Set-MsolCompanySettings
Updated: July 30, 2015
Applies To: Azure, Office 365, Windows Intune
Note
- The cmdlets were previously known as the Microsoft Online Services Module for Windows PowerShell cmdlets.
The Set-MsolCompanySettings cmdlet is used to set company-level configuration settings.
Syntax
Set-MsolCompanySettings [-SelfServePasswordResetEnabled <Boolean>] [-UsersPermissionToCreateGroupsEnabled <Boolean>] [-AllowAdHocSubscriptions <Boolean>] [-AllowEmailVerifiedUsers <Boolean>] [-DefaultUsageLocation <String>] [-UsersPermissionToCreateLOBAppsEnabled <Boolean>] [-UsersPermissionToReadOtherUsersEnabled <Boolean>] [-UsersPermissionToUserConsentToAppEnabled <Boolean>] [-TenantId <Guid>] [<CommonParameters>]
Parameters
-SelfServePasswordResetEnabled <Boolean>
Indicates whether to allow the use of the self-service password reset
feature. This setting is applied company-wide.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
- UsersPermissionToCreateGroupsEnabled <Boolean>
Indicates whether to allow users to create groups.
This setting is applied company-wide. Set to False to disable users’ ability to create groups.
Required? false
Position? named
Default value true
Accept pipeline input? false
Accept wildcard characters? false
- AllowAdHocSubscriptions <Boolean>
Indicates whether to allow users to sign up for email-based subscriptions as individuals, such as signing up RMS for individuals.
This setting is applied company-wide. Set to False to block users from signing up for email-based subscription as individuals.
Required? false
Position? named
Default value true
Accept pipeline input? false
Accept wildcard characters? false
- AllowEmailVerifiedUsers <Boolean>
Indicates whether users can join a tenant by email validation. The user must have an email address in a domain that matches one of the verified domains in the tenant.
This setting is applied company-wide. Set to False to block users from joining the tenant by email validation.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
- DefaultUsageLocation <String>
Indicates the value that will be applied to the User.UsageLocation attribute if none is present when assigning licenses to Microsoft products. If the default value is null, then the location value for the tenant is used.
Required? false
Position? named
Default value true
Accept pipeline input? false
Accept wildcard characters? false
- UsersPermissionToCreateLOBAppsEnabled <Boolean>
Indicates whether to allow users to create new applications.
This setting is applied company-wide. Set to False to disable users’ ability to create new applications for their organization.
Required? false
Position? named
Default value true
Accept pipeline input? false
Accept wildcard characters? false
- UsersPermissionToReadOtherUsersEnabled <Boolean>
Indicates whether to allow users to view the profile info of other users in their company.
This setting is applied company-wide. Set to False to disable users’ ability to use the Azure AD module for Windows PowerShell to access user information for their organization.
Required? false
Position? named
Default value true
Accept pipeline input? false
Accept wildcard characters? false
- UsersPermissionToUserConsentToAppEnabled <Boolean>
Indicates whether to allow users to consent to apps that require access to their cloud user data, such as directory user profile or Office 365 mail and OneDrive for business.
This setting is applied company-wide. Set to False to disable users’ ability to grant consent to applications.
Required? false
Position? named
Default value true
Accept pipeline input? false
Accept wildcard characters? false
-TenantId <Guid>
The unique ID of the tenant to perform the operation on. If this is
not provided, then the value will default to the tenant of the current
user. This parameter is only applicable to partner users.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer and OutVariable. For more information, type,
"get-help about_commonparameters".
Examples
Example 1
The following command enables the self-serve password reset feature for all users in the company.
Set-MsolCompanySettings -SelfServePasswordResetEnabled $true
Example 2
The following command disables the ability of users to consent to apps.
Set-MsolCompanySettings - UsersPermissionToUserConsentToAppEnabled $false
Example 3
The following command disables the ability of users to see the profile info of other users in the company. Users can see only their own profile info.
Set-MsolCompanySettings -UsersPermissionToReadOtherUsersEnabled $false
Example 4
The following command disables the ability of users to create new applications or consent to applications. Users can create groups.
Set-MsolCompanySettings -UsersPermissionToCreateLOBAppsEnabled $false
-UsersPermissionToUserConsentToAppEnabled $false -UsersPermissionToReadOtherUsersEnabled $false -UsersPermissionToCreateGroupsEnabled $true
Example 5
The following command allows users to join a tenant by email validation and sign up for email-based subscriptions as an individual. For example, a user with the email address Dan@Contoso.com responds to an offer to sign up for Office 365 Education as an individual. Dan does not yet have an account in Azure AD directory for Contoso.com. In that case, the following command allows Dan to sign up for Office 365 Education as an individual and have an account provisioned in the Contoso.com directory.
Set-MsolCompanySettings -AllowEmailVerifiedUsers $true -AllowAdHocSubscriptions $true
Example 6
The following command allows users to sign up for email-based subscriptions, but only if the user accounts already exist in Azure AD. For example, a user with the email address Dan@Contoso.com responds to an offer to sign up for RMS for individuals. Dan has an account in the Azure AD directory for Contoso.com that was either created by the Azure AD global administrator or it was synchronized with Azure AD from an on-premises directory. In that case, the following command allows Dan to sign up for RMS for individuals by responding to an email-based subscription offer.
Set-MsolCompanySettings -AllowEmailVerifiedUsers $false -AllowAdHocSubscriptions $true
Example 7
The following command prevents users from signing up for email-based subscriptions for individuals.
Set-MsolCompanySettings -AllowAdHocSubscriptions $false
Example 8
The following command prevents users from joining the directory by email-based validation.
Set-MsolCompanySettings -AllowEmailVerifiedUsers $false
Additional Resources
There are several other places you can get more information and help. These include: