From e442bc5c38374c6a170f882c1a382bfe6948518e Mon Sep 17 00:00:00 2001 From: Ganesh Sanap Date: Tue, 15 Aug 2023 22:43:56 +0530 Subject: [PATCH 1/2] Added new parameters to Set-PnPTenant --- documentation/Set-PnPTenant.md | 161 +++++++++++++++++++++++++++++++- src/Commands/Admin/SetTenant.cs | 83 +++++++++++++++- 2 files changed, 239 insertions(+), 5 deletions(-) diff --git a/documentation/Set-PnPTenant.md b/documentation/Set-PnPTenant.md index ee000f73f..6a452f64a 100644 --- a/documentation/Set-PnPTenant.md +++ b/documentation/Set-PnPTenant.md @@ -95,7 +95,7 @@ Set-PnPTenant [-SpecialCharactersStateInFileFolderNames [-EnableRestrictedAccessControl ] [-EnableAzureADB2BIntegration ] [-CoreRequestFilesLinkEnabled ] - [-CoreRequestFilesLinkExpirationInDays ] + [-CoreRequestFilesLinkExpirationInDays ] [-LabelMismatchEmailHelpLink ] [-DisableDocumentLibraryDefaultLabeling ] [-IsEnableAppAuthPopUpEnabled ] @@ -126,6 +126,14 @@ Set-PnPTenant [-SpecialCharactersStateInFileFolderNames [-MediaTranscription ] [-MediaTranscriptionAutomaticFeatures ] [-SiteOwnerManageLegacyServicePrincipalEnabled ] + [-ReduceTempTokenLifetimeEnabled ] + [-ReduceTempTokenLifetimeValue ] + [-ViewersCanCommentOnMediaDisabled ] + [-AllowGuestUserShareToUsersNotInSiteCollection ] + [-ConditionalAccessPolicyErrorHelpLink ] + [-CustomizedExternalSharingServiceUrl ] + [-IncludeAtAGlanceInShareEmails ] + [-MassDeleteNotificationDisabled ] [-Force] [-Connection ] ``` @@ -956,6 +964,7 @@ Accept wildcard characters: False ``` ### -RequireAcceptingAccountMatchInvitedAccount + Ensures that an external user can only accept an external sharing invitation with an account matching the invited email address. Administrators who desire increased control over external collaborators should consider enabling this feature. @@ -978,6 +987,7 @@ Accept wildcard characters: False ``` ### -RequireAnonymousLinksExpireInDays + Specifies all anonymous links that have been created (or will be created) will expire after the set number of days . To remove the expiration requirement, set the value to zero (0). @@ -994,6 +1004,7 @@ Accept wildcard characters: False ``` ### -SearchResolveExactEmailOrUPN + Removes the search capability from People Picker. Note, recently resolved names will still appear in the list until browser cache is cleared or expired. SharePoint Administrators will still be able to use starts with or partial name matching when enabled. @@ -1014,6 +1025,7 @@ Accept wildcard characters: False ``` ### -SharingAllowedDomainList + Specifies a list of email domains that is allowed for sharing with the external collaborators. Use the space character as the delimiter for entering multiple values. For example, "contoso.com fabrikam.com". For additional information about how to restrict a domain sharing, see Restricted Domains Sharing in Office 365 SharePoint Online and OneDrive for Business @@ -1030,6 +1042,7 @@ Accept wildcard characters: False ``` ### -SharingBlockedDomainList + Specifies a list of email domains that is blocked or prohibited for sharing with the external collaborators. Use space character as the delimiter for entering multiple values. For example, "contoso.com fabrikam.com". For additional information about how to restrict a domain sharing, see Restricted Domains Sharing in Office 365 SharePoint Online and OneDrive for Business @@ -1046,6 +1059,7 @@ Accept wildcard characters: False ``` ### -SharingCapability + Determines what level of sharing is available for the site. The valid values are: @@ -1067,6 +1081,7 @@ Accept wildcard characters: False ``` ### -SharingDomainRestrictionMode + Specifies the external sharing mode for domains. The following values are: None AllowList BlockList @@ -1086,6 +1101,7 @@ Accept wildcard characters: False ``` ### -ShowAllUsersClaim + Enables the administrator to hide the All Users claim groups in People Picker. When users share an item with "All Users (x)", it is accessible to all organization members in the tenant's Azure Active Directory who have authenticated with via this method. When users share an item with "All Users (x)" it is accessible to all organization members in the