Set-SPOTenant

 

Applies to: Office 365, SharePoint Online

Topic Last Modified: 2016-12-06

Sets properties on the SharePoint Online organization.

Set-SPOTenant [-BccExternalSharingInvitations <$true | $false>] [-BccExternalSharingInvitationsList <String>] [-DefaultSharingLinkType <None | Direct | Internal | AnonymousAccess>] [-DisplayStartASiteOption <$true | $false>] [-EnableGuestSignInAcceleration <$true | $false>] [-ExternalServicesEnabled <$true | $false>] [-FileAnonymousLinkType <None | View | Edit>] [-FolderAnonymousLinkType <None | View | Edit>] [-IPAddressAllowList <String>] [-IPAddressEnforcement <$true | $false>] [-IPAddressWACTokenLifetime <Int32>] [-LegacyAuthProtocolsEnabled <$true | $false>] [-MaxCompatibilityLevel <Int32>] [-MinCompatibilityLevel <Int32>] [-NoAccessRedirectUrl <String>] [-NotificationsInOneDriveForBusinessEnabled <$true | $false>] [-NotificationsInSharePointEnabled <$true | $false>] [-NotifyOwnersWhenInvitationsAccepted <$true | $false>] [-NotifyOwnersWhenItemsReshared <$true | $false>] [-ODBAccessRequests <Unspecified | On | Off>] [-ODBMembersCanShare <Unspecified | On | Off>] [-OfficeClientADALDisabled <$true | $false>] [-OneDriveForGuestsEnabled <$true | $false>] [-OneDriveStorageQuota <Int64>] [-OrphanedPersonalSitesRetentionPeriod <Int32>] [-PermissiveBrowserFileHandlingOverride <$true | $false>] [-PreventExternalUsersFromResharing <$true | $false>] [-ProvisionSharedWithEveryoneFolder <$true | $false>] [-PublicCdnAllowedFileTypes <String>] [-PublicCdnEnabled <$true | $false>] [-RequireAcceptingAccountMatchInvitedAccount <$true | $false>] [-RequireAnonymousLinksExpireInDays <Int32>] [-SearchResolveExactEmailOrUPN <$true | $false>] [-SharingAllowedDomainList <String>] [-SharingBlockedDomainList <String>] [-SharingCapability <Disabled | ExternalUserSharingOnly | ExternalUserAndGuestSharing | ExistingExternalUserSharingOnly>] [-SharingDomainRestrictionMode <None | AllowList | BlockList>] [-ShowAllUsersClaim <$true | $false>] [-ShowEveryoneClaim <$true | $false>] [-ShowEveryoneExceptExternalUsersClaim <$true | $false>] [-ShowPeoplePickerSuggestionsForGuestUsers <$true | $false>] [-SignInAccelerationDomain <String>] [-StartASiteFormUrl <String>] [-UseFindPeopleInPeoplePicker <$true | $false>] [-UsePersistentCookiesForExplorerView <$true | $false>] [-UserVoiceForFeedbackEnabled <$true | $false>]

--------EXAMPLE 1 --------

Set-SPOSite -Identity https://contoso.sharepoint.com/sites/team1 -LockState NoAccess
Set-SPOTenant -NoAcessRedirectUrl 'http://www.contoso.com'

This example blocks access to https://contoso.sharepoint.com/sites/team1 and redirects traffic to http://www.contoso.com.

--------EXAMPLE 2 --------

Set-SPOTenant -ShowEveryoneExceptExternalUsersClaim $false 

This example hides the "Everyone Except External Users" claim in People Picker.

--------EXAMPLE 3 --------

Set-SPOTenant -ShowAllUsersClaim $false 

This example hides the "All Users" claim group in People Picker.

--------EXAMPLE 4 --------

Set-SPOTenant -UsePersistentCookiesForExplorerView $true 

This example enables the use of special persisted cookie for Open with Explorer.

You can use the Set-SPOTenant cmdlet to enable external services and to specify the versions in which site collections can be created. You can also use the Set-SPOSite cmdlet together with the Set-SPOTenant cmdlet to block access to a site in your organization and redirect traffic to another site.

You must be a SharePoint Online global administrator to run the cmdlet.

