-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathSet-SharePointTenant.ps1
106 lines (92 loc) · 5.74 KB
/
Set-SharePointTenant.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<#
.SYNOPSIS
Update Tenant Parameters, and enabling Public CDN
You will need to connect to https://<tenant>-admin.sharepoint.com first using Connect-PNPOnline
.EXAMPLE
.\Set-SharePointTenant.ps1 -SettingsPath:'.\Settings\SPTenantSettings.json'
#>
param(
# The path to the Json file
[Parameter(Mandatory)][string]$SettingsPath
)
#Have to create App Catalog Manually.
Write-Host -MessageData:"Started setting tenant settings at $(Get-Date)"
$InformationPreference = "Continue";
$Parameters = Get-Content -Raw -Path $SettingsPath | ConvertFrom-Json
# Uses PNP
# Set Tenant settings
Set-PnPTenant -ExternalServicesEnabled: $($Parameters.ExternalServicesEnabled) `
-NoAccessRedirectUrl:$($Parameters.NoAccessRedirectUrl) `
-SharingCapability:$($Parameters.SharingCapability) `
-DisplayStartASiteOption: $($Parameters.DisplayStartASiteOption) `
-StartASiteFormUrl: $($Parameters.StartASiteFormUrl) `
-ShowEveryoneClaim: $($Parameters.ShowEveryoneClaim) `
-ShowAllUsersClaim: $($Parameters.ShowAllUsersClaim) `
-ShowEveryoneExceptExternalUsersClaim: $($Parameters.ShowEveryoneExceptExternalUsersClaim) `
-SearchResolveExactEmailOrUPN: $($Parameters.SearchResolveExactEmailOrUPN) `
-OfficeClientADALDisabled: $($Parameters.OfficeClientADALDisabled) `
-LegacyAuthProtocolsEnabled: $($Parameters.LegacyAuthProtocolsEnabled) `
-RequireAcceptingAccountMatchInvitedAccount: $($Parameters.RequireAcceptingAccountMatchInvitedAccount) `
-ProvisionSharedWithEveryoneFolder: $($Parameters.ProvisionSharedWithEveryoneFolder) `
-UsePersistentCookiesForExplorerView: $($Parameters.UsePersistentCookiesForExplorerView) `
-BccExternalSharingInvitations: $($Parameters.BccExternalSharingInvitations) `
-BccExternalSharingInvitationsList: $($Parameters.BccExternalSharingInvitationsList) `
-UserVoiceForFeedbackEnabled: $($Parameters.UserVoiceForFeedbackEnabled) `
-RequireAnonymousLinksExpireInDays: $($Parameters.RequiredAnonymousLinksExpireInDays) `
-SharingAllowedDomainList: $($Parameters.SharingAllowedDomainList) `
-SharingBlockedDomainList: $($Parameters.SharingBlockedDomainList) `
-SharingDomainRestrictionMode: $($Parameters.SharingDomainRestrictionMode) `
-OneDriveStorageQuota: $($Parameters.OneDriveStorageQuota) `
-IPAddressAllowList: $($Parameters.IPAddressAllowList) `
-IPAddressEnforcement: $($Parameters.IPAddressEnforcement) `
-IPAddressWACTokenLifetime: $($Parameters.IPAddressWACTokenLifetime) `
-DefaultSharingLinkType: $($Parameters.DefaultSharingLinkType) `
-ODBMembersCanShare: $($Parameters.ODBMembersCanShare) `
-ODBAccessRequests: $($Parameters.ODBAccessRequests) `
-PreventExternalUsersFromResharing: $($Parameters.PreventExternalUsersFromResharing) `
-ShowPeoplePickerSuggestionsForGuestUsers: $($Parameters.ShowPeoplePickerSuggestionsForGuestUsers) `
-FileAnonymousLinkType: $($Parameters.FileAnonymousLinkType) `
-FolderAnonymousLinkType: $($Parameters.FolderAnonymousLinkType) `
-NotifyOwnersWhenItemsReshared: $($Parameters.NotifyOwnersWhenItemsReshared) `
-NotifyOwnersWhenInvitationsAccepted: $($Parameters.NotifyOwnersWhenInvitationsAccepted) `
-NotificationsInOneDriveForBusinessEnabled: $($Parameters.NotificationsInOneDriveForBusinessEnabled) `
-NotificationsInSharePointEnabled: $($Parameters.NotificationsInSharePointEnabled) `
-OwnerAnonymousNotification: $($Parameters.OwnerAnonymousNotification) `
-CommentsOnSitePagesDisabled: $($Parameters.CommentsOnSitePagesDisabled) `
-SocialBarOnSitePagesDisabled: $($Parameters.SocialBarOnSitePagesDisabled) `
-DisallowInfectedFileDownload: $($Parameters.DisallowInfectedFileDownload) `
-DefaultLinkPermission: $($Parameters.DefaultLinkPermission) `
-ApplyAppEnforcedRestrictionsToAdHocRecipients: $($Parameters.ApplyAppEnforcedRestrictionsToAdHocRecipients) `
-FilePickerExternalImageSearchEnabled: $($Parameters.FilePickerExternalImageSearchEnabled) `
-EmailAttestationRequired: $($Parameters.EmailAttestationRequired) `
-EmailAttestationReAuthDays: $($Parameters.EmailAttestationReAuthDays) `
-HideDefaultThemes: $($Parameters.HideDefaultThemes) `
-SpecialCharactersStateInFileFolderNames: $($Parameters.SpecialCharactersStateInFileFolderNames) `
-UseFindPeopleInPeoplePicker: $($Parameters.UseFindPeopleInPeoplePicker) `
if ($Parameters.EnableGuestSignInAcceleration) {
Set-PnPTenant -SignInAccelerationDomain: $($Parameters.SignInAccelerationDomain) `
-EnableGuestSignInAcceleration: $($Parameters.EnableGuestSignInAcceleration)
}
# Needs a confirm.
Set-PnPTenant -OneDriveForGuestsEnabled: $($Parameters.OneDriveForGuestsEnabled)
Set-PnPTenant -OrphanedPersonalSitesRetentionPeriod: $($Parameters.OrphanedPersonalSitesRetentionPeriod)
# Needs Intune and Azure Directory Premium Subscriptions
#TODO: Work out how to check if licenses are available before running.
#Set-PnPTenant -ConditionalAccessPolicy: $($Parameters.ConditionalAccessPolicy)
#Set-PnPTenant -AllowDownloadingNonWebViewableFiles: $($Parameters.AllowDownloadingNonWebViewableFiles)
#Set-PnPTenant -AllowEditing: $($Parameters.AllowEditing) `
<#Ensure this is within PublicCdnOrigins
*/MASTERPAGE
*/STYLE LIBRARY
*/CLIENTSIDEASSETS
#>
Write-Information -MessageData "Setting Public CDN to enabled = $($Parameters.PublicCdnEnabled)"
Set-PnPTenantCdnEnabled -CdnType Public -Enable:$Parameters.PublicCdnEnabled
if($Parameters.PublicCdnEnabled)
{
Set-PnPTenantCdnPolicy -CdnType Public -PolicyType:IncludeFileExtensions -PolicyValue:$($Parameters.PublicCdnAllowedFileTypes)
$Parameters.PublicCdnOrigins | ForEach-Object{
Add-PnPTenantCdnOrigin -CdnType Public -OriginUrl $PSItem -ErrorAction:SilentlyContinue
}
}
Write-Host "Finished setting tenant settings at $(Get-Date)"