Get SharePoint site sharing Settings with PowerShell
Managing sharing settings for SharePoint sites is crucial for maintaining a secure and well-governed environment. With the help of PowerShell, administrators can efficiently retrieve and manage these settings across their SharePoint Online tenant. This ensures that sensitive information is not overshared and that your organisation’s data remains secure.
Importance of Reviewing Sharing Settings
Reviewing sharing settings is essential to prevent oversharing, which can lead to data breaches and unauthorized access to sensitive information. By regularly auditing and adjusting these settings, you can enforce your organization’s sharing policies and ensure that only authorized users have access to specific content. This is particularly important during the rollout of Copilot for M365, as it helps maintain a secure and compliant environment.
Refer to post Empowering Secure Collaboration: Configuring SharePoint Sharing Tenant and Site Settings with PowerShell to prevent Oversharing for more details.
Prerequisites
Before running the script, ensure you have the following:
- The PnP PowerShell module installed. You can install it using the command:
Install-Module -Name PnP.PowerShell
- Appropriate permissions to connect to the SharePoint admin center and retrieve site settings.
PowerShell Script to get sharing settings
The following PowerShell script retrieves the sharing settings for all SharePoint sites within a specified tenant and exports the data to a CSV file.
param (
[Parameter(Mandatory = $true)]
[string] $domain
)
$adminSiteURL = "https://$domain-Admin.SharePoint.com"
$TenantURL = "https://$domain.sharepoint.com"
$dateTime = "_{0:MM_dd_yy}_{0:HH_mm_ss}" -f (Get-Date)
$invocation = (Get-Variable MyInvocation).Value
$directorypath = Split-Path $invocation.MyCommand.Path
$fileName = "site_sharing_settings" + $dateTime + ".csv"
$outputPath = $directorypath + "\"+ $fileName
if (-not (Test-Path $outputPath)) {
New-Item -ItemType File -Path $outputPath
}
Connect-PnPOnline -Url $adminSiteURL -Interactive -WarningAction SilentlyContinue
$adminConnection = Get-PnPConnection
Write-Host "Getting site sharing settings..." -ForegroundColor Yellow
$sharingReport = Get-PnPTenantSite -Filter "Url -like '$TenantURL'" | Where-Object { $_.Template -ne 'RedirectSite#0' } | foreach-object {
try {
$sharingsetting = Get-PnPTenantSite -url $_.Url -DisableSharingForNonOwnersStatus -Connection $adminConnection| select `
Title, `
Url, `
ShowPeoplePickerSuggestionsForGuestUsers, `
SharingCapability, `
ExternalUserExpirationInDays, `
SharingAllowedDomainList, `
SharingBlockedDomainList, `
SharingDomainRestrictionMode, `
OverrideTenantExternalUserExpirationPolicy, `
OverrideTenantAnonymousLinkExpirationPolicy, `
DefaultSharingLinkType, `
DefaultLinkPermission, `
DefaultShareLinkScope, `
DefaultShareLinkRole, `
DefaultLinkToExistingAccess, `
DisableCompanyWideSharingLinks, `
DisableSharingForNonOwnersStatus, `
AnonymousLinkExpirationInDays, `
ConditionalAccessPolicy, `
ReadOnlyForUnmanagedDevices, `
LoopDefaultSharingLinkScope, `
LoopDefaultSharingLinkRole, `
OverrideSharingCapability, `
RequestFilesLinkEnabled, `
RequestFilesLinkExpirationInDays, `
RestrictedAccessControl, `
RestrictedAccessControlGroups, `
RestrictContentOrgWideSearch
# DefaultShareLinkScope and DefaultShareLinkRole will replace DefaultSharingLinkType and DefaultLinkPermission
$restUrl = $_.Url +'/_api/web?$select=MembersCanShare,TenantAdminMembersCanShare,RequestAccessEmail,UseAccessRequestDefault,AccessRequestSiteDescription'
connect-PnPOnline -Url $_.Url -interactive -WarningAction SilentlyContinue
$siteconnection = Get-PnPConnection
$response = invoke-pnpsprestmethod -Url $restUrl -Method Get -Connection $siteconnection
