Skip to content
Rishan Solutions
Rishan Solutions
  • PowerApps
  • SharePoint online
    • Uncategorized
    • Uncategorized
  • PowerAutomate
Rishan Solutions
Latest Posts
  • Agentic AI: The Dawn of Autonomous Intelligence Revolutionizing 2025 June 24, 2025
  • Recursive Queries in T-SQL May 7, 2025
  • Generating Test Data with CROSS JOIN May 7, 2025
  • Working with Hierarchical Data May 7, 2025
  • Using TRY_CAST vs CAST May 7, 2025
  • Dynamic SQL Execution with sp_executesql May 7, 2025

Configuring OneDrive External Sharing using PnP PowerShell

Posted on March 21, 2025March 21, 2025 by Rishan Solutions

Loading

External sharing in OneDrive for Business allows users to share files and folders with people outside the organization. However, improper configuration may lead to security risks. Using PnP PowerShell, admins can:
✔ Enable or disable external sharing
✔ Set sharing policies (Anyone, New and Existing Guests, etc.)
✔ Restrict domain-based sharing
✔ Audit external sharing settings

This step-by-step guide will help you configure and manage OneDrive external sharing using PnP PowerShell.


Step 1: Install and Update PnP PowerShell

Ensure you have PnP PowerShell installed. Open PowerShell as Administrator and run:

Install-Module -Name PnP.PowerShell -Force -AllowClobber

To update:

Update-Module -Name PnP.PowerShell

Verify installation:

Get-Module -Name PnP.PowerShell -ListAvailable

Step 2: Connect to SharePoint Online (OneDrive Admin Center)

Since OneDrive for Business is part of SharePoint Online, connect to the SharePoint Admin Center:

$adminUrl = "https://yourtenant-admin.sharepoint.com"
Connect-PnPOnline -Url $adminUrl -Scopes "Sites.FullControl.All" -Interactive

For app-based authentication, use:

$clientId = "your-client-id"
$tenantId = "your-tenant-id"
$clientSecret = "your-client-secret"

Connect-PnPOnline -Url $adminUrl -ClientId $clientId -ClientSecret $clientSecret -Tenant $tenantId

Step 3: Retrieve Current External Sharing Settings

To check the current external sharing settings for OneDrive:

Get-PnPTenant | Select-Object -Property OneDriveForGuestsEnabled,SharingCapability,ShowEveryoneClaim

✔ OneDriveForGuestsEnabled → Is external sharing enabled?
✔ SharingCapability → Current sharing level (Disabled, Authenticated, Anonymous, Existing Guests)
✔ ShowEveryoneClaim → Is “Everyone” access enabled?


Step 4: Configure External Sharing in OneDrive

1. Enable External Sharing for OneDrive

To enable external sharing:

Set-PnPTenant -OneDriveForGuestsEnabled $true -SharingCapability ExternalUserAndGuestSharing
Write-Host "External sharing enabled for OneDrive."

SharingCapability options:

  • Disabled → No external sharing
  • ExistingExternalUserSharingOnly → Only existing guests can access
  • ExternalUserAndGuestSharing → New guests allowed
  • Anyone → Anyone with a link

2. Disable External Sharing for OneDrive

Set-PnPTenant -OneDriveForGuestsEnabled $false -SharingCapability Disabled
Write-Host "External sharing disabled for OneDrive."

Step 5: Configure Sharing Link Settings

To set the default link type for shared files:

Set-PnPTenant -DefaultSharingLinkType Internal
Write-Host "Default sharing link type set to Internal (No external sharing)."

✔ ViewOnly → Read-only access
✔ Edit → Can edit files
✔ Internal → No external sharing

To enable anonymous access links (Anyone links):

Set-PnPTenant -FileAnonymousLinkType Edit
Write-Host "Anonymous link sharing enabled with Edit permissions."

To disable anonymous links:

Set-PnPTenant -FileAnonymousLinkType Disabled
Write-Host "Anonymous link sharing disabled."

Step 6: Restrict Sharing to Specific Domains

To allow sharing only with specific domains:

Set-PnPTenant -SharingAllowedDomainList "trustedpartner.com, example.com" -SharingDomainRestrictionMode AllowList
Write-Host "External sharing restricted to trustedpartner.com and example.com."

