CIPP Components
About 8 months ago I’ve started a larger open source project called CIPP. CIPP is a M365 Management tool aimed at Managed Services Providers based on Azure Static Web Apps and a PowerShell backend. This blog shares some of the PowerShell code that’s used for the backend. CIPP is always looking for contributors on both the frontend and backend side so jump in if you’d like. You can find the Github project here.
Automating with PowerShell: Setting SharePoint Sharing settings (and more!)
For a long time SharePoint Admin Settings wasn’t something available inside the Graph API. We always had to jump through many hoops and had an issue with running changes headless because the PowerShell modules didn’t support it. Recently I’ve been in contact with the SharePoint team and we now have a functional API for most of the important admin settings.
Using the script below you can change these settings - such as which level of sharing is allowed, but also how long a deleted user’s OneDrive is saved.
As an example, I’ve set the external sharing to “externalUserSharingOnly”, which means “Users can share with existing guests (those already in the directory of the organization).” and also how long a users OneDrive is saved to 365 days as opposed to the default 30.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
#
$ApplicationId = 'AppID'
$ApplicationSecret = 'AppSecret'
$RefreshToken = "RefreshToken"
#
$credential = New-Object System.Management.Automation.PSCredential($ApplicationId, ($ApplicationSecret | ConvertTo-SecureString -AsPlainText -Force))
$graphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.microsoft.com/.default' -ServicePrincipal
Write-Host "Connecting to the Graph API to get all tenants." -ForegroundColor Green
$Contractheaders = @{ "Authorization" = "Bearer $($graphToken.accesstoken)" }
$Customers = (Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/contracts?`$top=999" -Method GET -Headers $Contractheaders).value
foreach ($Customer in $Customers) {
try {
$body = @{
'resource' = 'https://graph.microsoft.com'
'client_id' = $ApplicationId
'client_secret' = $ApplicationSecret
'grant_type' = "client_credentials"
'scope' = "openid"
}
$ClientToken = Invoke-RestMethod -Method post -Uri "https://login.microsoftonline.com/$($customer.customerId)/oauth2/token" -Body $body -ErrorAction Stop
$headers = @{ "Authorization" = "Bearer $($ClientToken.access_token)" }
$Actbody = @"
{
"deletedUserPersonalSiteRetentionPeriodInDays": 365,
"sharingCapability": "externalUserSharingOnly"
}
"@
(Invoke-RestMethod -Headers $headers -Uri "https://graph.microsoft.com/beta/admin/sharepoint/settings" -Method PATCH -Body $Actbody -ContentType "application/json")
}
catch {
Write-Host "Could not enable settings for $($customer.defaultdomainname): $($_.Exception.Message)" -ForegroundColor red
}
}
|
and that’s it! As always, Happy PowerShelling