OneDrive for Business sharing settings with PowerShell

 

Sharing settings in OneDrive for Business can be controlled globally and applied to all users' OneDrives with just a few lines or clicks. This article shows the available options and how to enable or disable them using SharePoint Admin Center, SharePoint Online Management Shell or CSOM and PowerShell. 

 

Prerequisites

Most of these options became available in the last few months. Make sure you are using an updated version of SharePoint Online Management Shell and SharePoint Online CSOM libraries before executing the cmdlets.   
 

Disable access requests to user OneDrives

The ODBAccessRequests property came with New SharePoint CSOM version released for SharePoint Online - October 2016. It lets administrators set policy on access requests and requests to share in OneDrive for Business. It accepts three values:

• On- Users without permission to share can trigger sharing requests to the OneDrive for Business owner when they attempt to share. Also, users without permission to a file or folder can trigger access requests to the OneDrive for Business owner when they attempt to access an item they do not have permissions to.

• Off- Prevent access requests and requests to share on OneDrive for Business:

• Unspecified- Let each OneDrive for Business owner enable or disable access requests and requests to share on their OneDrive.

 

SharePoint Online Management Shell

Set-SPOTenant -ODBAccessRequests Off

CSOM

#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"
  
  
  
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.ODBAccessRequests =[Microsoft.SharePoint.Client.SharingState]::Unspecified
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant

The script Globally set OneDrive for Business Access Requests and Members Can Share is available for download from Github.

 

↑ Back to top

Other people share my ODB content

Can they?

This setting can be enabled or disabled by every user in their own OneDrive for Business, but it can also be regulated globally through SharePoint Admin Center. The property on the Tenant object that sets this setting is called ODBMembersCanShare and can be used in SharePoint Online Management Shell or PowerShell CSOM script. It accepts three values:

• On- Users with edit permissions can re-share.
• Off- Only OneDrive for Business owner can share. The value of ODBAccessRequestsdefines whether a request to share gets sent to the owner.
• Unspecified- Let each OneDrive for Business owner enable or disable re-sharing behavior on their OneDrive.

SharePoint Online Management Shell

Set-SPOTenant -ODBMembersCanShare

CSOM

#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"
   
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.ODBMembersCanShare =[Microsoft.SharePoint.Client.SharingState]::On
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant

The script Globally set OneDrive for Business Access Requests and Members Can Share is available for download from GitHub.

 

End effect

 

 

Notify me

NotifyOwnersWhenItemsReshared is a Tenant object property that enables sending emails to OneDrive for Business owners when other users further share the content of the owner's OneDrive with EXTERNAL users.

 

CSOM

An example below shows how to enable or disable the setting that notifies OneDrive for Business owners when other users further share the content of the owner's OneDrive:

 

#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\16.0\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll"
  
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.Load($ctx.Web)
$ctx.ExecuteQuery()
  
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.NotifyOwnersWhenItemsReshared=$NotifyOwnersWhenItemsReshared
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant

Full script Notify OneDrive for a Business owner if their content is reshared is available for download from GitHub.   

              

SharePoint Online Management Shell

Set-SPOTenant -NotifyOwnersWhenItemsReshared ``$true

↑ Back to top

Add BCC to all external sharing invitations

From December 2015 update it is also possible to add users in BCC field to all sharing invitations in all users' OneDrives.

After the setting takes place, the BCC emails will start receiving copies of the sharing invitations with Invited person's email in the "TO" field and inviter's in "CC":

https://gallery.technet.microsoft.com/sharepoint/site/view/file/176902/1/Untitled.png

There are 2 properties responsible for this setting. One is Boolean BccExternalSharingInvitations and the other is a list of Email addresses which will receive the invitation email copy:  BccExternalSharingInvitationsList. BccExternalSharingInvitations enables the BCC for External Sharing feature. When the feature is enabled, all external sharing invitations will blind copy the e-mail messages listed in the BccExternalSharingsInvitationList.
BccExternalSharingsInvitationList specifies a list of e-mail addresses to be BCC’d when the BCC for External Sharing feature is enabled. Multiple addresses can be specified by creating a comma-separated list with no spaces. For example joe@contoso.com,bob@contoso.com
From: https://technet.microsoft.com/en-us/library/fp161390.aspx?f=255&MSPPError=-2147217396 