 

Parameter Required Type Description

BccExternalSharingInvitations

Optional

System.Boolean

Enables the BCC for External Sharing feature. When the feature is enabled, all external sharing invitations will blind copy the e-mail messages listed in the BccExternalSharingsInvitationList.

Accepts a value of true (enabled) or false (disabled). By default this feature is set to false.

BccExternalSharingInvitationsList

Optional

System.String

Specifies a list of e-mail addresses to be BCC’d when the BCC for External Sharing feature is enabled. Multiple addresses can be specified by creating a comma separated list with no spaces.

For example: joe@contoso.com,bob@contoso.com

DefaultSharingLinkType

Optional

Microsoft.Online.SharePoint.TenantManagement.SharingLinkType

Lets administrators choose what type of link appears is selected in the “Get a link” sharing dialog box in OneDrive for Business and SharePoint Online.

For additional information about how to change the default link type, see Change the default link type when users get links for sharing.

NoteNote:
Setting this value to “none” will default “get a link” to the most permissive link available (that is, if anonymous links are enabled, the default link will be anonymous access; if they are disabled then the default link will be internal.

The values are:

  • None

  • Direct

  • Internal

  • AnonymousAccess

DisplayStartASiteOption

Optional

System.Boolean

Determines whether tenant users see the Start a Site menu option.

EnableGuestSignInAcceleration

Optional

System.Boolean

Accelerates guest-enabled site collections as well as member-only site collections when the SignInAccelerationDomain parameter is set.

NoteNote:
If enabled, your identity provider must be capable of authenticating guest users. If it is not, guest users will be unable to log in and access content that was shared with them.

ExternalServicesEnabled

Optional

System.Boolean

Enables external services for a tenant. External services are defined as services that are not in the Office 365 datacenters.

FileAnonymousLinkType

Optional

Microsoft.SharePoint.Client.AnonymousLinkType

PARAMVALUE: None | View | Edit

FolderAnonymousLinkType

Optional

Microsoft.SharePoint.Client.AnonymousLinkType

PARAMVALUE: None | View | Edit

IPAddressAllowList

Optional

System.String

PARAMVALUE: String

IPAddressEnforcement

Optional

System.Boolean

PARAMVALUE: $true | $false

IPAddressWACTokenLifetime

Optional

System.Int32

PARAMVALUE: Int32

LegacyAuthProtocolsEnabled

Optional

System.Boolean

By default this value is set to $True.

Setting this parameter prevents Office clients using non-modern authentication protocols from accessing SharePoint Online resources .

A value of True- Enables Office clients using non-modern authentication protocols (such as, Forms-Based Authentication (FBA) or Identity Client Runtime Library (IDCRL)) to access SharePoint resources.

A value of False-Prevents Office clients using non-modern authentication protocols from accessing SharePoint Online resources .

NoteNote:
This may also prevent third-party apps from accessing SharePoint Online resources.

MaxCompatibilityLevel

Optional

System.Int32

Specifies the upper bound on the compatibility level for new sites.

MinCompatibilityLevel

Optional

System.Int32

Specifies the lower bound on the compatibility level for new sites.

NoAccessRedirectUrl

Optional

System.String

Specifies the URL of the redirected site for those site collections which have the locked state "NoAccess."

NotificationsInOneDriveForBusinessEnabled

Optional

System.Boolean

PARAMVALUE: $true | $false

NotificationsInSharePointEnabled

Optional

System.Boolean

PARAMVALUE: $true | $false

NotifyOwnersWhenInvitationsAccepted

Optional

System.Boolean

When this parameter is set to $true and when an external user accepts an invitation to a resource in a user’s OneDrive for Business, the OneDrive for Business owner is notified by e-mail.

For additional information about how to configure notifications for external sharing, see Configure notifications for external sharing for OneDrive for Business.

The values are $true and $false.

NotifyOwnersWhenItemsReshared

Optional

System.Boolean

When this parameter is set to $true and another user re-shares a document from a user’s OneDrive for Business, the OneDrive for Business owner is notified by e-mail.

For additional information about how to configure notifications for external sharing, see Configure notifications for external sharing for OneDrive for Business.

