OneDrive for Business sharing settings with PowerShell
Sharing settings in OneDrive for Business can be controlled globally and applied to all users' OneDrives with just a few lines or clicks. This article shows the available options and how to enable or disable them using SharePoint Admin Center, SharePoint Online Management Shell or CSOM and PowerShell.
Prerequisites
Most of these options became available in the last few months. Make sure you are using an updated version of SharePoint Online Management Shell and SharePoint Online CSOM libraries before executing the cmdlets.
Disable access requests to user OneDrives
The ODBAccessRequests property came with New SharePoint CSOM version released for SharePoint Online - October 2016. It lets administrators set policy on access requests and requests to share in OneDrive for Business. It accepts three values:
On- Users without permission to share can trigger sharing requests to the OneDrive for Business owner when they attempt to share. Also, users without permission to a file or folder can trigger access requests to the OneDrive for Business owner when they attempt to access an item they do not have permissions to.
Off- Prevent access requests and requests to share on OneDrive for Business:
- Unspecified- Let each OneDrive for Business owner enable or disable access requests and requests to share on their OneDrive.
SharePoint Online Management Shell
Set-SPOTenant -ODBAccessRequests Off
CSOM
#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.ODBAccessRequests =[Microsoft.SharePoint.Client.SharingState]::Unspecified
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant
The script Globally set OneDrive for Business Access Requests and Members Can Share is available for download from Github.
Other people share my ODB content
Can they?
This setting can be enabled or disabled by every user in their own OneDrive for Business, but it can also be regulated globally through SharePoint Admin Center. The property on the Tenant object that sets this setting is called ODBMembersCanShare and can be used in SharePoint Online Management Shell or PowerShell CSOM script. It accepts three values:
- On- Users with edit permissions can re-share.
- Off- Only OneDrive for Business owner can share. The value of ODBAccessRequestsdefines whether a request to share gets sent to the owner.
- Unspecified- Let each OneDrive for Business owner enable or disable re-sharing behavior on their OneDrive.
SharePoint Online Management Shell
Set-SPOTenant -ODBMembersCanShare
CSOM
#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.ODBMembersCanShare =[Microsoft.SharePoint.Client.SharingState]::On
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant
The script Globally set OneDrive for Business Access Requests and Members Can Share is available for download from GitHub.
End effect
Notify me
NotifyOwnersWhenItemsReshared is a Tenant object property that enables sending emails to OneDrive for Business owners when other users further share the content of the owner's OneDrive with EXTERNAL users.
CSOM
An example below shows how to enable or disable the setting that notifies OneDrive for Business owners when other users further share the content of the owner's OneDrive:
#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\16.0\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll"
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.Load($ctx.Web)
$ctx.ExecuteQuery()
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.NotifyOwnersWhenItemsReshared=$NotifyOwnersWhenItemsReshared
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant
Full script Notify OneDrive for a Business owner if their content is reshared is available for download from GitHub.
SharePoint Online Management Shell
Set-SPOTenant -NotifyOwnersWhenItemsReshared ``$true
Add BCC to all external sharing invitations
From December 2015 update it is also possible to add users in BCC field to all sharing invitations in all users' OneDrives.
After the setting takes place, the BCC emails will start receiving copies of the sharing invitations with Invited person's email in the "TO" field and inviter's in "CC":
https://gallery.technet.microsoft.com/sharepoint/site/view/file/176902/1/Untitled.png
There are 2 properties responsible for this setting. One is Boolean BccExternalSharingInvitations and the other is a list of Email addresses which will receive the invitation email copy: BccExternalSharingInvitationsList. BccExternalSharingInvitations enables the BCC for External Sharing feature. When the feature is enabled, all external sharing invitations will blind copy the e-mail messages listed in the BccExternalSharingsInvitationList.
BccExternalSharingsInvitationList specifies a list of e-mail addresses to be BCC’d when the BCC for External Sharing feature is enabled. Multiple addresses can be specified by creating a comma-separated list with no spaces. For example joe@contoso.com,bob@contoso.com
From: https://technet.microsoft.com/en-us/library/fp161390.aspx?f=255&MSPPError=-2147217396
CSOM
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$spoTenant.BccExternalSharingInvitations=$true
$spoTenant.BccExternalSharingInvitationsList={arleta.wanat@SomeFakeAdresse.com}
Full script
#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.BccExternalSharingInvitations=$true
$spoTenant.BccExternalSharingInvitationsList={arleta.wanat@SomeFakeAdresse.com}
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant
The full script Add BCC to all sharing invitations in OneDrive for Business is available for download from GitHub.
SharePoint Online Management Shell
Set-SPOTenant [-BccExternalSharingInvitations <$true | $false>] [-BccExternalSharingInvitationsList <String>]
Block Download
From August 2016 and the CSOM version 16.1.5626.1200 there is an option to prevent external users from downloading the files that have been shared with them using guest link:
The settings responsible for that are BlockDownloadOfAllFilesForGuests and BlockDownloadOfViewableFilesForGuests.
CSOM
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$spoTenant.BlockDownloadOfAllFilesForGuests=$true
Full script
#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\16.0\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll"
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.BlockDownloadOfAllFilesForGuests=$BlockDownloadOfAllFilesForGuests
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
return $spoTenant
The full script Block download of all files for guests in SharePoint with Powershell & CSOM is available for download from GitHub.
SharePoint Online Management Shell
There is currently no possibility to change these settings using SharePoint Online Management Shell. Please refer to https://technet.microsoft.com/en-us/library/fp161390.aspx?f=255&MSPPError=-2147217396 for possible updates.
Sharing Notifications
An important part of sharing settings for OneDrive for Business is sharing notifications, which inform OneDrive for Business owners when
- other users invite additional external users to shared files
- the invited users accept their invitations, or
- anonymous link is created or changed
These notifications can be modified in SharePoint Admin Center:
The three sharing notifications correspond to three properties of Microsoft.Online.SharePoint.TenantAdministration.Tenant object:
- NotifyOwnersWhenInvitationsAccepted enables or disables emails sent to ODB owners when external users accept invitations to access files
- NotifyOwnersWhenItemsReshared enables or disables emails sent to ODB owners when other users invite additional external users
- OwnerAnonymousNotification enables or disables emails sent to ODB owners when anonymous access link is created or changed
OwnerAnonymousNotification
CSOM
An example of how to modify the OwnerAnonymousNotification using CSOM:
#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\16.0\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll"
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.ExecuteQuery()
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.NotificationsInOneDriveForBusinessEnabled =$true
$spoTenant.OwnerAnonymousNotification=$false
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant
Full script Notify OneDrive for Business owner if anonymous link to their content is created is available for download from GitHub.
SharePoint Online Management Shell
To enable:
Set-SPOTenant -OwnerAnonymousNotification $true
To disable:
Set-SPOTenant -OwnerAnonymousNotification $false
NotifyOwnersWhenInvitationsAccepted
This setting enables or disables sending emails to OneDrive for Business owners when their invitations have been accepted by external invitees.
CSOM
#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\16.0\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll"
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.Load($ctx.Web)
$ctx.ExecuteQuery()
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.NotifyOwnersWhenInvitationsAccepted=$NotifyOwnersWhenInvitationsAccepted
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
SharePoint Online Management Shell
Set-SPOTenant -NotifyOwnersWhenInvitationsAccepted $true
Downloads
The following scripts below are freely available from GitHub:
12 Powershell scripts for OneDrive for Business