Update settings

Namespace: microsoft.graph

Update one or more tenant-level settings for SharePoint and OneDrive.

This API is available in the following national cloud deployments.

Global service US Government L4 US Government L5 (DOD) China operated by 21Vianet


Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) SharePointTenantSettings.ReadWrite.All Not available.
Delegated (personal Microsoft account) Not supported. Not supported.
Application SharePointTenantSettings.ReadWrite.All Not available.

When calling on behalf of a user, the user needs to belong to one of the following admin roles. To learn more about admin roles, see About admin roles in the Microsoft 365 admin center:

  • Global Administrator
  • SharePoint Administrator

HTTP request

PATCH /admin/sharepoint/settings

Request headers

Name Description
Authorization Bearer {token}. Required. Learn more about authentication and authorization.
Content-Type application/json. Required.

Request body

In the request body, supply only the values for properties that should be updated. Existing properties that aren't included in the request body maintains their previous values or be recalculated based on changes to other property values.

The following table specifies the properties that can be updated.

Property Type Description
allowedDomainGuidsForSyncApp GUID collection Collection of trusted domain GUIDs for the OneDrive sync app.
deletedUserPersonalSiteRetentionPeriodInDays Int32 The number of days for preserving a deleted user's OneDrive.
excludedFileExtensionsForSyncApp String collection Collection of file extensions not uploaded by the OneDrive sync app.
idleSessionSignOut microsoft.graph.idleSessionSignOut Specifies the idle session sign-out policies for the tenant.
imageTaggingOption imageTaggingChoice Specifies the image tagging option for the tenant. Possible values are: disabled, basic, enhanced.
isCommentingOnSitePagesEnabled Boolean Indicates whether comments are allowed on modern site pages in SharePoint.
isFileActivityNotificationEnabled Boolean Indicates whether push notifications are enabled for OneDrive events.
isLegacyAuthProtocolsEnabled Boolean Indicates whether legacy authentication protocols are enabled for the tenant.
isLoopEnabled Boolean Indicates whether Fluid Framework is allowed on SharePoint sites.
isMacSyncAppEnabled Boolean Indicates whether files can be synced using the OneDrive sync app for Mac.
isRequireAcceptingUserToMatchInvitedUserEnabled Boolean Indicates whether guests must sign in using the same account to which sharing invitations are sent.
isResharingByExternalUsersEnabled Boolean Indicates whether guests are allowed to reshare files, folders, and sites they don't own.
isSharePointMobileNotificationEnabled Boolean Indicates whether mobile push notifications are enabled for SharePoint.
isSharePointNewsfeedEnabled Boolean Indicates whether the newsfeed is allowed on the modern site pages in SharePoint.
isSiteCreationEnabled Boolean Indicates whether users are allowed to create sites.
isSiteCreationUIEnabled Boolean Indicates whether the UI commands for creating sites are shown.
isSitePagesCreationEnabled Boolean Indicates whether creating new modern pages is allowed on SharePoint sites.
isSitesStorageLimitAutomatic Boolean Indicates whether site storage space is automatically managed or if specific storage limits are set per site.
isSyncButtonHiddenOnPersonalSite Boolean Indicates whether the sync button in OneDrive is hidden.
isUnmanagedSyncAppForTenantRestricted Boolean Indicates whether users are allowed to sync files only on PCs joined to specific domains.
personalSiteDefaultStorageLimitInMB Int64 The default OneDrive storage limit for all new and existing users who are assigned a qualifying license. Measured in megabytes (MB).
sharingAllowedDomainList String collection Collection of email domains that are allowed for sharing outside the organization.
sharingBlockedDomainList String collection Collection of email domains that are blocked for sharing outside the organization.
sharingCapability sharingCapabilities Sharing capability for the tenant. Possible values are: disabled, externalUserSharingOnly, externalUserAndGuestSharing, existingExternalUserSharingOnly.
sharingDomainRestrictionMode sharingDomainRestrictionMode Specifies the external sharing mode for domains. Possible values are: none, allowList, blockList.
siteCreationDefaultManagedPath String The value of the team site managed path. This is the path under which new team sites will be created.
siteCreationDefaultStorageLimitInMB Int32 The default storage quota for a new site upon creation. Measured in megabytes (MB).
tenantDefaultTimezone String The default timezone of a tenant for newly created sites. For a list of possible values, see SPRegionalSettings.TimeZones property.


If successful, this method returns a 200 OK response code and an updated settings object in the response body.



The following example shows a request.

PATCH https://graph.microsoft.com/v1.0/admin/sharepoint/settings
Content-Type: application/json
Content-length: 1323

    "deletedUserPersonalSiteRetentionPeriodInDays": 365,
    "excludedFileExtensionsForSyncApp": [".mp3"],
    "imageTaggingOption": "enhanced",
    "isLegacyAuthProtocolsEnabled": true,
    "isSitesStorageLimitAutomatic": false,
    "isSyncButtonHiddenOnPersonalSite": false,
    "isUnmanagedSyncAppForTenantRestricted": false,
    "personalSiteDefaultStorageLimitInMB": 120000


The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-Type: application/json

    "@odata.type": "#microsoft.graph.sharepointSettings",
    "allowedDomainGuidsForSyncApp": [
    "availableManagedPathsForSiteCreation": [
    "deletedUserPersonalSiteRetentionPeriodInDays": 365,
    "excludedFileExtensionsForSyncApp": [
    "idleSessionSignOut": {
        "isEnabled": true,
        "warnAfterInSeconds": 120,
        "signOutAfterInSeconds": 300
    "imageTaggingOption": "basic",
    "isCommentingOnSitePagesEnabled": true,
    "isFileActivityNotificationEnabled": true,
    "isLegacyAuthProtocolsEnabled": true,
    "isLoopEnabled": true,
    "isMacSyncAppEnabled": false,
    "isRequireAcceptingUserToMatchInvitedUserEnabled": true,
    "isResharingByExternalUsersEnabled": true,
    "isSharePointMobileNotificationEnabled": true,
    "isSharePointNewsfeedEnabled": true,
    "isSiteCreationEnabled": true,
    "isSiteCreationUIEnabled": true,
    "isSitePagesCreationEnabled": true,
    "isSitesStorageLimitAutomatic": false,
    "isSyncButtonHiddenOnPersonalSite": false,
    "isUnmanagedSyncAppForTenantRestricted": false,
    "personalSiteDefaultStorageLimitInMB": 120000,
    "sharingAllowedDomainList" : [
    "sharingBlockedDomainList" : [
    "sharingCapability": "externalUserAndGuestSharing",
    "sharingDomainRestrictionMode": "allowList",
    "siteCreationDefaultManagedPath": "/sites/",
    "siteCreationDefaultStorageLimitInMB": 808034,
    "tenantDefaultTimezone": "(UTC-05:00) Eastern Time (US and Canada)"