The values are $true and $false.

ODBAccessRequests

Optional

Microsoft.SharePoint.Client.SharingState

PARAMVALUE: Unspecified | On | Off

ODBMembersCanShare

Optional

Microsoft.SharePoint.Client.SharingState

PARAMVALUE: Unspecified | On | Off

OfficeClientADALDisabled

Optional

System.Boolean

PARAMVALUE: $true | $false

OneDriveForGuestsEnabled

Optional

System.Boolean

PARAMVALUE: $true | $false

OneDriveStorageQuota

Optional

System.Int64

Sets a default OneDrive for Business storage quota for the tenant. It will be used for new OneDrive for Business sites created.

A typical use will be to reduce the amount of storage associated with OneDrive for Business to a level below what the License entitles the users. For example, it could be used to set the quota to 10 gigabytes (GB) by default.

If value is set to 0, the parameter will have no effect.

If the value is set larger than the Maximum allowed OneDrive for Business quota, it will have no effect.

OrphanedPersonalSitesRetentionPeriod

Optional

System.Int32

Specifies the number of days after a user's Active Directory account is deleted that their OneDrive for Business content will be deleted.

The value range is in days, between 30 and 3650. The default value is 30.

PermissiveBrowserFileHandlingOverride

Optional

System.Boolean

Enables the Permissive browser file handling. By default, the browser file handling is set to Strict. The Strict setting adds headers that force the browser to download certain types of files. The forced download improves security by disallowing the automatic execution of Web content. When the setting is set to Permissive, no headers are added and certain types of files can be executed in the browser instead of download.

The valid values are:

  • True- Enable the Permissive browser file handling setting.

  • False- Keep the default Strict browser file handling setting.

PreventExternalUsersFromResharing

Optional

System.Boolean

PARAMVALUE: $true | $false

ProvisionSharedWithEveryoneFolder

Optional

System.Boolean

Creates a Shared with Everyone folder in every user’s new OneDrive for Business document library.

The default value is True which mean the folder is created.

A value of False means no folder is created when the site and OneDrive for Business document library is created.

NoteNote:
The default behavior of the Shared with Everyone folder is changing in August 2015. For additional information about the change, see Provision the Shared with Everyone folder in OneDrive for Business

PublicCdnAllowedFileTypes

Optional

System.String

PARAMVALUE: String

PublicCdnEnabled

Optional

System.Boolean

PARAMVALUE: $true | $false

RequireAcceptingAccountMatchInvitedAccount

Optional

System.Boolean

Ensures that an external user can only accept an external sharing invitation with an account matching the invited email address.

The parameter accepts two values: True or False.

True-User must accept this invitation with bob@contoso.com.

False- When a document is shared with an external user, bob@contoso.com, it can be accepted by any user with access to the invitation link in the original e-mail.

Administrators who desire increased control over external collaborators should consider enabling this feature.

NoteNote:
This only applies to new external users accepting new sharing invitations.
The resource owner must share with an organizational or Microsoft account or the external user will be unable to access the resource.

RequireAnonymousLinksExpireInDays

Optional

System.Int32

Specifies all anonymous links that have been created (or will be created) will expire after the set number of days .

To remove the expiration requirement, set the value to zero (0).

SearchResolveExactEmailOrUPN

Optional

System.Boolean

Removes the search capability from People Picker.

The valid values are:

SharingAllowedDomainList

Optional

System.String

Specifies a list of email domains that is allowed for sharing with the external collaborators. Use the space character as the delimiter for entering multiple values. For example, “contoso.com fabrikam.com”.

For additional information about how to restrict a domain sharing, see Restricted Domains Sharing in Office 365 SharePoint Online and OneDrive for Business

SharingBlockedDomainList

Optional

System.String

Specifies a list of email domains that is blocked or prohibited for sharing with the external collaborators. Use space character as the delimiter for entering multiple values. For example, “contoso.com fabrikam.com”.