[PSCustomObject]@{
##add the properties from the $sharingsetting object
Title = $sharingsetting.Title
Url = $sharingsetting.Url
ShowPeoplePickerSuggestionsForGuestUsers = $sharingsetting.ShowPeoplePickerSuggestionsForGuestUsers
SharingCapability = $sharingsetting.SharingCapability
ExternalUserExpirationInDays = $sharingsetting.ExternalUserExpirationInDays
SharingAllowedDomainList = $sharingsetting.SharingAllowedDomainList
SharingBlockedDomainList = $sharingsetting.SharingBlockedDomainList
SharingDomainRestrictionMode = $sharingsetting.SharingDomainRestrictionMode
OverrideTenantExternalUserExpirationPolicy = $sharingsetting.OverrideTenantExternalUserExpirationPolicy
DefaultSharingLinkType = $sharingsetting.DefaultSharingLinkType
DefaultLinkPermission = $sharingsetting.DefaultLinkPermission
DefaultShareLinkScope = $sharingsetting.DefaultShareLinkScope
DefaultShareLinkRole = $sharingsetting.DefaultShareLinkRole
DefaultLinkToExistingAccess = $sharingsetting.DefaultLinkToExistingAccess
DisableCompanyWideSharingLinks = $sharingsetting.DisableCompanyWideSharingLinks
AnonymousLinkExpirationInDays = $sharingsetting.AnonymousLinkExpirationInDays
ConditionalAccessPolicy = $sharingsetting.ConditionalAccessPolicy
ReadOnlyForUnmanagedDevices = $sharingsetting.ReadOnlyForUnmanagedDevices
LoopDefaultSharingLinkScope = $sharingsetting.LoopDefaultSharingLinkScope
LoopDefaultSharingLinkRole = $sharingsetting.LoopDefaultSharingLinkRole
OverrideSharingCapability = $sharingsetting.OverrideSharingCapability
OverrideTenantAnonymousLinkExpirationPolicy = $sharingsetting.OverrideTenantAnonymousLinkExpirationPolicy
RequestFilesLinkEnabled = $sharingsetting.RequestFilesLinkEnabled
RequestFilesLinkExpirationInDays = $sharingsetting.RequestFilesLinkExpirationInDays
RestrictContentOrgWideSearch = $sharingsetting.RestrictContentOrgWideSearch
DisableSharingForNonOwners = $sharingsetting.DisableSharingForNonOwnersStatus
##add the properties from the $response object
MembersCanShare = $response.MembersCanShare
TenantAdminMembersCanShare = $response.TenantAdminMembersCanShare
RequestAccessEmail = $response.RequestAccessEmail
UseAccessRequestDefault = $response.UseAccessRequestDefault
AccessRequestSiteDescription = $response.AccessRequestSiteDescription
}
}
catch {
Write-Host "An error occurred: $_" -ForegroundColor Red
}
}
$sharingReport |select * |Export-Csv $outputPath -NoTypeInformation -Append
Write-Host "Exported successfully!..." -ForegroundColor Green
Sample PowerShell script to update sharing settings for a site
Set-PnPTenantSite -Identity https://reshmeeauckloo.sharepoint.com/sites/SharingTest `
-ShowPeoplePickerSuggestionsForGuestUsers $false `
-SharingCapability ExistingExternalUserSharingOnly `
-ExternalUserExpirationInDays 60 `
-SharingAllowedDomainList "contoso.com" `
-SharingBlockedDomainList "contoso.com" `
-SharingDomainRestrictionMode AllowList -OverrideTenantExternalUserExpirationPolicy $false `
-DefaultSharingLinkType None `
-DefaultLinkPermission None `
-DefaultShareLinkScope = SpecificPeople
-DefaultShareLinkRole = View
-DefaultLinkToExistingAccess $true `
-DisableCompanyWideSharingLinks Disabled `
-AnonymousLinkExpirationInDays 60 `
-ConditionalAccessPolicy AllowLimitedAccess `
-ReadOnlyForUnmanagedDevices $true `
-LoopDefaultSharingLinkScope SpecificPeople `
-LoopDefaultSharingLinkRole View `
-DisableSharingForNonOwners `
-OverrideSharingCapability $false `
-RequestFilesLinkEnabled $false `
-RequestFilesLinkExpirationInDays 50 `
-RestrictedAccessControl $true `
-RestrictedAccessControlGroups af8c0bc8-7b1b-44b4-b087-ffcc8df70d16
Conclusion
Regularly reviewing and adjusting sharing settings is essential to prevent oversharing and maintain a secure environment, especially during the rollout of Copilot for M365.