tenant that used NTLM to authentication with SharePoint. @@ -1108,6 +1124,7 @@ Accept wildcard characters: False ``` ### -ShowEveryoneClaim + Enables the administrator to hide the Everyone claim in the People Picker. When users share an item with Everyone, it is accessible to all authenticated users in the tenant's Azure Active Directory, including any active external users who have previously accepted invitations. @@ -1129,6 +1146,7 @@ Accept wildcard characters: False ``` ### -ShowEveryoneExceptExternalUsersClaim + Enables the administrator to hide the "Everyone except external users" claim in the People Picker. When users share an item with "Everyone except external users", it is accessible to all organization members in the tenant's Azure Active Directory, but not to any users who have previously accepted invitations. @@ -1148,6 +1166,7 @@ Accept wildcard characters: False ``` ### -ShowPeoplePickerSuggestionsForGuestUsers + Shows people picker suggestions for guest users. To enable the option to search for existing guest users at Tenant Level, set this parameter to $true. ```yaml @@ -1162,6 +1181,7 @@ Accept wildcard characters: False ``` ### -SignInAccelerationDomain + Specifies the home realm discovery value to be sent to Azure Active Directory (AAD) during the user sign-in process. When the organization uses a third-party identity provider, this prevents the user from seeing the Azure Active Directory Home Realm Discovery web page and ensures the user only sees their company's Identity Provider's portal. @@ -1189,6 +1209,7 @@ Accept wildcard characters: False ``` ### -SocialBarOnSitePagesDisabled + Disables or enables the Social Bar which appears on all modern SharePoint pages with the exception of the home page of a site. It gives users the ability to like a page, see the number of views, likes, and comments on a page, and see the people who have liked a page. ```yaml @@ -1344,7 +1365,7 @@ Accept wildcard characters: False ``` ### -InformationBarriersSuspension -Allows suspension of the information barriers future in a Microsoft 365 tenant. Setting this to $true will disable information barriers, setting this to $false will enable information barriers. For more information, see https://learn.microsoft.com/sharepoint/information-barriers. +Allows suspension of the information barriers feature in a Microsoft 365 tenant. Setting this to $true will disable information barriers, setting this to $false will enable information barriers. For more information, see https://learn.microsoft.com/sharepoint/information-barriers. ```yaml Type: Boolean @@ -1767,7 +1788,7 @@ Accept wildcard characters: False ### -IsCollabMeetingNotesFluidEnabled -Gets or sets a value to specify whether CollabMeetingNotes Fluid Framework is enabled If IsFluidEnabled disabled, IsCollabMeetingNotesFluidEnabled will be disabled automatically If IsFluidEnabled enabled, IsCollabMeetingNotesFluidEnabled will be enabled automatically IsCollabMeetingNotesFluidEnabled can be enabled only when IsFluidEnabled is already enabled +Gets or sets a value to specify whether CollabMeetingNotes Fluid Framework is enabled. If IsFluidEnabled disabled, IsCollabMeetingNotesFluidEnabled will be disabled automatically. If IsFluidEnabled enabled, IsCollabMeetingNotesFluidEnabled will be enabled automatically. IsCollabMeetingNotesFluidEnabled can be enabled only when IsFluidEnabled is already enabled. ```yaml Type: Boolean @@ -1876,6 +1897,7 @@ Accept wildcard characters: False ``` ### -CoreDefaultLinkToExistingAccess + Gets or sets default share link to existing access on core partition ```yaml @@ -1933,6 +1955,8 @@ Accept wildcard characters: False ### -MajorVersionLimit +When Version History Limits are managed Manually (EnableAutoExpirationVersionTrim $false), admins will need to set the limits to the number of major versions (MajorVersionLimit) and the time period the versions are stored (ExpireVersionsAfterDays). + ```yaml Type: Int32 Parameter Sets: (All) @@ -1946,6 +1970,8 @@ Accept wildcard characters: False ### -ExpireVersionsAfterDays +When Version History Limits are managed Manually (EnableAutoExpirationVersionTrim $false), admins will need to set the limits to the number of major versions (MajorVersionLimit) and the time period the versions are stored (ExpireVersionsAfterDays). + ```yaml Type: Int32 Parameter Sets: (All) @@ -2137,6 +2163,135 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ReduceTempTokenLifetimeEnabled + +Enables reduced session timeout for temporary URLs used by apps for document download scenarios. Reduction occurs when an app redeeming an IP address does not match the original requesting IP. The default value is 15 minutes if ReduceTempTokenLifetimeValue is not set. + +Note: Reducing this value may bring degradation in end-user experience by requiring frequent authentication prompts to users. + +```yaml +Type: Boolean +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReduceTempTokenLifetimeValue + +Optional parameter to set the session timeout value for temporary URLs. The value can be set between 5 and 15 minutes and the default value is 15 minutes. + +```yaml +Type: Int32 +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ViewersCanCommentOnMediaDisabled + +Controls whether viewers commenting on media items is disabled or not. + +```yaml +Type: Boolean +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowGuestUserShareToUsersNotInSiteCollection + +The AllowGuestUserShareToUsersNotInSiteCollection settings (defaulted to false) will allow guests to share to users not in the site. + +The valid values are: + +- False (default) - Guest users will only be able to share to users that exist within the current site. +- True - Guest users will be able to find user accounts in the directory by typing in the exact email address match. + +Note: When the value is set to True, you will also need to enable [SharePoint and OneDrive integration with Azure AD B2B](https://learn.microsoft.com/en-us/sharepoint/sharepoint-azureb2b-integration) for the functionality to work. + +```yaml +Type: Boolean +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ConditionalAccessPolicyErrorHelpLink + +A Link for help when Conditional Access Policy blocks a user. This should be in a valid URL format. A valid URL format that begins with http:// or https://. + +```yaml +Type: String +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CustomizedExternalSharingServiceUrl + +Specifies a URL that will be appended to the error message that is surfaced when a user is blocked from sharing externally by policy. This URL can be used to direct users to internal portals to request help or to inform them about your organization's policies. An example value is `https://www.contoso.com/sharingpolicies`. + +```yaml +Type: String +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeAtAGlanceInShareEmails + +Enables or disables the At A Glance feature in sharing e-mails. This provides the key points and time to read for the shared item if available. + +```yaml +Type: Boolean +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MassDeleteNotificationDisabled + +Enables or disables the mass delete detection feature. When MassDeleteNotificationDisabled is set to $true, tenant admins can perform mass deletion operations without triggering notifications. + +```yaml +Type: Boolean +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Force If provided, no confirmation will be requested and the action will be performed diff --git a/src/Commands/Admin/SetTenant.cs b/src/Commands/Admin/SetTenant.cs index 8b979000a..b6ab37eb0 100644 --- a/src/Commands/Admin/SetTenant.cs +++ b/src/Commands/Admin/SetTenant.cs @@ -376,6 +376,31 @@ public class SetTenant : PnPAdminCmdlet [Parameter(Mandatory = false)] public bool? SiteOwnerManageLegacyServicePrincipalEnabled { get; set; } + + [Parameter(Mandatory = false)] + public bool? ReduceTempTokenLifetimeEnabled { get; set; } + + [Parameter(Mandatory = false)] + public int? ReduceTempTokenLifetimeValue; + + [Parameter(Mandatory = false)] + public bool? ViewersCanCommentOnMediaDisabled { get; set; } + + [Parameter(Mandatory = false)] + public bool? AllowGuestUserShareToUsersNotInSiteCollection { get; set; } + + [Parameter(Mandatory = false)] + public string