# SharePoint Site Management Scripts

This folder contains two PowerShell scripts that help you create and secure SharePoint Online sites.

1. **SitePnP.ps1** – Creates a brand-new team site using PnP PowerShell, and grants app permissions to that site.
2. **SiteHardening.ps1** – Applies security hardening to an existing SharePoint site using the SharePoint Online Management Shell cmdlets.

## Prerequisites

### General Requirements

* You must have sufficient permissions in your tenant to create and/or configure SharePoint sites:
   * **SitePnP.ps1** requires SharePoint admin (or higher) privileges.
   * **SiteHardening.ps1** requires permissions to modify site security settings.

### For SitePnP.ps1

**Install the PnP PowerShell module** (recommended to run in PowerShell 7):

```powershell
Install-Module PnP.PowerShell -RequiredVersion 2.12
```

* When running the script, you will be prompted for authentication. If you already have an Entra ID (Azure AD) app, you can specify its ID; otherwise, the script can create a new one for you.

### For SiteHardening.ps1

* **Install the SharePoint Online Management Shell** (run in Windows PowerShell or the SharePoint Online Management Shell):

```powershell
Install-Module -Name Microsoft.Online.SharePoint.PowerShell
```

## SitePnP.ps1

### Purpose
Creates a brand-new SharePoint team site and configures app permissions for it.

### Steps in the Script
1. Connect to your tenant's Entra ID and either use an existing Entra ID app or register a new one for login.
2. Create a modern SharePoint team site via PnP.
3. Grant an app permissions to the new site (e.g., full control or write access).

### Important Variables to Update (top of SitePnP.ps1)
* `$adminUrl` – Your SharePoint admin URL (e.g. `"https://yourtenant-admin.sharepoint.com"`)
* `$siteBaseUrl` – Base URL for your SharePoint sites (e.g. `"https://yourtenant.sharepoint.com/sites/"`)
* `$siteTitle` – Title for the new site
* `$owner` – Email address of the site owner
* `$alias` – Alias (short URL) for the new site
* `$tenantUrl` – Your tenant domain (e.g. `"yourtenant.com"`)
* `$appId` – The Application ID to which you want to grant site permissions
* `$displayName` – Display name of the app that receives permissions
* `$adminAppName` – Name of the admin app if you're creating one, optional if entraIDApp is provided
* `$entraIDApp` (optional) – ID of an existing Entra ID app, if you already have one

### Usage (Example)
1. **Open PowerShell 7**
2. Navigate to the folder containing **SitePnP.ps1**
3. Run the script:
```powershell
.\SitePnP.ps1
```
4. Provide credentials and/or consent in the browser window when prompted

## SiteHardening.ps1

### Purpose
Applies several security hardening measures to an *existing* SharePoint site, including:
1. **Disable Member Sharing:** Ensures only site owners can share files, folders, and the site
2. **Disable Access Requests:** Clears the "Allow Access Requests" email setting
3. **Remove "Delete Items" from Contribute Permission Level:** Prevents users with Contribute access from deleting items
4. **Break Permissions Inheritance on Documents Library:** Ensures custom permission settings for the library
5. **Remove the default Members and Visitors groups** from the Documents library permissions

### Key Variables to Update (near the bottom of SiteHardening.ps1)
* `$siteUrl` – Full URL of the existing SharePoint site to be secured
* `$siteTitle` – Title of that site (used to locate default groups)

### Usage (Example)
1. **Open Windows PowerShell** or the **SharePoint Online Management Shell** 
2. Navigate to the folder containing **SiteHardening.ps1**
3. Run the script:
```powershell
.\SiteHardening.ps1
```
4. Enter your SharePoint admin credentials when prompted

