PowerShell commands that can be used to customize some options in DeliverPoint SPFx for SharePoint Online
NOTE: To set these options, you should be familiar with using the SharePoint Online Management Shell
Ignore some AD groups in all Discover Permissions reports
This may be useful to reduce "noise" in your reports, by not reporting permissions for groups such as the "Everyone but external users", or other org-wide groups, that always have certain permissions to everything.
In order to specify a list of AD group names to ignore, the following PowerShell command must be executed:
Set-SPOStorageEntity -Site "APPCATALOGURL" -Key "_lt_deliverPointADGroupsToIgnoreInDiscoverPermissions" -Value "ADGROUPSTOIGNORE" -Comments "Any comment" -Description "Any description "
Where APPCATALOGURL is the URL of your tenant app catalog site collection, and ADGROUPSTOIGNORE is a comma-separated list of AD group names you wish to ignore.
In order to clear the list of AD group names to ignore, the following PowerShell command must be executed:
Remove-SPOStorageEntity -Site "APPCATALOGURL" -Key "_lt_deliverPointADGroupsToIgnoreInDiscoverPermissions"
Set a central location for DeliverPoint Job run data and Report Template configurations
Set-SPOStorageEntity -Site "APPCATALOGURL" -Key "_lt_deliverPointJobsActionsWebUrl" -Value "SITEURL" -Comments "Any comment" -Description "Any description"
Where APPCATALOGURL is the URL of your tenant app catalog site collection, and SITEURL is the URL of the site where you wish to store DeliverPoint Job details (in a hidden list) and Report Template configurations (in a hidden list named LTReportTemplatesDPSPFX).
Limit count of requests per second
Support for this feature was added in version 4.0.0.0 of DeliverPoint Online. As with any SharePoint Online client-side tool, DeliverPoint is subject to Microsoft's limits on API requests. For DeliverPoint, this means that when running reports or performing actions that require many (usually some thousands) requests, the account running the requests may be throttled. This will cause DeliverPoint to pause its requests until it can proceed, and it will cause SharePoint to be unavailable to the requesting account for some minutes.
A limit on the maximum number of SharePoint REST or Graph API requests per second can be specified in a tenant property called _lt_dpRequestsMaxCountPerSecond. Setting a limit may help avoid throttling in some cases. It's not possible to say what an optimal limit might be, because it depends on the overall load in the tenant and in the datacenter. But you could begin experimenting with values such as 5 or 10.
Set this value with the following PowerShell command:
Set-SPOStorageEntity -Site "APPCATALOGURL" -Key "_lt_dpRequestsMaxCountPerSecond" -Value "REQUESTCOUNT"
Where APPCATALOGURL is the URL of your tenant app catalog site collection, and REQUESTCOUNT is an integer value representing the maximum requests per second. No value means no limit (i.e. reset to the default).
Note that if you regularly need to run large reports that cause throttling, you may wish to enable DeliverPoint's Scheduled Reports feature.
Setting other DeliverPoint configuration options
The following commands all make use of a tenant-wide variable called _lt_deliverPointCommonOptions . Each option uses a different binary bit. In the binary (Base 2) system, a 1 in the first bit is the same as a decimal 1. A 1 in the 2nd bit (i.e. 1 0) equals the decimal value 2. A 1 in the third bit (1 0 0) equals the decimal value 4. And so on, doubling the value with each place.
Thus, for example, to set the Job Rollback to default to Enabled, we need to set the 4th bit (a 1 in the 4th place from the right, which equals the decimal number 8). So the "NUMBER" specified in the command should be 8, if you have not set any of these other options.
The command to use in each case is the following - only the value of NUMBER will change:
Set-SPOStorageEntity -Site APPCATALOGURL -Key "_lt_deliverPointCommonOptions" -Value "NUMBER" -Comments "Any comment" -Description "Any description"
If you have already set one or more of these options, then you will need to find out the current value in the _lt_deliverPointCommonOptions variable by using the following PowerShell command:
Get-SPOStorageEntity -Site APPCATALOGURL -Key "_lt_deliverPointCommonOptions"
Convert the number returned by this command into a binary representation. Then place your desired bit in the correct location, and convert that back to a decimal number.
Options that can be set via the _lt_deliverPointCommonOptions variable:
Hide user avatars (profile images): first bit is 1 for hidden, 0 for visible.
Hide permission operations (Actions menu) from all but Site Collection Admins: second bit (2) is 1 for hidden, 0 for visible. Permission operations (such as Grant and Copy permissions) are normally visible to anyone in the DeliverPoint menu, though only people with Full Control to the specified scope can actually use these operations. Setting this bit to On (1) will make these operations only visible to Site Collection Admins. (Note that if a non-SCA has generated a report, then the Actions menu will appear, but will only show the Export Report action.)
Export reports in CSV format rather than the default of Excel: third bit (4) is 1 for CSV, 0 for Excel.
Set the Job Rollback option to be enabled by default: fourth bit (8) is 1 for enabled, 0 for not enabled. Users can still enable Rollback as they wish; this just sets the default state of that checkbox.
Hide the option to modify Microsoft 365 Groups when executing jobs: fifth bit (16) is 1 for hidden, 0 for visible. Only users who have the right in M365 to modify M365 Group membership can actually perform that, but this setting hides it entirely.
Examples:
If you want to make the Job Rollback option enabled by default, execute this command:
Set-SPOStorageEntity -Site APPCATALOGURL -Key "_lt_deliverPointCommonOptions" -Value "8" -Comments "Any comment" -Description "Any description"
If you want to make the Job Rollback option enabled by default, and also hide the option to modify AD Groups, then you need to set the 4th and 5th bits (reading right to left) to 1 - i.e. 1 1 0 0 0 in binary, which is equivalent to the decimal number 24 (8+16). Thus you would execute the following:
Set-SPOStorageEntity -Site APPCATALOGURL -Key "_lt_deliverPointCommonOptions" -Value "24" -Comments "Any comment" -Description "Any description"
Published Oct 4, 2022
Updated Dec 31, 2022 and June 21, 2023: added details about the Request Limit option
Updated June 30, 2023: added clarification about the "Hide permission operations" option