Why do we need to implement search in our applications?

Use-cases for search on behalf of current user

Along with the usual ones – where you just need your app to search for some data and bring it to user – there is one different scenario I’d like to share:

You need to quickly detect content in SharePoint that is open for everyone

Brute force solution – getting detailed permissions report for all SharePoint sites might not be a feasible option, especially in large environments – it is a very resource-consuming task and might take days and weeks. So consider the following…

Since search is security-trimmed – a user can get only search results he/she already has access to; but what if we create an account and do not grant any SharePoint permissions or group memberships to this account, and then we’d search for everything on behalf of this account? That would mean that all what search returns represent content that is shared with everyone. There are some tricks and gotchas – here is the separate article on the same.

Use-cases for unattended search

What are the use-cases when you need to search in your daemon app or background job? Be aware that when you search on behalf of application credentials – search is NOT security-trimmed and your query would run against ALL SharePoint content… Here are some possible scenarios.

• Content detection/Investigation
  • Let say you want some data is never shared with anyone and never appeared in search for anyone
  • Or you might want to investigate what is the location some specific data is available at
• Imagine you are building sites classification system and
  you use indexed custom site properties – so you are able to refine search results based on site metadata to get list of specific sites (adaptive scopes used in retention policy are based on the same mechanics)
• Automation – let say you have a requirement to configure every tenant site in some ways – for instance – add some hosts to allowed domains to embed video or set some site properties based on who created the site or activate or deactivate some features and so on – how would you do that? You’d probably have a scheduled job that runs let say every hour against only new sites – sites created during that last hour. How would you get these recently created sites? Search with Graph API is the only nice solution today.

Index of other articles on the subject:

• Search Microsoft 365 content programmatically: Index
• Search Microsoft 365 content programmatically: Use-case scenarios
• Authentication to Microsoft Graph: Azure Registered Apps Certificates and Secrets
• Authorization to Microsoft Graph: Azure Registered Apps API permissions
• Calling Microsoft Graph Search API from code as current user
• Calling Microsoft Graph Search API from daemon/service app
• Using Microsoft.Graph PowerShell module to Search in Microsoft 365
• Using PnP.PowerShell module to Search in Microsoft 365