Sharing Settings in SharePoint Admin Center


You can find most of the settings presented below in SharePoint Admin Center. There you can regulate them with a push of the button:


The article here focuses on how to enable or disable these functions using CSOM and Powershell or C#.


View sharing settings with CSOM


Sharing settings can be viewed among the properties of the tenant. You can view tenant properties using Microsoft.Online.SharePoint.Client.Tenant.dll library.
This article uses sample available on TechNet Gallery to retrieve the tenant properties:

$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.ExecuteQuery()
 
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant


The expected results display a number of tenant properties:




SharingCapability



SharePoint Admin Center



SharingCapability lets you choose the following settings:


Accepted Values


The property accepts SharingCapabilities enumeration values:
  • Disabled 
  • ExternalUserSharingOnly 
  • ExternalUserAndGuestSharing 
  • ExistingExternalUserSharingOnly
You can set it with the following lines:
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.SharingCapability=[Microsoft.Online.SharePoint.TenantManagement.SharingCapabilities]::$SharingCapability

Full Script



#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll" 
 
 
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.Load($ctx.Web)
$ctx.ExecuteQuery()
 
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
 
$spoTenant.SharingCapability=[Microsoft.Online.SharePoint.TenantManagement.SharingCapabilities]::$SharingCapability
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant

The script Modify external sharing setting in SharePoint Online tenant using CSOM is available for download from TechNet Gallery. 

SharePoint Online Management Shell


The setting can be also modified with SharePoint Online Management Shell, using Set-SPOTenant cmdlet:
Set-SPOTenant -SharingCapability ExistingExternalUserSharingOnly


Anonymous access links


ExpireInDays


After setting the tenant.SharingCapability to ExternalUserAndGuestSharing, you can decide about anonymous access links and set their expiration date and the allowed access level.
You can set expiration date using the RequireAnonymousLinksExpireInDays property:
$spoTenant.RequireAnonymousLinksExpireInDays=$HowManyDaysToExpire

LinkType


Anonymous access links can allow recipients to only view or view and edit. The value can be set separately for folders and separately for files.
For files it accepts the following values of the AnonymousLinkType enumeration:
  • View
  • Edit
  • None
$spoTenant.FileAnonymousLinkType=[Microsoft.SharePoint.Client.AnonymousLinkType]::$LinkType


For folders, it accepts a string value of "View" or "Edit".
$spoTenant.FolderAnonymousLinkType=$LinkType

Full script


#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll" 
 
 
 
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.RequireAnonymousLinksExpireInDays=$HowManyDaysToExpire
$spoTenant.FolderAnonymousLinkType=$LinkType
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant 

The script Set expiration for anonymous links in SharePoint Online is available for download from Technet Gallery.
The script Set anonymous link access level for SharePoint Online tenant using PowerShell is available for download from TechNet Gallery. 

SharePoint Online Management Shell


The settings can be modified also with SharePoint Online Management Shell using Set-SPOTenant cmdlet:
Set-SPOTenant -RequireAnonymousLinksExpireInDays
Set-SPOTenant -FileAnonymousLinkType
Set-SPOTenant -FolderAnonymousLinkType



Sharing Link Type



Tenant.DefaultSharingLinkType property sets the type of link that is created by default when users get links. There are 4 values possible:

  • Direct - only people who have permission

  • Internal -  only people in the organization

  • AnonymousAccess - anyone with the link



DefaultSharingLinkType property of Tenant object accepts SharingLinkType enumeration:




Full Script




01.Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
02.Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll" 
03. 
04.$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
05.$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
06.$ctx.Load($ctx.Web)
07.$ctx.ExecuteQuery()
08. 
09.$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
10.$ctx.Load($spoTenant)
11.$ctx.ExecuteQuery()
12.$spoTenant.DefaultSharingLinkType= [Microsoft.Online.SharePoint.TenantManagement.SharingLinkType]::$SharingLinkType
13.$ctx.Load($spoTenant)
14.$ctx.ExecuteQuery()

The script Set default link type for SharePoint Online tenant sharing settings is available for download in Technet Gallery. 

