Update SharePoint External Sharing on Multiple Sites with PowerShell

If you recently changed the external sharing configuration of your Microsoft 365 tenant, you might be surprised to find that many of your SharePoint sites do not follow this configuration.

Sure, the SharePoint Admin Center gives us the option to “Reset to organization-level settings” (even though we never changed it to begin with!), but who wants to go through each site one by one?

Thankfully, we can use PowerShell to find sites that don’t match our configuration and update them accordingly. For this, you’ll need to install the SharePoint PowerShell module if you don’t already have it.

Install-Module -Name Microsoft.Online.SharePoint.PowerShell

There are four configurations we can use in the script below:

1. Disabled – This is the same as “Only people in your organization”
2. ExistingExternalUserSharingOnly – “Existing guests only”
3. ExternalUserSharingOnly – “New and existing guests”
4. ExternalUserAndGuestSharing – “Anyone”

# Customize these variables for your needs
$sharepointAdminURL = "https://yourtenant-admin.sharepoint.com"
$desiredSharingSetting = "ExternalUserSharingOnly"

# Check if needed modules are installed
if ($module = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version) {
    #write-host "installed"
    } else {
        write-host "SharePoint module Not installed, install with Install-Module -Name Microsoft.Online.SharePoint.PowerShell" -ForegroundColor Red
        exit
        }

# Connect to SharePoint Online if needed
try {
    $testConnection = Get-SPOGeoStorageQuota # Quick connection test
}
catch {
    Write-Host "Not connected. Please authenticate in the pop-up window"; Connect-SPOService -Url $sharepointAdminURL
}

# Get sites that don't match our desired sharing policy and write them to the screen
GET-SPOSITE -LIMIT ALL | WHERE-OBJECT {$_.SharingCapability -ne $desiredSharingSetting} | FORMAT-TABLE Title,URL,SharingCapability

# If the output looks good, uncomment the following line and run the script again to make the change!
# GET-SPOSITE -LIMIT ALL | WHERE-OBJECT {$_.SharingCapability -ne $desiredSharingSetting} | FORMAT-TABLE Title,URL,SharingCapability | SET-SPOSITE -SharingCapability $desiredSharingSetting

You can customize the WHERE-OBJECT portion of the code in line 22 to further pinpoint certain sites you want to share externally. For example, if you wanted to target Teams-connected sites, you can filter based on the site’s template which would be GROUP#0.

GET-SPOSITE -LIMIT ALL | WHERE-OBJECT {$_.SharingCapability -ne $desiredSharingSetting -AND $_.Template -eq "GROUP#0"} | FORMAT-TABLE Title,URL,SharingCapability

Or perhaps you only want to change sites that have the word “External” in their name.

GET-SPOSITE -LIMIT ALL | WHERE-OBJECT {$_.SharingCapability -ne $desiredSharingSetting -AND $_.Title -like "*External*"} | FORMAT-TABLE Title,URL,SharingCapability

Just remember to also update the last line to match your query before you run the script!