For additional information about how to restrict a domain sharing, see Restricted Domains Sharing in Office 365 SharePoint Online and OneDrive for Business

SharingCapability

Optional

Microsoft.Online.SharePoint.TenantManagement.SharingCapabilities

Determines what level of sharing is available for the site. The possible values are: Disabled – external user sharing (share by email) and guest link sharing are both disabled, ExternalUserSharingOnly – external user sharing (share by email) is enabled, but guest link sharing is disabled, or ExternalUserAndGuestSharing - external user sharing (share by email) and guest link sharing are both enabled.

For more information about sharing, see . Manage external sharing for your SharePoint online environment.

SharingDomainRestrictionMode

Optional

Microsoft.Online.SharePoint.TenantManagement.SharingDomainRestrictionModes

Specifies the external sharing mode for domains.

The following values are:

  • None

  • AllowList

  • BlockList

For additional information about how to restrict a domain sharing, see Restricted Domains Sharing in Office 365 SharePoint Online and OneDrive for Business

ShowAllUsersClaim

Optional

System.Boolean

Enables the administrator to hide the All Users claim groups in People Picker. When users share an item with “All Users (x)”, it is accessible to all organization members in the tenant’s Azure Active Directory who have authenticated with variable. For example, “All Users (x)” shares with users who have used NTLM to authentication with SharePoint.

The valid values are:

  • True- The All Users claim groups are displayed in People Picker.

  • False- The All Users claim groups are hidden in People Picker.

The default value is True.

NoteNote:
All Users (authenticated) is equivalent to the Everyone claim.

ShowEveryoneClaim

Optional

System.Boolean

Enables the administrator to hide the Everyone claim in the People Picker. When users share an item with Everyone, it is accessible to all authenticated users in the tenant’s Azure Active Directory, including any active external users who have previously accepted invitations.

The valid values are:

  • True- The Everyone claim group is displayed in People Picker.

  • False- The Everyone claim group is hidden in People Picker.

    NoteNote:
    Some SharePoint system resources such as templates and pages are required by be shared to Everyone, and this type of sharing does not expose any user data or metadata.

The default value is True.

ShowEveryoneExceptExternalUsersClaim

Optional

System.Boolean

Enables the administrator to hide the "Everyone except external users" claim in the People Picker. When users share an item with “Everyone except external users”, it is accessible to all organization members in the tenant’s Azure Active Directory, but not to any users who have previously accepted invitations.

The valid values are:

True - The Everyone except external users is displayed in People Picker.

False - The Everyone except external users claim is not visible in People Picker .

The default value is True.

ShowPeoplePickerSuggestionsForGuestUsers

Optional

System.Boolean

PARAMVALUE: $true | $false

SignInAccelerationDomain

Optional

System.String

Specifies home realm discovery value to be sent to Azure Active Directory (AAD) during the user sign-in process.

When the organization uses a third-party identity provider, this prevents the user from seeing the Azure Active Directory Home Realm Discovery web page and ensures the user only sees their company’s Identity Provider’s portal. This value can also be used with Azure Active Directory Premium to customize the Azure Active Directory login page.

NoteNote:
Acceleration will not occur on site collections that are shared externally.
This value should be configured with the login domain that is used by your company (that is, example@contoso.com).
If your company has multiple third-party identity providers, configuring the sign-in acceleration value will break sign-in for your organization.
NoteNote:
If your identity provider is configured to authenticate guest users, you can use EnableGuestSignInAcceleration parameter to accelerate externally shared site collections as well.

StartASiteFormUrl

Optional

System.String

Specifies URL of the form to load in the Start a Site dialog.

UseFindPeopleInPeoplePicker

Optional

System.Boolean

PARAMVALUE: $true | $false

NoteNote:
When set to $true, users aren't able to share with non-email enabled security groups.

UsePersistentCookiesForExplorerView

Optional

System.Boolean

Lets SharePoint issue a special cookie that will allow this feature to work even when “Keep Me Signed In” is not selected.

“Open with Explorer” requires persisted cookies to operate correctly. When the user does not select “Keep Me Signed in” at the time of sign-in, “Open with Explorer” will fail.

WarningWarning:
This special cookie expires after 30 minutes and cannot be cleared by closing the browser or signing out of SharePoint Online. To clear this cookie, the user must log out of their Windows session.

UserVoiceForFeedbackEnabled

Optional

System.Boolean

PARAMVALUE: $true | $false

Show: