and "Removed user or group to SharePoint group" options.
Click on Search. Once the search is completed, you can export the SharePoint Online group membership changes report.

To access activities that happened beyond 180 days, you need to have licensing for long-term audit log retention.

Option 2 Using Windows PowerShell

Connect to Exchange Online PowerShell using the below cmdlet.
Windows PowerShell
```
 Connect-ExchangeOnline
```
Run the below cmdlet to track group membership changes in SharePoint Online.

Windows PowerShell

 Search-UnifiedAuditLog -StartDate mm/dd/yyyy -EndDate mm/dd/yyyy -RecordType SharePointSharingOperation -Operations AddedToGroup,RemovedFromGroup |Format-Table CreationDate,UserIds,Operations -AutoSize

Option 3 Using PowerShell Script

The above cmdlet retrieves results in JSON format, which needs to be processed further to get details, such as who removed or added a user to a SharePoint Online group.
To simplify this task, we have crafted a PowerShell script that provides complete information to track SharePoint group membership changes.
Download and run the following script in the Administrator PowerShell.

AuditSPOGroupMembershipChanges.ps1

AdminDroid Solution

More than 150 reports are under the free edition.

AdminDroid Permission Required

Delegated

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid

Login to the AdminDroid Office 365 reporter.
Navigate to the Member Added in SharePoint Groups report under Audit»SharePoint»Groups.

The above report helps to identify details, such as the member added time, who added them, the group name, the SharePoint site URL, etc.

You can also refer to the Member Removed from SharePoint Groups report to view the users removed from an SPO group.

AdminDroid's built-in graphs enable you to check the count of SharePoint group member removal activities performed by each user.

Explore a full range of reporting options

Keep tabs on SharePoint group membership updates!

Stay updated on changes to group membership in SharePoint Online! Utilize AdminDroid to discover who, what, and when changes are made to SPO group memberships.

Witness the report in action using the

Live Demo

Important Tips

Restrict domain sharing in SharePoint Online to allow users only from specific external domains to be a member of SharePoint groups.

Configure DLP policies in SharePoint Online to avoid sensitive data sharing by SPO group members.

Review empty SharePoint Online groups and promptly remove them to maintain an organized Microsoft 365 environment.

SharePoint OnlineMonitor SharePoint Group Membership Changes to Identify and Remove Suspicious Users in Microsoft 365

Showing 1 of 5

What are the default permission groups in SharePoint Online? How to add users to a SharePoint Online group? How to hide SharePoint Online group membership? How to get a list of members in a SharePoint Online group? How to change permissions for a group in SharePoint Online?

What are the default permission groups in SharePoint Online?

SharePoint Online groups offer a streamlined approach for managing permissions and regulating access to your documents. Instead of assigning permissions individually to users, you can add users to a SharePoint group and assign required permissions to it. Thus, the given permissions will be assigned to all the group members which streamlines user privilege management and ensures consistent access control across SharePoint Online.

When a new SharePoint Online site is created, the following groups are created automatically.

Site Owners : Users who are designated as owners of the site are automatically added to a security group. This security group is then included in the Site owner group to grant them "Full Control" over the site.
Site Members : Similarly, users who are designated as members of the site are automatically added to another security group. This security group is then included in the Site member group to grant them "Edit" permission over the site.
Site Visitors : By default, this group will be empty. When you assign "Read" permission to a user, they will be automatically added to this group.

Here’s a brief scenario,

Imagine you’ve created a SharePoint site named "Sales and Marketing" with some owners and members.
Now, they will be added to respective security groups named "Sales and Marketing Owners" and "Sales and Marketing Members".
These security groups are then added to the default SharePoint permission groups named "Site Owners" and "Site Members".
If you share the site with users by assigning read permissions, they will be added to the default SharePoint permission group named "Site Visitors".

You can check it by navigating to Settings»Site permissions in your SharePoint Online site.

Additionally, you can create and manage groups in SharePoint Online based on various criteria such as department, project, or specific roles within the organization.

