In SharePoint Online, external sharing settings determine how users can share content with external users (guests). Organizations need to ensure that external sharing settings align with security and compliance policies.
Using PnP PowerShell, you can quickly retrieve and verify external sharing settings for a SharePoint site to prevent unauthorized access and enforce governance policies.
Prerequisites
Before checking external sharing settings, ensure the following:
You have SharePoint Admin or Global Admin permissions.
You have PnP PowerShell installed.
You are connected to SharePoint Online.
Step 1: Install and Import PnP PowerShell
If you haven’t installed PnP PowerShell, install it using:
Install-Module -Name PnP.PowerShell -Scope CurrentUser -AllowClobber -Force
Then, import the module:
Import-Module PnP.PowerShell
Step 2: Connect to SharePoint Online
To check external sharing settings, first connect to the SharePoint Online Admin Center:
Connect-PnPOnline -Url "https://yourtenant-admin.sharepoint.com" -Interactive
Replace "yourtenant" with your actual tenant name.
For app-based authentication, use:
Connect-PnPOnline -Url "https://yourtenant-admin.sharepoint.com" -ClientId "Your-App-Client-ID" -Tenant "yourtenant.onmicrosoft.com" -CertificatePath "Path\To\Certificate.pfx"
Step 3: Check External Sharing Settings for a Specific Site
To check external sharing settings for a specific SharePoint site, use:
# Define site URL
$siteUrl = "https://yourtenant.sharepoint.com/sites/YourSite"
# Get site external sharing settings
$site = Get-PnPTenantSite -Url $siteUrl
$site | Select-Object Url, SharingCapability
🔹 Replace "YourSite" with your actual site name.
🔹 This command retrieves the external sharing settings for the site and displays:
- URL → Site collection URL.
- SharingCapability → The current external sharing setting.
Possible Values for SharingCapability:
| Value | Description |
|---|---|
| Disabled | External sharing is completely turned off. |
| ExistingExternalUserSharingOnly | Only existing external users can be invited. |
| ExternalUserSharingOnly | New external users can be invited, but no anonymous links. |
| ExternalUserAndGuestSharing | Anonymous sharing links and external users allowed. |
Step 4: Check External Sharing Settings for All Sites
To check external sharing settings across all sites:
# Get all site collections
$sites = Get-PnPTenantSite
# Select relevant details
$sites | Select-Object Url, Title, SharingCapability | Format-Table -AutoSize
🔹 This lists the sharing settings for all site collections in a structured table.
To export the results to a CSV file, use:
$sites | Select-Object Url, Title, SharingCapability | Export-Csv -Path "C:\ExternalSharingSettings.csv" -NoTypeInformation
The CSV file will contain a report of all site collections and their external sharing settings.
Step 5: Verify External Sharing Settings in SharePoint Admin Center
If needed, verify the external sharing settings through the SharePoint Admin Center:
1️⃣ Navigate to SharePoint Admin Center → https://yourtenant-admin.sharepoint.com
2️⃣ Click on Active sites
3️⃣ Select a site and click Policies > Sharing
4️⃣ Confirm the external sharing level
Step 6: Adjust External Sharing Settings (Optional)
If external sharing is too restrictive or too open, you can modify it using:
Set-PnPTenantSite -Url "https://yourtenant.sharepoint.com/sites/YourSite" -SharingCapability ExternalUserSharingOnly
This command changes the external sharing setting to allow only existing external users.
🔹 Other possible values:
Set-PnPTenantSite -Url "https://yourtenant.sharepoint.com/sites/YourSite" -SharingCapability Disabled
Disables external sharing completely.
Set-PnPTenantSite -Url "https://yourtenant.sharepoint.com/sites/YourSite" -SharingCapability ExternalUserAndGuestSharing
🔹 Allows both external users and anonymous links.
Step 7: Disconnect the PowerShell Session
After checking or modifying settings, securely disconnect the session:
Disconnect-PnPOnline
This prevents unauthorized access.
Common Errors & Troubleshooting
| Error | Cause | Solution |
|---|---|---|
Get-PnPTenantSite : The term is not recognized | You are not connected to the SharePoint Admin Center | Use -Url "https://yourtenant-admin.sharepoint.com" in Connect-PnPOnline |
Access Denied | Insufficient permissions | Ensure you are a SharePoint Admin or Global Admin |
Cannot connect to SharePoint Online | Authentication issue | Use -Interactive login or App-based authentication |
Set-PnPTenantSite : Parameter SharingCapability cannot be set | You may be modifying a Hub site or Teams-connected site | Use Admin Center UI for those sites |