If you find the ‘anyone’ setting greyed out and not matching the policy, this is how to apply SharePoint sharing policy settings, set in the SharePoint Admin Center, to all your Team sites.
So, you may have decided that you need to allow users to share files with external users using anonymouse sharing links, especially if you have users coming from DropBox or Box who are used to this functionality.
So, you change the setting in the SharePoint Admin Center to allow anonymous links, but dragging the slider to ‘Anyone’.
After changing this setting, if you try and share a file from Teams (via Open in SharePoint), you will find that the option is still greyed out:
But this is enabled via policy, even if you create a new Team, it doesn’t have the setting specified in the policy. So what’s the solution? You could select each site, then Sharing, and click on the strangely worded link ‘Reset to organization level settings’ (although you never changed it aware from the organization level settings). This is tedious if you have a lot of sites.
The fact is that there is no way to actually apply the policy to all sites, the policy only specifies what permissions are available. So you still have to apply this setting to every site, which luckily we can do with PowerShell.
First, connect to SharePoint online (I use the following connection script, just change the $sharepointadmin variable):
write-host "Connecting to SharePoint (SPOService)..." -ForegroundColor Yellow
if ($module = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version) {
#write-host "installed"
} else {
write-host "SharePoint module Not installed, install with Install-Module -Name Microsoft.Online.SharePoint.PowerShell" -ForegroundColor Red
exit
}
$sharepointadmin = "https://yourtenant-admin.sharepoint.com"
try {
$var = Get-SPOGeoStorageQuota # Just using this as it is quick
}
catch {
Write-Host "Not connected, authenticate in other window"; Connect-SPOService -Url $sharepointadmin
}
Now get all your Teams and check the settings:
get-sposite -LIMIT ALL | Where-Object {$_.Template -eq "GROUP#0"}| ft Url,template,SharingCapability
# Or just get the ones that don't match the policy you want set
get-sposite -LIMIT ALL | Where-Object {$_.Template -eq "GROUP#0" -AND $_.SharingCapability -ne "ExternalUserAndGuestSharing"} |ft Url,template,SharingCapabilitySet the sharing capability (not this is quite slow so don’t include every site):
get-sposite -LIMIT ALL | Where-Object {$_.Template -eq "GROUP#0" -AND $_.SharingCapability -ne "ExternalUserAndGuestSharing"}| set-SPOSite -SharingCapability ExternalUserAndGuestSharing And check the result using the previous command.
Note that the values for SharingCapability are somewhat counterintuitive, refer to https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/set-sposite?view=sharepoint-ps#examples
The possible values are as follows, and correspond to the slider values in the first image:
- ExternalUserAndGuestSharing – allow sharing with all external users, and by using anonymous access links.
- ExternalUserSharingOnly – allow external users who accept sharing invitations and sign in as authenticated users
- ExistingExternalUserSharingOnly – Allow sharing only with the external users that already exist in your organization’s directory
- Disabled – don’t allow sharing outside your organization
Unfortunately, you’ll still have to do this for every new Team, but at least it’s easier now!
