Share via

SharePoint Online Sharing settings with CSOM

  • Article

Sharing Settings in SharePoint Admin Center

You can find most of the settings presented below in SharePoint Admin Center. There you can regulate them with a push of the button:

The article here focuses on how to enable or disable these functions using CSOM and Powershell or C#.

View sharing settings with CSOM

Sharing settings can be viewed among the properties of the tenant. You can view tenant properties using Microsoft.Online.SharePoint.Client.Tenant.dll library.
This article uses sample available on TechNet Gallery to retrieve the tenant properties:

$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.ExecuteQuery()
 
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx) 
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant

The expected results display a number of tenant properties:

SharingCapability

SharePoint Admin Center

SharingCapability lets you choose the following settings:

Accepted Values

The property accepts SharingCapabilities enumeration values:

  • Disabled 
  • ExternalUserSharingOnly 
  • ExternalUserAndGuestSharing 
  • ExistingExternalUserSharingOnly

You can set it with the following lines:

$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx) 
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.SharingCapability=[Microsoft.Online.SharePoint.TenantManagement.SharingCapabilities]::$SharingCapability

Full Script

#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll" 
 
 
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.Load($ctx.Web)
$ctx.ExecuteQuery()
 
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx) 
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
 
$spoTenant.SharingCapability=[Microsoft.Online.SharePoint.TenantManagement.SharingCapabilities]::$SharingCapability
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant

The script Modify external sharing setting in SharePoint Online tenant using CSOM is available for download from TechNet Gallery. 

SharePoint Online Management Shell

The setting can be also modified with SharePoint Online Management Shell, using Set-SPOTenant cmdlet:

Set-SPOTenant -SharingCapability ExistingExternalUserSharingOnly

ExpireInDays

After setting the tenant.SharingCapability to ExternalUserAndGuestSharing, you can decide about anonymous access links and set their expiration date and the allowed access level.
You can set expiration date using the RequireAnonymousLinksExpireInDays property:

$spoTenant.RequireAnonymousLinksExpireInDays=$HowManyDaysToExpire

LinkType

Anonymous access links can allow recipients to only view or view and edit. The value can be set separately for folders and separately for files.
For files it accepts the following values of the AnonymousLinkType enumeration:

  • View
  • Edit
  • None
$spoTenant.FileAnonymousLinkType=[Microsoft.SharePoint.Client.AnonymousLinkType]::$LinkType

For folders, it accepts a string value of "View" or "Edit".

$spoTenant.FolderAnonymousLinkType=$LinkType

Full script

#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll" 
 
 
 
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx) 
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.RequireAnonymousLinksExpireInDays=$HowManyDaysToExpire
$spoTenant.FolderAnonymousLinkType=$LinkType
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant 

The script Set expiration for anonymous links in SharePoint Online is available for download from Technet Gallery.
The script Set anonymous link access level for SharePoint Online tenant using PowerShell is available for download from TechNet Gallery. 

SharePoint Online Management Shell

The settings can be modified also with SharePoint Online Management Shell using Set-SPOTenant cmdlet:

Set-SPOTenant -RequireAnonymousLinksExpireInDays

Set-SPOTenant -FileAnonymousLinkType

Set-SPOTenant -FolderAnonymousLinkType

Tenant.DefaultSharingLinkType property sets the type of link that is created by default when users get links. There are 4 values possible:

  • Direct - only people who have permission

  • Internal -  only people in the organization

  • AnonymousAccess - anyone with the link

DefaultSharingLinkType property of Tenant object accepts SharingLinkType enumeration:

Full Script

01.Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
02.Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll" 
03. 
04.$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
05.$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
06.$ctx.Load($ctx.Web)
07.$ctx.ExecuteQuery()
08. 
09.$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx) 
10.$ctx.Load($spoTenant)
11.$ctx.ExecuteQuery()
12.$spoTenant.DefaultSharingLinkType= [Microsoft.Online.SharePoint.TenantManagement.SharingLinkType]::$SharingLinkType
13.$ctx.Load($spoTenant)
14.$ctx.ExecuteQuery()

The script Set default link type for SharePoint Online tenant sharing settings is available for download in Technet Gallery. 