To block certain domains:

Set-PnPTenant -SharingBlockedDomainList "competitor.com, untrusted.com" -SharingDomainRestrictionMode BlockList
Write-Host "External sharing blocked for competitor.com and untrusted.com."

Step 7: Enable External Sharing Audit Logging

To track external sharing activities, enable audit logging:

Set-PnPAuditing -OneDrive $true -LogFileAccess $true -LogSharingActions $true
Write-Host "Audit logging enabled for OneDrive external sharing."

Retrieve external sharing logs:

Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-30) -EndDate (Get-Date) -RecordType SharePointSharingOperation

Step 8: Generate External Sharing Report

To export a report of all externally shared files in OneDrive:

$reportPath = "C:\Reports\OneDrive_ExternalSharing_Report.csv"
$oneDriveSites = Get-PnPTenantSite -IncludeOneDriveSites | Where-Object { $_.Url -like "*-my.sharepoint.com/personal/*" }

$sharingData = @()

foreach ($site in $oneDriveSites) {
Connect-PnPOnline -Url $site.Url -Interactive
$sharedItems = Get-PnPListItem -List "Documents" | Where-Object { $_.HasUniqueRoleAssignments }

foreach ($item in $sharedItems) {
$sharingData += [PSCustomObject]@{
SiteUrl = $site.Url
FileName = $item.FieldValues.FileLeafRef
FileUrl = $item.FieldValues.FileRef
SharedWith = ($item.RoleAssignments | Select-Object -ExpandProperty Member)
}
}
}

$sharingData | Export-Csv -Path $reportPath -NoTypeInformation
Write-Host "OneDrive external sharing report saved to $reportPath"

Step 9: Automate External Sharing Monitoring

1. Open Task Scheduler

  • Click Start, search for Task Scheduler, and open it.
  • Click Create Basic Task.
  • Name it “OneDrive External Sharing Audit”.

2. Set Trigger

  • Choose Weekly or another frequency.
  • Set execution time.

3. Set Action

  • Select Start a Program.
  • In Program/Script, enter: powershell.exe
  • In Arguments, enter:-File "C:\Scripts\OneDriveExternalSharingAudit.ps1"
  • Click Finish.

This ensures regular monitoring of external sharing settings.

Posted Under PNP PowerShellAdmin Tools audit logging Automation Cloud Storage Compliance data governance external sharing File Sharing IT security Microsoft 365 OneDrive PNP PowerShell PowerShell scripting Reporting Security SharePoint online

Post navigation

Managing OneDrive Version History using PnP PowerShell
Exporting OneDrive Permission Reports using PnP PowerShell

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Agentic AI: The Dawn of Autonomous Intelligence Revolutionizing 2025
  • Recursive Queries in T-SQL
  • Generating Test Data with CROSS JOIN
  • Working with Hierarchical Data
  • Using TRY_CAST vs CAST

Recent Comments

  1. Michael Francis on Search , Filter and Lookup in power apps
  2. A WordPress Commenter on Hello world!

Archives

  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • March 2024
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • June 2023
  • May 2023
  • April 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • January 2022

Categories

  • Active Directory
  • AI
  • AngularJS
  • Blockchain
  • Button
  • Buttons
  • Choice Column
  • Cloud
  • Cloud Computing
  • Data Science
  • Distribution List
  • DotNet
  • Dynamics365
  • Excel Desktop
  • Extended Reality (XR) – AR, VR, MR
  • Gallery
  • Icons
  • IoT
  • Java
  • Java Script
  • jQuery
  • Microsoft Teams
  • ML
  • MS Excel
  • MS Office 365
  • MS Word
  • Office 365
  • Outlook
  • PDF File
  • PNP PowerShell
  • Power BI
  • Power Pages
  • Power Platform
  • Power Virtual Agent
  • PowerApps
  • PowerAutomate
  • PowerPoint Desktop
  • PVA
  • Python
  • Quantum Computing
  • Radio button
  • ReactJS
  • Security Groups
  • SharePoint Document library
  • SharePoint online
  • SharePoint onpremise
  • SQL
  • SQL Server
  • Template
  • Uncategorized
  • Variable
  • Visio
  • Visual Studio code
  • Windows
© Rishan Solutions 2025 | Designed by PixaHive.com.
  • Rishan Solutions