OneDrive for Business allows users to share files and folders with internal and external users. PnP PowerShell provides a way to manage OneDrive sharing settings, including:
Checking current sharing settings
Enabling or disabling external sharing
Setting default sharing link types
Restricting sharing domains
Managing anonymous links
Step 1: Install and Import PnP PowerShell
If you haven’t installed PnP PowerShell, install it using:
Install-Module -Name PnP.PowerShell -Scope CurrentUser -AllowClobber -Force
Import the module:
Import-Module PnP.PowerShell
PnP PowerShell is ready!
Step 2: Connect to OneDrive
To manage OneDrive, first connect to it using PnP PowerShell:
$OneDriveUrl = "https://yourtenant-my.sharepoint.com/personal/your_email_com"
Connect-PnPOnline -Url $OneDriveUrl -Interactive
🔹 Replace yourtenant with your Microsoft 365 tenant name.
🔹 Replace your_email_com with your OneDrive user’s UPN (User Principal Name).
🔹 This command will prompt for Microsoft 365 login credentials.
Connected to OneDrive!
Step 3: Check Current OneDrive Sharing Settings
To view the existing sharing settings:
Get-PnPTenantSite -Url $OneDriveUrl | Select SharingCapability
🔹 The output will show the current SharingCapability value:
- Disabled → Sharing is turned off.
- ExistingExternalUserSharingOnly → Allows sharing only with existing external users.
- ExternalUserSharingOnly → Allows sharing with external users with authentication.
- ExternalUserAndGuestSharing → Allows anonymous and external sharing.
Checked OneDrive sharing settings!
Step 4: Enable or Disable External Sharing
To modify the OneDrive sharing setting:
Set-PnPTenantSite -Url $OneDriveUrl -SharingCapability ExternalUserAndGuestSharing
🔹 Replace ExternalUserAndGuestSharing with:
- Disabled → Disable external sharing.
- ExistingExternalUserSharingOnly → Only allow sharing with pre-invited external users.
- ExternalUserSharingOnly → Only allow external users with authentication.
- ExternalUserAndGuestSharing → Allow anyone with a link.
Updated OneDrive sharing settings!
Step 5: Set Default Sharing Link Type
OneDrive allows three types of default sharing links:
1️⃣ None – No default sharing link.
2️⃣ View – Read-only sharing.
3️⃣ Edit – Editable sharing link.
To set the default sharing link type:
Set-PnPTenant -DefaultSharingLinkType Edit
🔹 Replace Edit with None or View if needed.
Default sharing link type updated!
Step 6: Restrict Sharing to Specific Domains
To allow or block sharing to specific external domains:
Set-PnPTenant -SharingAllowedDomainList "trustedpartner.com,client.com" -SharingDomainRestrictionMode AllowList
🔹 This allows sharing only with trustedpartner.com and client.com.
To block specific domains:
Set-PnPTenant -SharingBlockedDomainList "untrusted.com,hacker.com" -SharingDomainRestrictionMode BlockList
Restricted OneDrive sharing domains!
Step 7: Disable Anonymous Sharing Links
To disable Anyone (anonymous) links:
Set-PnPTenant -FileAnonymousLinkType None
To enable only view-only anonymous links:
Set-PnPTenant -FileAnonymousLinkType View
Anonymous sharing links updated!
Step 8: Set Expiration for External Sharing Links
To enforce link expiration for externally shared files:
Set-PnPTenant -RequireAnonymousLinksExpireInDays 30
🔹 This ensures that external sharing links expire in 30 days.
Set expiration policy for sharing links!
Step 9: Verify Changes in Sharing Settings
After making changes, check if they were applied correctly:
Get-PnPTenant | Select DefaultSharingLinkType, SharingCapability, SharingAllowedDomainList, FileAnonymousLinkType
Verified OneDrive sharing settings!
Step 10: Disconnect the Session
Once you’re done, disconnect the session:
Disconnect-PnPOnline
Disconnected from OneDrive!