SharePoint Admin Center

The setting can be also modified in SharePoint Admin Center:

SharePoint Online Management Shell

The default link type setting can be also modified using SharePoint Online Management Shell and Set-SPOTenant cmdlet:

Connect-SPOService
Set-SPOTenant -DefaultSharingLinkType

Additional settings

When sharing is enabled, there are 3 additional settings available:

  • Limit external sharing using domains 
  • Prevent external users from sharing files, folders, and sites that they don’t own 
  • External users must accept sharing invitations using the same account that the invitations were sent to

PreventExternalUsersFromResharing

Accepted Values

PreventExternalUsersFromResharing property prevents external users from sharing files, folders, and sites that they don’t own. It accepts Boolean values and you can set it using the following lines:

$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx) 
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.PreventExternalUsersFromResharing=$PreventExternalUsersFromResharing
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()

Full Script

Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll" 
 
 
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.Load($ctx.Web)
$ctx.ExecuteQuery()
 
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx) 
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.PreventExternalUsersFromResharing=$PreventExternalUsersFromResharing
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant

The script Prevent external users from resharing using Powershell and CSOM is available for download from TechNet Gallery. 

RequireAcceptingAccountMatchInvitedAccount

Property

RequireAcceptingAccountMatchInvitedAccount forces external users to accept sharing invitations using the same account that the invitations were sent to. It accepts Boolean values and you can set it using the following line:

$spoTenant.RequireAcceptingAccountMatchInvitedAccount=$RequireAcceptingAccountMatchInvitedAccount

Full script

Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll" 
 
 
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.Load($ctx.Web)
$ctx.ExecuteQuery()
 
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx) 
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.RequireAcceptingAccountMatchInvitedAccount=$RequireAcceptingAccountMatchInvitedAccount
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant

The script Force external users to accept sharing invitations with the same account is available for download from TechNet Gallery. 

SharingDomainRestrictionMode

Property and Accepted Values

SharingDomainRestrictionMode limits external sharing to specific domains. This property accepts values from Microsoft.Online.SharePoint.TenantManagement.SharingDomainRestrictionModes enumeration

  • None
  • AllowList
  • BlockList

If you choose AllowList, users will be able to share with external collaborators coming only from that email domain. If you choose BlockList, users will be able to share with all external collaborators apart from the ones on the BlockedDomainList. You can set it using the following line:

$SharingDomainRestrictionMode = "AllowList"
$spoTenant.SharingDomainRestrictionMode=[Microsoft.Online.SharePoint.TenantManagement.SharingDomainRestrictionModes]::$SharingDomainRestrictionMode

Connected with this setting there are 2 more properties: SharingBlockedDomainList and SharingAllowedDomainList. SharingAllowedDomainList specifies a list of email domains that are allowed for sharing with the external collaborators. SharingBlockedDomainList specifies a list of email domains that are blocked or prohibited for sharing with the external collaborators. You can set them using the following lines:

$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx) 
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.SharingBlockedDomainList={"o2.pl","madeup.com"}

Full script

#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll" 
 
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
  $ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
  $ctx.Load($ctx.Web)
  $ctx.ExecuteQuery()
 
  $spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx) 
  $ctx.Load($spoTenant)
  $ctx.ExecuteQuery()
  $spoTenant.SharingDomainRestrictionMode=$SharingDomainRestrictionMode
  $spoTenant.SharingAllowedDomainList={"o2.pl","madeup.com"}
  $ctx.Load($spoTenant)
  $ctx.ExecuteQuery()
  Write-Output $spoTenant 

The script Allow external sharing in SharePoint Online only with specific domains is available for download from TechNet Gallery. 

SharePoint Online Management Shell

Set-SPOTenant -SharingDomainRestrictionMode -SharingAllowedDomainList

Downloads

The scripts below are freely available from TechNet Gallery:
Allow external sharing in SharePoint Online only with specific domains
Force external users to accept sharing invitations with the same account
Get SharePoint Online tenant properties using Powershell and CSOM
Modify external sharing setting in SharePoint Online tenant using CSOM
Prevent external users from resharing using Powershell and CSOM
Set default link type for SharePoint Online tenant sharing settings
Set expiration for anonymous links in SharePoint Online
Set anonymous link access level for SharePoint Online tenant using PowerShell

See Also

OneDrive for Business sharing settings with Powershell

Back to Top