Create a group in SharePoint Online

Navigate to the desired SharePoint Online site. Click on the Settings (gear icon) and select Site permissions»Advanced permission settings.
Click on Create Group and provide a name and description. Select a group owner and permission level. If you wish, you can also adjust group settings and manage membership requests. Once finished, click on Create.

Delete a group in SharePoint Online

To delete a SharePoint group, simply select the desired group. Choose "Group Settings" under the Settings drop-down menu. Now, click on the Delete option located at the bottom.

How to add users to a SharePoint Online group?

You can add users to an existing or newly created SharePoint Online group by following the steps below.

Go to the desired SharePoint Online site.
Navigate to Settings»Site permissions»Advanced permission settings.
Click on the SharePoint group to which you want to add users. Under the New drop-down box, select "Add users to this group".
Type the Microsoft 365 usernames you want to add. You can also add external users to a SharePoint group by typing their email addresses.
If you prefer to add users without invitation, click on Show Option and uncheck the "Send an email invitation" checkbox to disable it.

Similarly, to remove users from a SharePoint group, click on the desired user/group. Under the Actions drop-down box, select "Remove Users from Group".

AdminDroid helps you to manage SharePoint Online groups by offering insights into all the group memberships and sharing related activities.

Actively audit internal and external user additions in SharePoint groups to remove access for unintended guests and prevent data breaches.
Monitor the activities of removing members from SharePoint groups to ensure accurate termination of user access when it's no longer needed.
Track external sharing in SharePoint Online to detect any unauthorized sharing of sensitive information.

How to hide SharePoint Online group membership?

When you create a SharePoint group, everyone on the site can view its members. However, if the group is intended for sensitive roles, you may not want to disclose their identities to other groups' members. In such cases, you can customize the group settings to hide this information.

Locate to the desired SharePoint Online site.
Tap on the Settings icon and select Site permissions»Advanced permission settings.
Click on the SharePoint group whose membership you wish to hide. Under the Settings drop-down, select Group Settings.
Under "Who can view the membership of the group?", select the Group Members option. It ensures that only members within the group can view its membership details.
Once done, click on OK.

You can also use PnP PowerShell to hide group membership information in SharePoint Online.

Connect-PnPOnline -Url <DesiredSite’sURL> -Interactive
Set-PnPGroup -Identity "<GroupName>" -OnlyAllowMembersViewMembership:$true

AdminDroid provides a detailed report on changes made to SharePoint group settings that helps you to revert inappropriate modifications.

By consistently reviewing the Updated SharePoint Groups report, you can determine who changed the group's name, who has permission to view or edit group membership, and how membership requests are handled.

Handy Hint: You can refer to the "Modified Properties" column to check the modified settings and revert them if required.

How to get a list of members in a SharePoint Online group?

When you add a user to a site or share access with them, they are automatically included in the SharePoint Online members or visitors groups. Therefore, it's crucial to regularly review the list of members in SharePoint groups and identify any unwanted users who may no longer require access.

Check group membership in SharePoint Online

Login to the desired SharePoint Online site. Click on the Settings icon and select Site permissions»Advanced permission settings.
Choose the desired SharePoint group. Here, you can see all group members including individual users and security groups.

Get SharePoint group membership list using PowerShell

Run the Get-SPOUser cmdlet below to view group membership in SharePoint Online.

Connect-SPOService –Url <SPOAdminCenterURL>
Get-SPOUser -Site "<DesiredSiteURL>" ‐Group "<SharePointGroupName>"

Navigating to each SharePoint group to check its membership details might be a time-consuming task. Similarly, with PowerShell, you need to manually specify each group to view the membership list.

Conversely, AdminDroid provides you the list of all SharePoint group members and their details in a single report.

The SharePoint Group Members report shows all security groups and users added as members of a SharePoint group. You can refer to the "MemberType" column to identify the type of membership.

Handy Hint: Utilize AdminDroid’s easy filter functionality for "User Name" to check the SharePoint groups a user is a member of.

