Last active
November 12, 2019 21:36
-
-
Save joerodgers/60854e5e38863b83b09efa7de89410eb to your computer and use it in GitHub Desktop.
Sets the site level external sharing policy on sites, groups and/or OneDrive sites in an O365 tenant.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Import-Module SharePointPnPPowerShellOnline | |
[System.Net.WebRequest]::DefaultWebProxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials | |
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls11 -bor [System.Net.SecurityProtocolType]::Tls12 | |
$tenant = "contoso" | |
$clientId = "8a6b10a8-1234-1234-1234-9b8e49b6f6b7" | |
$certPath = "C:\AADAppPrincipalCertificates\AppPrincipalCert.pfx" | |
$certPassword = ConvertTo-SecureString -String "pass@word1" -Force -AsPlainText | |
$excludedSites = @( | |
"https://contoso-my.sharepoint.com/personal/alanb_contoso_com" | |
"https://contoso-my.sharepoint.com/personal/alans_contoso_com" | |
"https://contoso-my.sharepoint.com/personal/adamb_contoso_com" | |
"https://contoso.sharepoint.com/sites/teamsite1" | |
"https://contoso.sharepoint.com/sites/teamsite2" | |
"https://contoso.sharepoint.com/sites/group1" | |
"https://contoso.sharepoint.com/sites/group2" | |
) | |
function Set-SiteExternalSharingPolicy | |
{ | |
[CmdletBinding()] | |
param | |
( | |
[Parameter(Mandatory=$true,ParameterSetName='SharePointOnline')] | |
[Parameter(Mandatory=$true,ParameterSetName='OneDrive')] | |
[Parameter(Mandatory=$true,ParameterSetName='O365Group')] | |
[string]$ClientId, | |
[Parameter(Mandatory=$true,ParameterSetName='SharePointOnline')] | |
[Parameter(Mandatory=$true,ParameterSetName='OneDrive')] | |
[Parameter(Mandatory=$true,ParameterSetName='O365Group')] | |
[string]$Tenant, | |
[Parameter(Mandatory=$true,ParameterSetName='SharePointOnline')] | |
[Parameter(Mandatory=$true,ParameterSetName='OneDrive')] | |
[Parameter(Mandatory=$true,ParameterSetName='O365Group')] | |
[string]$CertificatePath, | |
[Parameter(Mandatory=$true,ParameterSetName='SharePointOnline')] | |
[Parameter(Mandatory=$true,ParameterSetName='OneDrive')] | |
[Parameter(Mandatory=$true,ParameterSetName='O365Group')] | |
[System.Security.SecureString]$CertificatePassword, | |
[Parameter(Mandatory=$true,ParameterSetName='SharePointOnline')] | |
[Parameter(Mandatory=$true,ParameterSetName='OneDrive')] | |
[Parameter(Mandatory=$true,ParameterSetName='O365Group')] | |
[object[]]$ExcludedUrls, | |
[Parameter(Mandatory=$true,ParameterSetName='SharePointOnline')] | |
[switch]$SharePointOnline, | |
[Parameter(Mandatory=$true,ParameterSetName='OneDrive')] | |
[switch]$OneDrive, | |
[Parameter(Mandatory=$true,ParameterSetName='O365Group')] | |
[switch]$O365Group | |
) | |
begin | |
{ | |
# connect to the tenant | |
Connect-PnPOnline -Url "https://$Tenant-admin.sharepoint.com" -ClientId $ClientId -CertificatePath $CertificatePath -CertificatePassword $CertificatePassword -Tenant "$tenant.onmicrosoft.com" | |
if( $PSCmdlet.ParameterSetName -eq "OneDrive" ) | |
{ | |
$sites = @(Get-PnPTenantSite -Detailed -IncludeOneDriveSites | ? { $_.Template -match "SPSMSITEHOST|SPSPERS" }) | |
Write-Verbose -Message "$(Get-Date) - Discovered $($sites.Count) OneDrive for Business sites" | |
} | |
elseif( $PSCmdlet.ParameterSetName -eq "SharePointOnline" ) | |
{ | |
$sites = @(Get-PnPTenantSite -Detailed | ? { $_.Template -notmatch "GROUP|REDIRECT|EDISC|APPCATALOG|EHS|SPSMSITEHOST" }) | |
Write-Verbose -Message "$(Get-Date) - Discovered $($sites.Count) SharePoint Online sites" | |
} | |
elseif( $PSCmdlet.ParameterSetName -eq "O365Group" ) | |
{ | |
$sites = @(Get-PnPTenantSite -Detailed -Template "GROUP#0") | |
Write-Verbose -Message "$(Get-Date) - Discovered $($sites.Count) Office 365 Group sites" | |
} | |
$tenantSharingCapability = Get-PnPTenant | SELECT -ExpandProperty SharingCapability | |
Write-Verbose -Message "$(Get-Date) - Tenant Sharing Capability: $tenantSharingCapability" | |
} | |
process | |
{ | |
foreach( $site in $sites ) | |
{ | |
$originalSharingCapability = $site.SharingCapability | |
$updatedSharingCapability = "Disabled" # default for all sites not excluded | |
Write-Verbose "$(Get-Date) - Processing $($site.Url)" | |
Write-Verbose "`tExisting Sharing Capability: $originalSharingCapability" | |
# the OD4B host site MUST be >= all OD4B sites | |
if( $site.Url -eq "https://$Tenant-my.sharepoint.com/" ) | |
{ | |
$updatedSharingCapability = "ExternalUserSharingOnly" | |
} | |
elseif( $ExcludedUrls -contains $site.Url ) | |
{ | |
$updatedSharingCapability = "ExternalUserSharingOnly" | |
} | |
if( $originalSharingCapability -ne $updatedSharingCapability ) | |
{ | |
Set-PnPTenantSite -Url $site.Url -Sharing $updatedSharingCapability | |
} | |
[PSCustomObject] @{ | |
Site = $site.Url | |
OriginalSharingCapability = $originalSharingCapability | |
UpdatedSharingCapability = $updatedSharingCapability | |
} | |
} | |
Disconnect-PnPOnline | |
} | |
end | |
{ | |
} | |
} | |
# Office 365 groups | |
Set-SiteExternalSharingPolicy -ClientId $clientId -Tenant $tenant -CertificatePath $certPath -CertificatePassword $certPassword -ExcludedUrls $excludedSites -O365Group -Verbose | Export-Csv -Path "GroupSiteSharing_$(Get-Date -Format FileDate).csv" -NoTypeInformation | |
# SharePoint Online | |
Set-SiteExternalSharingPolicy -ClientId $clientId -Tenant $tenant -CertificatePath $certPath -CertificatePassword $certPassword -ExcludedUrls $excludedSites -SharePointOnline -Verbose | Export-Csv -Path "SharePointSiteSharing_$(Get-Date -Format FileDate).csv" -NoTypeInformation | |
# OneDrive | |
Set-SiteExternalSharingPolicy -ClientId $clientId -Tenant $tenant -CertificatePath $certPath -CertificatePassword $certPassword -ExcludedUrls $excludedSites -OneDrive -Verbose | Export-Csv -Path "OD4BSiteSharing_$(Get-Date -Format FileDate).csv" -NoTypeInformation |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment