SPOSharingSettings

Parameters

Parameter Attribute DataType Description Allowed Values
IsSingleInstance Key String Specifies the resource is a single instance, the value must be 'Yes' Yes
SharingCapability Write String Configures sharing capability for SharePoint ExistingExternalUserSharingOnly, ExternalUserAndGuestSharing, Disabled, ExternalUserSharingOnly
MySiteSharingCapability Write String Configures sharing capability for mysite (onedrive) ExistingExternalUserSharingOnly, ExternalUserAndGuestSharing, Disabled, ExternalUserSharingOnly
ShowEveryoneClaim Write Boolean Enables the administrator to hide the Everyone claim in the People Picker.
ShowAllUsersClaim Write Boolean Enables the administrator to hide the All Users claim groups in People Picker.
ShowEveryoneExceptExternalUsersClaim Write Boolean Enables the administrator to hide the Everyone except external users claim in the People Picker.
ProvisionSharedWithEveryoneFolder Write Boolean Creates a Shared with Everyone folder in every user's new OneDrive for Business document library.
EnableGuestSignInAcceleration Write Boolean Accelerates guest-enabled site collections as well as member-only site collections when the SignInAccelerationDomain parameter is set.
BccExternalSharingInvitations Write Boolean When the feature is enabled, all external sharing invitations that are sent will blind copy the e-mail messages listed in the BccExternalSharingsInvitationList.
BccExternalSharingInvitationsList Write String Specifies a list of e-mail addresses to be BCC'd when the BCC for External Sharing feature is enabled.Multiple addresses can be specified by creating a comma separated list with no spaces.
RequireAnonymousLinksExpireInDays Write UInt32 Specifies all anonymous links that have been created (or will be created) will expire after the set number of days.
SharingAllowedDomainList Write StringArray[] Specifies a list of email domains that is allowed for sharing with the external collaborators. Entry values as an array of domains.
SharingBlockedDomainList Write StringArray[] Specifies a list of email domains that is blocked or prohibited for sharing with the external collaborators. Entry values as an array of domains.
SharingDomainRestrictionMode Write String Specifies the external sharing mode for domains. None, AllowList, BlockList
DefaultSharingLinkType Write String Lets administrators choose what type of link appears is selected in the 'Get a link' sharing dialog box in OneDrive for Business and SharePoint Online None, Direct, Internal, AnonymousAccess
PreventExternalUsersFromResharing Write Boolean Allow or deny external users re-sharing
ShowPeoplePickerSuggestionsForGuestUsers Write Boolean Enables the administrator to hide the guest users claim in the People Picker.
FileAnonymousLinkType Write String Configures anonymous link types for files View, Edit
FolderAnonymousLinkType Write String Configures anonymous link types for folders View, Edit
NotifyOwnersWhenItemsReshared Write Boolean When this parameter is set to $true and another user re-shares a document from a user’s OneDrive for Business, the OneDrive for Business owner is notified by e-mail.
DefaultLinkPermission Write String Specifies the link permission on the tenant level. Valid values to set are View and Edit. A value of None will be set to Edit as its the default value. None, View, Edit
RequireAcceptingAccountMatchInvitedAccount Write Boolean Ensures that an external user can only accept an external sharing invitation with an account matching the invited email address.Administrators who desire increased control over external collaborators should consider enabling this feature. False (default) - When a document is shared with an external user, bob@contoso.com, it can be accepted by any user with access to the invitation link in the original e-mail.True - User must accept this invitation with bob@contoso.com.
Ensure Write String Only accepted value is 'Present'. Present, Absent
Credential Write PSCredential Credentials of the account to authenticate with.
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
ApplicationSecret Write PSCredential Secret of the Azure Active Directory application to authenticate with.
TenantId Write String Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com
CertificatePassword Write PSCredential Username can be made up to anything but password will be used for certificatePassword
CertificatePath Write String Path to certificate used in service principal usually a PFX file.
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
ManagedIdentity Write Boolean Managed ID being used for authentication.
ExternalUserExpirationRequired Write Boolean Enable Guest access to a site or Onedrive to expire after
ExternalUserExpireInDays Write UInt32 Specifies Number of days for Guest Access links to expire.
AccessTokens Write StringArray[] Access token used for authentication.

Description

This resource allows users to configure and monitor the sharing settings for your SPO tenant sharing settings

Permissions

Microsoft Graph

To authenticate with the Microsoft Graph API, this resource required the following permissions:

Delegated permissions

  • Read

    • Domain.Read.All
  • Update

    • Domain.Read.All

Application permissions

  • Read

    • Domain.Read.All
  • Update

    • Domain.Read.All

Microsoft SharePoint

To authenticate with the SharePoint API, this resource required the following permissions:

Delegated permissions

  • Read

    • Sites.FullControl.All
  • Update

    • Sites.FullControl.All

Application permissions

  • Read

    • Sites.FullControl.All
  • Update

    • Sites.FullControl.All

Examples

Example 1

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credscredential
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        SPOSharingSettings 'ConfigureSharingSettings'
        {
            IsSingleInstance                           = "Yes"
            SharingCapability                          = 'ExternalUserSharingOnly'
            ShowEveryoneClaim                          = $false
            ShowAllUsersClaim                          = $false
            ShowEveryoneExceptExternalUsersClaim       = $true
            ProvisionSharedWithEveryoneFolder          = $false
            EnableGuestSignInAcceleration              = $false
            BccExternalSharingInvitations              = $false
            BccExternalSharingInvitationsList          = ""
            RequireAnonymousLinksExpireInDays          = 730
            SharingAllowedDomainList                   = @("contoso.com")
            SharingBlockedDomainList                   = @("contoso.com")
            SharingDomainRestrictionMode               = "None"
            DefaultSharingLinkType                     = "AnonymousAccess"
            PreventExternalUsersFromResharing          = $false
            ShowPeoplePickerSuggestionsForGuestUsers   = $false
            FileAnonymousLinkType                      = "Edit"
            FolderAnonymousLinkType                    = "Edit"
            NotifyOwnersWhenItemsReshared              = $true
            DefaultLinkPermission                      = "View"
            RequireAcceptingAccountMatchInvitedAccount = $false
            Ensure                                     = "Present"
            Credential                                 = $Credscredential
        }
    }
}