[Forum FAQ] How to Disable External Sharing for OneDrive of Certain User RRS feed

  • General discussion

  • Apply To: SharePoint Online


    There are circumstances where we only want to disable the external sharing ability for certain users. Change the settings through UI will be a bit troublesome when we must do this for dozens of users. In PowerShell, we can do this much more easily.

     A brief introduction about changing user-level external sharing through UI.

    1. Sign in to as a global or SharePoint admin. (If you see a message that you do not have permission to access the page, you don't have Office 365 administrator permissions in your organization.)
    2. In the left pane, select Users > Active users.
    3. Select the user.
    4. Select the OneDrive tab, and under Sharing, select Manage sharing.
    5. Select a new external sharing level, and then select Save.


    If you have Office 365 Germany, sign in at If you have Office 365 operated by 21Vianet (China), sign in at Then select the Admin tile to open the admin center.

    Use PowerShell to disable external sharing for a certain user’s OneDrive.

    You will need to run the following script to do so.

    $adminUPN="admin account"
    $userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."
    Connect-SPOService -Url -Credential $userCredential
    Set-SPOsite <user OneDrive Site URL> -SharingCapability Disabled

    The SharingCapability has four possible values:

    Disabled - Don't allow sharing outside your organization.

    ExistingExternalUserSharingOnly - Allow sharing only with the external users that already exist in your organization's directory.

    ExternalUserSharingOnly - Allow external users who accept sharing invitations and sign in as authenticated users.

    ExternalUserAndGuestSharing - Allow sharing with all external users, and by using anonymous access links.

    $TenantUrl = Read-Host "Enter the SharePoint Online Tenant Admin Url"
    $LogFile = [Environment]::GetFolderPath("Desktop") + "\OneDriveSites.log"
    Connect-SPOService -Url $TenantUrl
    Get-SPOSite -IncludePersonalSite $true -Limit all -Filter "Url -like ''" | Select -ExpandProperty Url | Out-File $LogFile -Force
     Write-Host "Done! File saved as $($LogFile)."

    The log file will be saved on your desktop. A sample log file will be like this:

    If you want to change the external sharing settings for OneDrive Site in bulk, you can use create a list of OneDrive Sites needed to be changed. The format will be the same with the out put log mentioned before.


    The following script will work for you.

    $adminUPN="admin account"
    $userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."
    Connect-SPOService -Url -Credential $userCredential
    $file = <file path>
    $DB = Get-Content $file
    foreach ($site in $DB) {
    Set-SPOsite $site -SharingCapability Disabled

    Hope the above information can be helpful. If you need further assistance on this issue, feel free to post a question via clicking "Ask a question" at the top left of this page, we will try our best to help you!

    • Edited by ForumFAQ Monday, April 13, 2020 1:39 AM
    Monday, April 13, 2020 1:27 AM