CSOM

$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$spoTenant.BccExternalSharingInvitations=$true
$spoTenant.BccExternalSharingInvitationsList={arleta.wanat@SomeFakeAdresse.com}

Full script

#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"
  
  
  
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.BccExternalSharingInvitations=$true
$spoTenant.BccExternalSharingInvitationsList={arleta.wanat@SomeFakeAdresse.com}
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant

The full script Add BCC to all sharing invitations in OneDrive for Business is available for download from GitHub.

SharePoint Online Management Shell

Set-SPOTenant  [-BccExternalSharingInvitations <$true | $false>] [-BccExternalSharingInvitationsList <String>]

Block Download

From August 2016 and the CSOM version 16.1.5626.1200 there is an option to prevent external users from downloading the files that have been shared with them using guest link:

 

 

The settings responsible for that are BlockDownloadOfAllFilesForGuests  and BlockDownloadOfViewableFilesForGuests.

 

↑ Back to top

CSOM

$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$spoTenant.BlockDownloadOfAllFilesForGuests=$true

Full script

#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\16.0\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll"
  
  
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.BlockDownloadOfAllFilesForGuests=$BlockDownloadOfAllFilesForGuests
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
  
return $spoTenant

The full script Block download of all files for guests in SharePoint with Powershell & CSOM is available for download from GitHub. 

 

SharePoint Online Management Shell

There is currently no possibility to change these settings using SharePoint Online Management Shell. Please refer to https://technet.microsoft.com/en-us/library/fp161390.aspx?f=255&MSPPError=-2147217396 for possible updates.

 

Sharing Notifications

An important part of sharing settings for OneDrive for Business is sharing notifications, which inform OneDrive for Business owners when 

• other users invite additional external users to shared files
• the invited users accept their invitations, or
• anonymous link is created or changed

These notifications can be modified in SharePoint Admin Center:

The three sharing notifications correspond to three properties of Microsoft.Online.SharePoint.TenantAdministration.Tenant object:

• NotifyOwnersWhenInvitationsAccepted  enables or disables emails sent to ODB owners when external users accept invitations to access files
• NotifyOwnersWhenItemsReshared enables or disables emails sent to ODB owners when other users invite additional external users
• OwnerAnonymousNotification enables or disables emails sent to ODB owners when anonymous access link is created or changed

↑ Back to top

OwnerAnonymousNotification

CSOM

An example of how to modify the OwnerAnonymousNotification using CSOM:

 

#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\16.0\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll"
  
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.ExecuteQuery()
  
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.NotificationsInOneDriveForBusinessEnabled =$true
$spoTenant.OwnerAnonymousNotification=$false
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
Write-Output $spoTenant

Full script Notify OneDrive for Business owner if anonymous link to their content is created is available for download from GitHub.

 

SharePoint Online Management Shell

To enable:

 

Set-SPOTenant -OwnerAnonymousNotification $true

To disable:

 

Set-SPOTenant -OwnerAnonymousNotification $false

NotifyOwnersWhenInvitationsAccepted

This setting enables or disables sending emails to OneDrive for Business owners when their invitations have been accepted by external invitees.  

 

CSOM

#Paths to SDK
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\16.0\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll"
  
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username, $password)
$ctx.Load($ctx.Web)
$ctx.ExecuteQuery()
  
$spoTenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()
$spoTenant.NotifyOwnersWhenInvitationsAccepted=$NotifyOwnersWhenInvitationsAccepted
$ctx.Load($spoTenant)
$ctx.ExecuteQuery()

SharePoint Online Management Shell

Set-SPOTenant -NotifyOwnersWhenInvitationsAccepted $true

Downloads

The following scripts below are freely available from GitHub:
12 Powershell scripts for OneDrive for Business

 

See Also

• SharePoint Online Sharing settings with CSOM
• Manage SharePoint Online Access Requests using Powershell

↑ Back to top