none
[Forum FAQ] How to Disable External Sharing for OneDrive of Certain User RRS feed

  • General discussion

  • Apply To: SharePoint Online

    Scenario:

    There are circumstances where we only want to disable the external sharing ability for certain users. Change the settings through UI will be a bit troublesome when we must do this for dozens of users. In PowerShell, we can do this much more easily.

     A brief introduction about changing user-level external sharing through UI.


    1. Sign in to https://admin.microsoft.com as a global or SharePoint admin. (If you see a message that you do not have permission to access the page, you don't have Office 365 administrator permissions in your organization.)
    2. In the left pane, select Users > Active users.
    3. Select the user.
    4. Select the OneDrive tab, and under Sharing, select Manage sharing.
    5. Select a new external sharing level, and then select Save.

    Note:

    If you have Office 365 Germany, sign in at https://portal.office.de. If you have Office 365 operated by 21Vianet (China), sign in at https://login.partner.microsoftonline.cn/. Then select the Admin tile to open the admin center.

    Use PowerShell to disable external sharing for a certain user’s OneDrive.

    You will need to run the following script to do so.

    $adminUPN="admin account"
    $userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."
    Connect-SPOService -Url https://domain-admin.sharepoint.com -Credential $userCredential
    Set-SPOsite <user OneDrive Site URL> -SharingCapability Disabled

    The SharingCapability has four possible values:

    Disabled - Don't allow sharing outside your organization.

    ExistingExternalUserSharingOnly - Allow sharing only with the external users that already exist in your organization's directory.

    ExternalUserSharingOnly - Allow external users who accept sharing invitations and sign in as authenticated users.

    ExternalUserAndGuestSharing - Allow sharing with all external users, and by using anonymous access links.

    $TenantUrl = Read-Host "Enter the SharePoint Online Tenant Admin Url"
    $LogFile = [Environment]::GetFolderPath("Desktop") + "\OneDriveSites.log"
    Connect-SPOService -Url $TenantUrl
    Get-SPOSite -IncludePersonalSite $true -Limit all -Filter "Url -like '-my.sharepoint.com/personal/'" | Select -ExpandProperty Url | Out-File $LogFile -Force
     Write-Host "Done! File saved as $($LogFile)."

    The log file will be saved on your desktop. A sample log file will be like this:

    If you want to change the external sharing settings for OneDrive Site in bulk, you can use create a list of OneDrive Sites needed to be changed. The format will be the same with the out put log mentioned before.

    Example:


    The following script will work for you.

    $adminUPN="admin account"
    $userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."
    Connect-SPOService -Url https://domain-admin.sharepoint.com -Credential $userCredential
    $file = <file path>
    $DB = Get-Content $file
    foreach ($site in $DB) {
    Set-SPOsite $site -SharingCapability Disabled
    }

    Hope the above information can be helpful. If you need further assistance on this issue, feel free to post a question via clicking "Ask a question" at the top left of this page, we will try our best to help you!

    • Edited by ForumFAQ Monday, April 13, 2020 1:39 AM
    Monday, April 13, 2020 1:27 AM