This is the second article of the PnP Tips series and today I'm going to talk about External Sharing feature in SharePoint Online and how you can configure it out without using the UI. Check the Microsoft page about External Sharing feature to have a complete idea.
If you are managing only one tenant you will find this article a bit annoying because UI provides a clearer way to configure external sharing features. But, in case you are a fan of automating your server administration or you need to manage several tenants and you want to save time and effort configuring them or if you want to play a bit with PowerShell and SharePoint Online Cmdlet, keep reading.
When you retrieve your tenant properties you will see a bunch of them. You may imagine it would be easy to understand what is their purpose but, far from that, it's difficult to see the feature of SharePoint Online that is related to. For instance, SharingCapability property determines the external sharing level of your SharePoint Online. When the value is Disabled you may don't know which is the real configuration of your SharePoint Online.
This set of scripts tries to eliminate the barrier between UI configuration and tenant properties creating commands and parameters easy to read and easy to understand because imitate the UI. So, please, leave a comment with your thoughts about them.
I decided to create a script for each level of external sharing you can configure in SharePoint Online. Besides, another decision was to make parameters mandatory for each of them you can configure together. Let me show you using the first script what I mean.
People In Organization
This script will configure your tenant to share links inside your organization and set how people will share their links by default, directly typing the people they want or to the whole organization.
# Configure the External Sharing feature to "PeopleInTheOrganization" and set the user to type the people to share links with.
Set-PeopleInOrganizationExternalSharing.ps1 -TenantName <String> [-Credentials <PSCredential>] -SpecificPeopleLinkSharing [<CommonParameters>]
# Configure the External Sharing feature to "PeopleInTheOrganization" and set the organization as the default share link option.
Set-PeopleInOrganizationExternalSharing.ps1 -TenantName <String> [-Credentials <PSCredential>] -OrganizationLinkSharing [<CommonParameters>]
As you can see, there is no way you forget something relevant to configure for this option. SpecificPeopleLinkSharing or OrganizationLinkSharing are both mandatories but in a different set of parameters. I used the same approach for the rest of the scripts. I think it's a cool way of force people to set the needed parameters of each kind of configuration but it's difficult to follow in code. So, in this case, I think this way enriches and empowers sysadmins and we can leave the code aside.
Existing Guests
This level is less restrictive and follows the previous one. Let's go and see the help for the command:
# Configure External Sharing feature to "Existing Guests" with no domain restriction and set the user to type the people to share links with.
Set-ExistingGuestExternalSharing.ps1 -TenantName <String> [-Credentials <PSCredential>] -NoneDomains -OrganizationLinkSharing [-GuestMustUseInvitationAccount <Boolean>] [-AllowGuestToShareItems <Boolean>] [<CommonParameters>]
# Configure External Sharing feature to "Existing Guests" with no domain restriction and set the organization as the default share link option.
Set-ExistingGuestExternalSharing.ps1 -TenantName <String> [-Credentials <PSCredential>] -NoneDomains -SpecificPeopleLinkSharing [-GuestMustUseInvitationAccount <Boolean>] [-AllowGuestToShareItems <Boolean>] [<CommonParameters>]
# Configure External Sharing feature to "Existing Guests" with the domains specified as the ones allowed and set the user to type the people to share links with.
Set-ExistingGuestExternalSharing.ps1 -TenantName <String> [-Credentials <PSCredential>] -AllowedDomains <String> -OrganizationLinkSharing [-GuestMustUseInvitationAccount <Boolean>] [-AllowGuestToShareItems <Boolean>] [<CommonParameters>]
# Configure External Sharing feature to "Existing Guests" with the domains specified as the ones allowed and set the organization as the default share link option.
Set-ExistingGuestExternalSharing.ps1 -TenantName <String> [-Credentials <PSCredential>] -AllowedDomains <String> -SpecificPeopleLinkSharing [-GuestMustUseInvitationAccount <Boolean>] [-AllowGuestToShareItems <Boolean>] [<CommonParameters>]
# Configure External Sharing feature to "Existing Guests" with the domains specified as the ones blocked and set the user to type the people to share links with.
Set-ExistingGuestExternalSharing.ps1 -TenantName <String> [-Credentials <PSCredential>] -BlockedDomains <String> -OrganizationLinkSharing [-GuestMustUseInvitationAccount <Boolean>] [-AllowGuestToShareItems <Boolean>] [<CommonParameters>]
# Configure External Sharing feature to "Existing Guests" with the domains specified as the ones blocked and set the organization as the default share link option.
Set-ExistingGuestExternalSharing.ps1 -TenantName <String> [-Credentials <PSCredential>] -BlockedDomains <String> -SpecificPeopleLinkSharing [-GuestMustUseInvitationAccount <Boolean>] [-AllowGuestToShareItems <Boolean>] [<CommonParameters>]
In this case, apart from configuring the same values as the previous script, you can set domains to be allowed or blocked in an easy way from the PowerShell prompt or set no domain restriction. As I said before, parameters are mandatory but only the ones in the path you need.
New and Existing Guests
This level is almost the most permissive and follows the previous one. The script has the same functionality as the previous but allowing users to share with guests that are not registered in the tenant. I don't want to repeat myself, Get-Help will show the same as the previous script.
Anyone
This is the less permissive sharing level. People in the organization can share with anybody links, even anonymously. The script works in the same way as the previous one adding more parameters to set several additional properties like link expiration and the kind of file and folders permissions. If you want to check the parameters just follow the code of the script or run Get-Help with the script as the input. You will have the complete reference for each parameter.
Wrapping up
These scripts try to ease the sysadmin tasks from a more comprehensive way of doing things.
I try to force admins to set the required parameters instead of showing messages of empty parameters needed because some other has been passed.
I know this is not a script you will run by need, but for fun would be nice, or even to dig a bit more on tenant settings and keep learning.
Here you have the link to the repo where you will find these scripts.
Leave a comment about your thoughts.
Oldest comments (0)