Skip to content

Instantly share code, notes, and snippets.

@joerodgers

joerodgers/Set-SiteExternalSharingPolicy.ps1

Last active November 12, 2019 21:36
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save joerodgers/60854e5e38863b83b09efa7de89410eb to your computer and use it in GitHub Desktop.
Save joerodgers/60854e5e38863b83b09efa7de89410eb to your computer and use it in GitHub Desktop.
Download ZIP
Sets the site level external sharing policy on sites, groups and/or OneDrive sites in an O365 tenant.
Raw
Set-SiteExternalSharingPolicy.ps1
Import-Module SharePointPnPPowerShellOnline
[System.Net.WebRequest]::DefaultWebProxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls11 -bor [System.Net.SecurityProtocolType]::Tls12
$tenant = "contoso"
$clientId = "8a6b10a8-1234-1234-1234-9b8e49b6f6b7"
$certPath = "C:\AADAppPrincipalCertificates\AppPrincipalCert.pfx"
$certPassword = ConvertTo-SecureString -String "pass@word1" -Force -AsPlainText
$excludedSites = @(
"https://contoso-my.sharepoint.com/personal/alanb_contoso_com"
"https://contoso-my.sharepoint.com/personal/alans_contoso_com"
"https://contoso-my.sharepoint.com/personal/adamb_contoso_com"
"https://contoso.sharepoint.com/sites/teamsite1"
"https://contoso.sharepoint.com/sites/teamsite2"
"https://contoso.sharepoint.com/sites/group1"
"https://contoso.sharepoint.com/sites/group2"
)
function Set-SiteExternalSharingPolicy
{
[CmdletBinding()]
param
(
[Parameter(Mandatory=$true,ParameterSetName='SharePointOnline')]
[Parameter(Mandatory=$true,ParameterSetName='OneDrive')]
[Parameter(Mandatory=$true,ParameterSetName='O365Group')]
[string]$ClientId,
[Parameter(Mandatory=$true,ParameterSetName='SharePointOnline')]
[Parameter(Mandatory=$true,ParameterSetName='OneDrive')]
[Parameter(Mandatory=$true,ParameterSetName='O365Group')]
[string]$Tenant,
[Parameter(Mandatory=$true,ParameterSetName='SharePointOnline')]
[Parameter(Mandatory=$true,ParameterSetName='OneDrive')]
[Parameter(Mandatory=$true,ParameterSetName='O365Group')]
[string]$CertificatePath,
[Parameter(Mandatory=$true,ParameterSetName='SharePointOnline')]
[Parameter(Mandatory=$true,ParameterSetName='OneDrive')]
[Parameter(Mandatory=$true,ParameterSetName='O365Group')]
[System.Security.SecureString]$CertificatePassword,
[Parameter(Mandatory=$true,ParameterSetName='SharePointOnline')]
[Parameter(Mandatory=$true,ParameterSetName='OneDrive')]
[Parameter(Mandatory=$true,ParameterSetName='O365Group')]
[object[]]$ExcludedUrls,
[Parameter(Mandatory=$true,ParameterSetName='SharePointOnline')]
[switch]$SharePointOnline,
[Parameter(Mandatory=$true,ParameterSetName='OneDrive')]
[switch]$OneDrive,
[Parameter(Mandatory=$true,ParameterSetName='O365Group')]
[switch]$O365Group
)
begin
{
# connect to the tenant
Connect-PnPOnline -Url "https://$Tenant-admin.sharepoint.com" -ClientId $ClientId -CertificatePath $CertificatePath -CertificatePassword $CertificatePassword -Tenant "$tenant.onmicrosoft.com"
if( $PSCmdlet.ParameterSetName -eq "OneDrive" )
{
$sites = @(Get-PnPTenantSite -Detailed -IncludeOneDriveSites | ? { $_.Template -match "SPSMSITEHOST|SPSPERS" })
Write-Verbose -Message "$(Get-Date) - Discovered $($sites.Count) OneDrive for Business sites"
}
elseif( $PSCmdlet.ParameterSetName -eq "SharePointOnline" )
{
$sites = @(Get-PnPTenantSite -Detailed | ? { $_.Template -notmatch "GROUP|REDIRECT|EDISC|APPCATALOG|EHS|SPSMSITEHOST" })
Write-Verbose -Message "$(Get-Date) - Discovered $($sites.Count) SharePoint Online sites"
}
elseif( $PSCmdlet.ParameterSetName -eq "O365Group" )
{
$sites = @(Get-PnPTenantSite -Detailed -Template "GROUP#0")
Write-Verbose -Message "$(Get-Date) - Discovered $($sites.Count) Office 365 Group sites"
}
$tenantSharingCapability = Get-PnPTenant | SELECT -ExpandProperty SharingCapability
Write-Verbose -Message "$(Get-Date) - Tenant Sharing Capability: $tenantSharingCapability"
}
process
{
foreach( $site in $sites )
{
$originalSharingCapability = $site.SharingCapability
$updatedSharingCapability = "Disabled" # default for all sites not excluded
Write-Verbose "$(Get-Date) - Processing $($site.Url)"
Write-Verbose "`tExisting Sharing Capability: $originalSharingCapability"
# the OD4B host site MUST be >= all OD4B sites
if( $site.Url -eq "https://$Tenant-my.sharepoint.com/" )
{
$updatedSharingCapability = "ExternalUserSharingOnly"
}
elseif( $ExcludedUrls -contains $site.Url )
{
$updatedSharingCapability = "ExternalUserSharingOnly"
}
if( $originalSharingCapability -ne $updatedSharingCapability )
{
Set-PnPTenantSite -Url $site.Url -Sharing $updatedSharingCapability
}
[PSCustomObject] @{
Site = $site.Url
OriginalSharingCapability = $originalSharingCapability
UpdatedSharingCapability = $updatedSharingCapability
}
}
Disconnect-PnPOnline
}
end
{
}
}
# Office 365 groups
Set-SiteExternalSharingPolicy -ClientId $clientId -Tenant $tenant -CertificatePath $certPath -CertificatePassword $certPassword -ExcludedUrls $excludedSites -O365Group -Verbose | Export-Csv -Path "GroupSiteSharing_$(Get-Date -Format FileDate).csv" -NoTypeInformation
# SharePoint Online
Set-SiteExternalSharingPolicy -ClientId $clientId -Tenant $tenant -CertificatePath $certPath -CertificatePassword $certPassword -ExcludedUrls $excludedSites -SharePointOnline -Verbose | Export-Csv -Path "SharePointSiteSharing_$(Get-Date -Format FileDate).csv" -NoTypeInformation
# OneDrive
Set-SiteExternalSharingPolicy -ClientId $clientId -Tenant $tenant -CertificatePath $certPath -CertificatePassword $certPassword -ExcludedUrls $excludedSites -OneDrive -Verbose | Export-Csv -Path "OD4BSiteSharing_$(Get-Date -Format FileDate).csv" -NoTypeInformation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment