Sharing settings in OneDrive for Business can be controlled globally and applied to all users' OneDrives with just a few lines or clicks. This article shows the available options and how to enable or disable them using SharePoint Admin Center, SharePoint Online Management Shell or CSOM and PowerShell. 

 

Prerequisites

Most of these options became available in the last few months. Make sure you are using an updated version of SharePoint Online Management Shell and SharePoint Online CSOM libraries before executing the cmdlets.   
 

Disable access requests to user OneDrives


The ODBAccessRequests property came with New SharePoint CSOM version released for SharePoint Online - October 2016. It lets administrators set policy on access requests and requests to share in OneDrive for Business. It accepts three values:
  • On- Users without permission to share can trigger sharing requests to the OneDrive for Business owner when they attempt to share. Also, users without permission to a file or folder can trigger access requests to the OneDrive for Business owner when they attempt to access an item they do not have permissions to.

  • Off- Prevent access requests and requests to share on OneDrive for Business:


  • Unspecified- Let each OneDrive for Business owner enable or disable access requests and requests to share on their OneDrive.

 

SharePoint Online Management Shell


Set-SPOTenant -ODBAccessRequests Off

CSOM


#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"
  
  
  
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.ODBAccessRequests =[Microsoft.SharePoint.Client.SharingState]::Unspecified
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant


The script Globally set OneDrive for Business Access Requests and Members Can Share is available for download from TechNet Gallery.

 



Back to top

Other people share my ODB content

Can they?


This setting can be enabled or disabled by every user in their own OneDrive for Business, but it can also be regulated globally through SharePoint Admin Center. The property on the Tenant object that sets this setting is called ODBMembersCanShare and can be used in SharePoint Online Management Shell or PowerShell CSOM script. It accepts three values:
  • On- Users with edit permissions can re-share.
  • Off- Only OneDrive for Business owner can share. The value of ODBAccessRequestsdefines whether a request to share gets sent to the owner.
  • Unspecified- Let each OneDrive for Business owner enable or disable re-sharing behavior on their OneDrive.

SharePoint Online Management Shell


Set-SPOTenant -ODBMembersCanShare

CSOM


#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"
   
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.ODBMembersCanShare =[Microsoft.SharePoint.Client.SharingState]::On
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant

The script Globally set OneDrive for Business Access Requests and Members Can Share is available for download from TechNet Gallery.

 

End effect


  

 


Notify me


NotifyOwnersWhenItemsReshared is a Tenant object property that enables sending emails to OneDrive for Business owners when other users further share the content of the owner's OneDrive with EXTERNAL users.

 

CSOM

An example below shows how to enable or disable the setting that notifies OneDrive for Business owners when other users further share the content of the owner's OneDrive:

 

#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\16.0\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll"
  
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.Load($ctx.Web)
$ctx.ExecuteQuery()
  
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.NotifyOwnersWhenItemsReshared=$NotifyOwnersWhenItemsReshared
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant


Full script Notify OneDrive for a Business owner if their content is reshared is available for download from TechNet Gallery.   
              

SharePoint Online Management Shell


Set-SPOTenant -NotifyOwnersWhenItemsReshared $true

Back to top

Add BCC to all external sharing invitations


From December 2015 update it is also possible to add users in BCC field to all sharing invitations in all users' OneDrives.

After the setting takes place, the BCC emails will start receiving copies of the sharing invitations with Invited person's email in the "TO" field and inviter's in "CC":

There are 2 properties responsible for this setting. One is Boolean BccExternalSharingInvitations and the other is a list of Email addresses which will receive the invitation email copy:  BccExternalSharingInvitationsList. BccExternalSharingInvitations enables the BCC for External Sharing feature. When the feature is enabled, all external sharing invitations will blind copy the e-mail messages listed in the BccExternalSharingsInvitationList.
BccExternalSharingsInvitationList specifies a list of e-mail addresses to be BCC’d when the BCC for External Sharing feature is enabled. Multiple addresses can be specified by creating a comma-separated list with no spaces. For example joe@contoso.com,bob@contoso.com
From: https://technet.microsoft.com/en-us/library/fp161390.aspx?f=255&MSPPError=-2147217396 


CSOM

$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$spoTenant.BccExternalSharingInvitations=$true
$spoTenant.BccExternalSharingInvitationsList={arleta.wanat@SomeFakeAdresse.com}
Full script
#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"
  
  
  
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.BccExternalSharingInvitations=$true
$spoTenant.BccExternalSharingInvitationsList={arleta.wanat@SomeFakeAdresse.com}
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant


The full script Add BCC to all sharing invitations in OneDrive for Business is available for download from Technet Gallery.