SharePoint Admin Center



The setting can be also modified in SharePoint Admin Center:



SharePoint Online Management Shell



The default link type setting can be also modified using SharePoint Online Management Shell and Set-SPOTenant cmdlet:
Connect-SPOService
Set-SPOTenant -DefaultSharingLinkType


Additional settings



When sharing is enabled, there are 3 additional settings available:
  • Limit external sharing using domains 
  • Prevent external users from sharing files, folders, and sites that they don’t own 
  • External users must accept sharing invitations using the same account that the invitations were sent to



PreventExternalUsersFromResharing


Accepted Values



PreventExternalUsersFromResharing property prevents external users from sharing files, folders, and sites that they don’t own. It accepts Boolean values and you can set it using the following lines:
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.PreventExternalUsersFromResharing=$PreventExternalUsersFromResharing
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()

Full Script


Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll" 
 
 
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.Load($ctx.Web)
$ctx.ExecuteQuery()
 
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.PreventExternalUsersFromResharing=$PreventExternalUsersFromResharing
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant

The script Prevent external users from resharing using Powershell and CSOM is available for download from TechNet Gallery. 

RequireAcceptingAccountMatchInvitedAccount


Property



RequireAcceptingAccountMatchInvitedAccount forces external users to accept sharing invitations using the same account that the invitations were sent to. It accepts Boolean values and you can set it using the following line:
$spoTenant.RequireAcceptingAccountMatchInvitedAccount=$RequireAcceptingAccountMatchInvitedAccount

Full script


Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll" 
 
 
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.Load($ctx.Web)
$ctx.ExecuteQuery()
 
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.RequireAcceptingAccountMatchInvitedAccount=$RequireAcceptingAccountMatchInvitedAccount
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant

The script Force external users to accept sharing invitations with the same account is available for download from TechNet Gallery. 

SharingDomainRestrictionMode


Property and Accepted Values


SharingDomainRestrictionMode limits external sharing to specific domains. This property accepts values from Microsoft.Online.SharePoint.TenantManagement.SharingDomainRestrictionModes enumeration
  • None
  • AllowList
  • BlockList
If you choose AllowList, users will be able to share with external collaborators coming only from that email domain. If you choose BlockList, users will be able to share with all external collaborators apart from the ones on the BlockedDomainList. You can set it using the following line:
$SharingDomainRestrictionMode = "AllowList"
$spoTenant.SharingDomainRestrictionMode=[Microsoft.Online.SharePoint.TenantManagement.SharingDomainRestrictionModes]::$SharingDomainRestrictionMode

Connected with this setting there are 2 more properties: SharingBlockedDomainList and SharingAllowedDomainList. SharingAllowedDomainList specifies a list of email domains that are allowed for sharing with the external collaborators. SharingBlockedDomainList specifies a list of email domains that are blocked or prohibited for sharing with the external collaborators. You can set them using the following lines:
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.SharingBlockedDomainList={"o2.pl","madeup.com"}

Full script


#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll" 
 
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
  $ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
  $ctx.Load($ctx.Web)
  $ctx.ExecuteQuery()
 
  $spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
  $ctx.Load($spoTenant)
  $ctx.ExecuteQuery()
  $spoTenant.SharingDomainRestrictionMode=$SharingDomainRestrictionMode
  $spoTenant.SharingAllowedDomainList={"o2.pl","madeup.com"}
  $ctx.Load($spoTenant)
  $ctx.ExecuteQuery()
  Write-Output $spoTenant 

The script Allow external sharing in SharePoint Online only with specific domains is available for download from TechNet Gallery. 

SharePoint Online Management Shell



Set-SPOTenant -SharingDomainRestrictionMode -SharingAllowedDomainList


Downloads

The scripts below are freely available from TechNet Gallery:
Allow external sharing in SharePoint Online only with specific domains
Force external users to accept sharing invitations with the same account
Get SharePoint Online tenant properties using Powershell and CSOM
Modify external sharing setting in SharePoint Online tenant using CSOM
Prevent external users from resharing using Powershell and CSOM
Set default link type for SharePoint Online tenant sharing settings
Set expiration for anonymous links in SharePoint Online
Set anonymous link access level for SharePoint Online tenant using PowerShell

See Also

OneDrive for Business sharing settings with Powershell

Back to Top