CIPP Parts
About 8 months in the past I’ve began a bigger open supply challenge known as CIPP. CIPP is a M365 Administration software aimed toward Managed Companies Suppliers based mostly on Azure Static Net Apps and a PowerShell backend. This weblog shares a few of the PowerShell code that’s used for the backend. CIPP is all the time on the lookout for contributors on each the frontend and backend aspect so bounce in when you’d like. You will discover the Github challenge right here.
Automating with PowerShell: Setting SharePoint Sharing settings (and extra!)
For a very long time SharePoint Admin Settings wasn’t one thing accessible contained in the Graph API. We all the time needed to bounce by way of many hoops and had a difficulty with working adjustments headless as a result of the PowerShell modules didn’t assist it. Just lately I’ve been involved with the SharePoint staff and we now have a practical API for a lot of the necessary admin settings.
Utilizing the script under you’ll be able to change these settings – corresponding to which degree of sharing is allowed, but in addition how lengthy a deleted consumer’s OneDrive is saved.
For example, I’ve set the exterior sharing to “externalUserSharingOnly”, which implies “Customers can share with current visitors (these already within the listing of the group).” and likewise how lengthy a customers OneDrive is saved to twelve months versus the default 30.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
#
$ApplicationId = 'AppID'
$ApplicationSecret = 'AppSecret'
$RefreshToken = "RefreshToken"
#
$credential = New-Object System.Administration.Automation.PSCredential($ApplicationId, ($ApplicationSecret | ConvertTo-SecureString -AsPlainText -Pressure))
$graphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.microsoft.com/.default' -ServicePrincipal
Write-Host "Connecting to the Graph API to get all tenants." -ForegroundColor Inexperienced
$Contractheaders = @{ "Authorization" = "Bearer $($graphToken.accesstoken)" }
$Prospects = (Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/contracts?`$prime=999" -Methodology GET -Headers $Contractheaders).worth
foreach ($Buyer in $Prospects) {
attempt {
$physique = @{
'useful resource' = 'https://graph.microsoft.com'
'client_id' = $ApplicationId
'client_secret' = $ApplicationSecret
'grant_type' = "client_credentials"
'scope' = "openid"
}
$ClientToken = Invoke-RestMethod -Methodology submit -Uri "https://login.microsoftonline.com/$($buyer.customerId)/oauth2/token" -Physique $physique -ErrorAction Cease
$headers = @{ "Authorization" = "Bearer $($ClientToken.access_token)" }
$Actbody = @"
{
"deletedUserPersonalSiteRetentionPeriodInDays": 365,
"sharingCapability": "externalUserSharingOnly"
}
"@
(Invoke-RestMethod -Headers $headers -Uri "https://graph.microsoft.com/beta/admin/sharepoint/settings" -Methodology PATCH -Physique $Actbody -ContentType "software/json")
}
catch {
Write-Host "Couldn't allow settings for $($buyer.defaultdomainname): $($_.Exception.Message)" -ForegroundColor crimson
}
}
|
and that’s it! As all the time, Pleased PowerShelling
