ShareGate's Governance risk assessment analyzes a tenant and provides statistics and recommendations to help you achieve governance success by maximizing data relevance and security.
Prerequisites
Licensing
The Governance Risk Assessment is available for any customer with a ShareGate Protect subscription.
Permissions
A global or privileged role admin must once consent to a set of Microsoft 365 permissions.
The admin can then grant access to any user through an Assessor role for ShareGate Protect in Entra ID.
Note: The app is registered under its parent company, Workleap.
Running an assessment
You can access the assessment from ShareGate Protect in ShareGate Home.
If this is your first time connecting to your tenant with the assessment, you'll be prompted to request access.
After access is granted, the assessment starts automatically.
Data refresh
Your assessment data gets updated automatically. Most of the data is refreshed every 24 hours, and not all the data is refreshed at the same time.
Discovery
The Discovery tab displays a summary of the Governance risk assessment results.
Tenant overview - Gives you the total number of:
SharePoint sites
Groups (Microsoft 365 Groups)
OneDrive accounts
Security groups
Dynamic groups
Users - The number of users, with a breakdown between Members and Guests, and the percentage of inactive users.
Licenses - Information about the Microsoft 365 licenses, including the number of licenses eligible for the Copilot add-on and assigned licenses.
Content structure - The total tenant size with a breakdown of the size occupied by different workspaces (sites, teams, groups, and OneDrives).
External Sharing settings (SharePoint admin center) - Information about your overall External Sharing settings within the following categories:
For SharePoint - Find out the most permissive sharing setting possible for SharePoint sites and get a breakdown of your site distribution by setting.
For OneDrive - Find out the most permissive sharing setting possible for OneDrive accounts and get a breakdown of your account distribution by setting.
External sharing restrictions - Get an overview of the External sharing restrictions settings.
File and folder links - Get an overview of the restrictions and permissions applied to file and folder links.
Insights
The Insights tab displays a number of preselected key points about your Microsoft 365 environment.
Click the link to the right of a key point to review the affected workspaces or the details of the key point.
Oversharing
The Oversharing tab displays information about public groups, links, and permissions that could put your data at risk.
Organization-wide access - The number of public groups and workspaces with "Everyone except external users" access in your tenant.
Links - The number of shareable Anyone links, People in your organization links, and Specific people links (internally and externally). The totals include links for SharePoint and OneDrive for Business combined.
Sharing settings - The external sharing settings for SharePoint sites and OneDrive for Business.
Permissions - The number of site collections with broken permissions inheritance and privileged site users.
Sensitivity labels - The number of Microsoft sensitivity labels created and published, and labeling settings.
Data quality
The Data quality tab displays information about inactive groups, sites, and users in your tenant, which can result in outdated or irrelevant data.
Inactivity - The number of Microsoft 365 inactive groups, SharePoint inactive sites, and total inactive users.
Inactive groups or sites are workspaces that have seen no activity for at least 180 days.
Inactive users are user accounts that have not been signed into for more than 180 days.
Understanding the results
You can click on most data points to find:
Data related to the result. For example, 32 inactive sites, 89% are inactive, etc.
The potential risk. This explains how the result may reduce the accuracy and relevance of Copilot's responses.
Suggestions, including one or more actions to improve your tenant's security.