SharePoint Online Management Shell

Set-SPOTenant  [-BccExternalSharingInvitations <$true | $false>] [-BccExternalSharingInvitationsList <String>]

Block Download


From August 2016 and the CSOM version 16.1.5626.1200 there is an option to prevent external users from downloading the files that have been shared with them using guest link:

 

 

The settings responsible for that are BlockDownloadOfAllFilesForGuests  and BlockDownloadOfViewableFilesForGuests.

 


Back to top

CSOM


$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$spoTenant.BlockDownloadOfAllFilesForGuests=$true
Full script
#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\16.0\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll"
  
  
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.BlockDownloadOfAllFilesForGuests=$BlockDownloadOfAllFilesForGuests
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
  
return $spoTenant


The full script Block download of all files for guests in SharePoint with Powershell & CSOM is available for download from TechNet Gallery. 

 

SharePoint Online Management Shell

There is currently no possibility to change these settings using SharePoint Online Management Shell. Please refer to https://technet.microsoft.com/en-us/library/fp161390.aspx?f=255&MSPPError=-2147217396 for possible updates.

 

Sharing Notifications


An important part of sharing settings for OneDrive for Business is sharing notifications, which inform OneDrive for Business owners when 
  • other users invite additional external users to shared files
  • the invited users accept their invitations, or
  • anonymous link is created or changed
These notifications can be modified in SharePoint Admin Center:

The three sharing notifications correspond to three properties of Microsoft.Online.SharePoint.TenantAdministration.Tenant object:
  • NotifyOwnersWhenInvitationsAccepted  enables or disables emails sent to ODB owners when external users accept invitations to access files
  • NotifyOwnersWhenItemsReshared enables or disables emails sent to ODB owners when other users invite additional external users
  • OwnerAnonymousNotification enables or disables emails sent to ODB owners when anonymous access link is created or changed


Back to top

OwnerAnonymousNotification

CSOM


An example of how to modify the OwnerAnonymousNotification using CSOM:

 

#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\16.0\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll"
  
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.ExecuteQuery()
  
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.NotificationsInOneDriveForBusinessEnabled =$true
$spoTenant.OwnerAnonymousNotification=$false
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant


Full script Notify OneDrive for Business owner if anonymous link to their content is created is available for download from TechNet Gallery.

 

SharePoint Online Management Shell


To enable:

 

Set-SPOTenant -OwnerAnonymousNotification $true

To disable:

 

Set-SPOTenant -OwnerAnonymousNotification $false

NotifyOwnersWhenInvitationsAccepted


This setting enables or disables sending emails to OneDrive for Business owners when their invitations have been accepted by external invitees.  

 

CSOM


#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\16.0\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll"
  
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.Load($ctx.Web)
$ctx.ExecuteQuery()
  
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.NotifyOwnersWhenInvitationsAccepted=$NotifyOwnersWhenInvitationsAccepted
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()

SharePoint Online Management Shell


Set-SPOTenant -NotifyOwnersWhenInvitationsAccepted $true

Downloads


The following scripts below are freely available from TechNet Gallery:
Add BCC to all sharing invitations in OneDrive for Business
Allow external sharing in SharePoint Online only with specific domains
Block download of all files for guests in SharePoint with Powershell & CSOM
Force external users to accept sharing invitations with the same account
Get SharePoint Online tenant properties using Powershell and CSOM
Globally set OneDrive for Business Access Requests and Members Can Share
Modify external sharing setting in SharePoint Online tenant using CSOM
Prevent external users from resharing using Powershell and CSOM
Set default link type for SharePoint Online tenant sharing settings
Set expiration for anonymous links in SharePoint Online
Set anonymous link access level for SharePoint Online tenant using PowerShell

 

See Also

Back to top