How to change permissions for a group in SharePoint Online?

If you feel that a group has excessive or insufficient permissions within a SharePoint site, you can edit their permission levels by following the steps below.

Navigate to the desired SharePoint Online site. Click on the Settings icon and select Site permissions»Advanced permission settings.
Select the desired SharePoint group and tap on Edit User Permissions. Choose the required permission level and click on OK.

You cannot edit permission levels for default groups directly in SharePoint Online. However, you can customize the SharePoint Online permission levels of these default groups using PowerShell.

Connect-PnPOnline -Url <DesiredSite’sURL> -Interactive
Set-PnPGroup -Identity "<GroupName>" -AddRole "<NewPermission>" -RemoveRole "<OldPermission>"

AdminDroid SharePoint Online ReporterExamine unauthorized modifications to SharePoint group memberships!

The AdminDroid SharePoint Online auditing tool helps you to stay informed about all group membership activities happening in your organization. It also includes dedicated reports to check the presence of external users in SharePoint groups, which helps you to know whether they have access to any confidential sites.

Use AdminDroid's exceptional functionalities to audit group membership changes in SharePoint Online:

The Member Added in SharePoint Groups and Member Removed from SharePoint Groups reports provide detailed information on who added or removed a user from a SharePoint group, ensuring that only authorized users perform such actions.

An Overview

Audit Changes to SharePoint Online Groups

Visualize SharePoint Online group modifications using charts to depict the users responsible for creating or updating groups and managing their memberships.

Review User Activities in SharePoint Online

AdminDroid’s SharePoint Online user activity reports help you to identify and remove inactive users from SharePoint groups.

Access SPO Group Membership List

Export SharePoint Online group members to excel and other formats to your local system for accessing group memberships at any time.

Track SharePoint Admin Access Removals

Get real-time alerts on SharePoint Online site admin removals and add them back to the relevant groups if necessary.

Monitor SharePoint Guests’ Group Membership

Utilize AdminDroid's advanced scheduling for regular updates of the SharePoint Online guest users list sent to your mailbox. This will enable you to monitor guest access in SharePoint groups.

Inspect Sharing Invitations in SharePoint Online

Find out who is inviting users in SharePoint Online and modify the group settings to block unintended users from sending invitations.

AdminDroid streamlines SharePoint Online group management by offering real-time insights, customizable reports, and proactive monitoring capabilities. By tracking SharePoint group membership changes, you can ensure that permissions are appropriately managed and unauthorized access is promptly addressed.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps in Monitoring Group Membership Changes in SharePoint Online

The following are the possible errors and troubleshooting hints while tracking SharePoint group membership changes.

Error: You do not have permission to view the membership of the group.

This happens when you try to list the members of other SharePoint groups.

Troubleshooting hint :Run the below cmdlet to view group membership in SharePoint Online.

Set-PnPGroup -Identity "<GroupName>" -OnlyAllowMembersViewMembership:$false

Error: A domain group cannot be the owner of a group.

This error occurs when you try to assign the group’s owner permissions to other groups that are not part of the SharePoint site.

Troubleshooting hint :Assign group owner permissions only to those groups within the SharePoint site.

Error: Add-SPOUser : The specified user could not be found.

This happens when you add an external user to a SharePoint Online site that does not have permission to add new guests.

Troubleshooting hint :Run the below cmdlet to allow sharing SharePoint sites with new guest users.

Set-SPOSite -Identity "<SiteURL>" -SharingCapability ExternalUserSharingOnly

Error: Set-PnPGroup : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).

This error occurs when you don’t have the group's owner permission in SharePoint Online.

Troubleshooting hint :Run the below cmdlet to assign the group owner permission in SharePoint Online.

Set-SPOSiteGroup -Site "<SiteURL>" -Identity "<GroupName>" -Owner "<OwnerUPN>"

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Give Just the Right Access to the Right People

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Insightful Charts and Exclusive Dashboards

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Efficient Report Exporting for Microsoft 365

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Export SharePoint Online Group Membership Changes Report