1. Introduction
External sharing in SharePoint Online allows users to collaborate with people outside the organization. However, improper management of external sharing can lead to security risks and data leaks.
Using PnP PowerShell, we can:
Retrieve external sharing settings for SharePoint Online sites
Identify externally shared files and folders
Export an external sharing report to CSV
Automate external sharing monitoring
2. Prerequisites
Before you begin, ensure you have:
- PnP PowerShell installed
If not, install it using:Install-Module -Name PnP.PowerShell -Scope CurrentUser -Force - SharePoint Admin or Global Admin permissions
- The SharePoint Admin Center URL of your organization
3. Connecting to SharePoint Online
Before retrieving external sharing details, connect to SharePoint Online.
Step 1: Connect to SharePoint Online
$AdminURL = "https://yourtenant-admin.sharepoint.com"
Connect-PnPOnline -Url $AdminURL -Interactive
- Replace
"yourtenant"with your SharePoint tenant name. - This prompts you to log in with Microsoft 365 credentials.
4. Retrieving External Sharing Settings
To check whether external sharing is enabled:
$SharingSettings = Get-PnPTenantSite | Select-Object Url, SharingCapability
$SharingSettings | Format-Table -AutoSize
- This command lists all SharePoint sites and their external sharing status.
Understanding SharingCapability Values:
| Value | Description |
|---|---|
| Disabled | External sharing is not allowed |
| ExistingExternalUserSharingOnly | Only existing guests can access |
| ExternalUserSharingOnly | Anyone with a Microsoft or work/school account can access |
| ExternalUserAndGuestSharing | Anonymous links and external users are allowed |
5. Identifying Shared Files and Folders
To list all files and folders shared externally:
$SiteURL = "https://yourtenant.sharepoint.com/sites/YourSite"
Connect-PnPOnline -Url $SiteURL -Interactive
$SharedItems = Get-PnPListItem -List "Documents" -Fields "FileRef", "FileLeafRef", "SharedWithUsers"
$SharedItems | Where-Object { $_.SharedWithUsers -ne $null } | Select-Object FileRef, SharedWithUsers
- Replace
"YourSite"with your actual site name. - This retrieves files in the Documents library that are shared externally.
6. Exporting External Sharing Report to CSV
To generate a report of all externally shared files and users:
Step 1: Connect to SharePoint Online
$SiteURL = "https://yourtenant.sharepoint.com/sites/YourSite"
Connect-PnPOnline -Url $SiteURL -Interactive
Step 2: Retrieve Shared Files and Export to CSV
$SharedItems = Get-PnPListItem -List "Documents" -Fields "FileRef", "FileLeafRef", "SharedWithUsers"
$Results = @()
foreach ($Item in $SharedItems) {
if ($Item.SharedWithUsers -ne $null) {
$Results += [PSCustomObject]@{
FileName = $Item.FileLeafRef
FilePath = $Item.FileRef
SharedWith = ($Item.SharedWithUsers -join "; ")
}
}
}
$Results | Export-Csv -Path "C:\Reports\ExternalSharingReport.csv" -NoTypeInformation
Write-Host "External Sharing Report Exported Successfully!"
- This script extracts:
File name
File location
Users it is shared with - The report is saved as ExternalSharingReport.csv in
C:\Reports\.
7. Automating the External Sharing Monitoring Process
To schedule automated monitoring, create a PowerShell script (Monitor-ExternalSharing.ps1) and run it periodically.
Step 1: Save the Script
$SiteURL = "https://yourtenant.sharepoint.com/sites/YourSite"
Connect-PnPOnline -Url $SiteURL -Interactive
$SharedItems = Get-PnPListItem -List "Documents" -Fields "FileRef", "FileLeafRef", "SharedWithUsers"
$Results = @()
foreach ($Item in $SharedItems) {
if ($Item.SharedWithUsers -ne $null) {
$Results += [PSCustomObject]@{
FileName = $Item.FileLeafRef
FilePath = $Item.FileRef
SharedWith = ($Item.SharedWithUsers -join "; ")
}
}
}
$Results | Export-Csv -Path "C:\Reports\ExternalSharingReport.csv" -NoTypeInformation
Write-Host "External Sharing Report Exported Successfully!"
Step 2: Schedule the Task
- Open Task Scheduler.
- Click Create Basic Task.
- Choose a Trigger (e.g., daily or weekly).
- Select Action > Start a Program.
- Set Program/Script to
powershell.exe. - In Add Arguments, enter:
-File "C:\Path\To\Monitor-ExternalSharing.ps1" - Click Finish and enable the task.
Now, SharePoint external sharing will be monitored automatically.