ConditionalAccessPolicyErrorHelpLink; + + [Parameter(Mandatory = false)] + public string CustomizedExternalSharingServiceUrl; + + [Parameter(Mandatory = false)] + public bool? IncludeAtAGlanceInShareEmails { get; set; } + + [Parameter(Mandatory = false)] + public bool? MassDeleteNotificationDisabled { get; set; } + protected override void ExecuteCmdlet() { AdminContext.Load(Tenant); @@ -397,6 +422,13 @@ protected override void ExecuteCmdlet() Tenant.NoAccessRedirectUrl = NoAccessRedirectUrl; modified = true; } + + if (CustomizedExternalSharingServiceUrl != null) + { + Tenant.CustomizedExternalSharingServiceUrl = CustomizedExternalSharingServiceUrl; + modified = true; + } + if (ExternalServicesEnabled.HasValue) { Tenant.ExternalServicesEnabled = ExternalServicesEnabled.Value; @@ -1076,7 +1108,7 @@ protected override void ExecuteCmdlet() { if (OneDriveRequestFilesLinkExpirationInDays.Value < 0 || OneDriveRequestFilesLinkExpirationInDays.Value > 730) { - throw new PSArgumentException($"{OneDriveRequestFilesLinkExpirationInDays} must have a value between 0 and 730", nameof(OneDriveRequestFilesLinkExpirationInDays)); + throw new PSArgumentException("OneDriveRequestFilesLinkExpirationInDays must have a value between 0 and 730", nameof(OneDriveRequestFilesLinkExpirationInDays)); } Tenant.OneDriveRequestFilesLinkExpirationInDays = OneDriveRequestFilesLinkExpirationInDays.Value; @@ -1105,19 +1137,36 @@ protected override void ExecuteCmdlet() { if (CoreRequestFilesLinkExpirationInDays.Value < 0 || CoreRequestFilesLinkExpirationInDays > 730) { - throw new PSArgumentException($"{CoreRequestFilesLinkExpirationInDays} must have a value between 0 and 730", nameof(CoreRequestFilesLinkExpirationInDays)); + throw new PSArgumentException("CoreRequestFilesLinkExpirationInDays must have a value between 0 and 730", nameof(CoreRequestFilesLinkExpirationInDays)); } Tenant.CoreRequestFilesLinkExpirationInDays = CoreRequestFilesLinkExpirationInDays.Value; modified = true; } + if (ReduceTempTokenLifetimeValue.HasValue) + { + if (ReduceTempTokenLifetimeValue.Value < 5 || ReduceTempTokenLifetimeValue > 15) + { + throw new PSArgumentException("ReduceTempTokenLifetimeValue must have a value between 5 and 15", nameof(ReduceTempTokenLifetimeValue)); + } + + Tenant.ReduceTempTokenLifetimeValue = ReduceTempTokenLifetimeValue.Value; + modified = true; + } + if (LabelMismatchEmailHelpLink != null) { Tenant.LabelMismatchEmailHelpLink = LabelMismatchEmailHelpLink; modified = true; } + if (ConditionalAccessPolicyErrorHelpLink != null) + { + Tenant.ConditionalAccessPolicyErrorHelpLink = ConditionalAccessPolicyErrorHelpLink; + modified = true; + } + if (DisableDocumentLibraryDefaultLabeling.HasValue) { Tenant.DisableDocumentLibraryDefaultLabeling = DisableDocumentLibraryDefaultLabeling.Value; @@ -1256,6 +1305,36 @@ protected override void ExecuteCmdlet() modified = true; } + if (ReduceTempTokenLifetimeEnabled.HasValue) + { + Tenant.ReduceTempTokenLifetimeEnabled = ReduceTempTokenLifetimeEnabled.Value; + modified = true; + } + + if (ViewersCanCommentOnMediaDisabled.HasValue) + { + Tenant.ViewersCanCommentOnMediaDisabled = ViewersCanCommentOnMediaDisabled.Value; + modified = true; + } + + if (AllowGuestUserShareToUsersNotInSiteCollection.HasValue) + { + Tenant.AllowGuestUserShareToUsersNotInSiteCollection = AllowGuestUserShareToUsersNotInSiteCollection.Value; + modified = true; + } + + if (IncludeAtAGlanceInShareEmails.HasValue) + { + Tenant.IncludeAtAGlanceInShareEmails = IncludeAtAGlanceInShareEmails.Value; + modified = true; + } + + if (MassDeleteNotificationDisabled.HasValue) + { + Tenant.MassDeleteNotificationDisabled = MassDeleteNotificationDisabled.Value; + modified = true; + } + if (BlockDownloadFileTypePolicy.HasValue) { if (!BlockDownloadFileTypePolicy.Value) From f704aadf9190a062ff2d361f917ee562b25c2919 Mon Sep 17 00:00:00 2001 From: Koen Zomers Date: Sun, 3 Sep 2023 00:16:06 +0200 Subject: [PATCH 2/2] Adding changelog entry --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 61f9e3e1e..fc6b4d19f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). - Added `-AzureADLoginEndPoint` and `-MicrosoftGraphEndPoint` parameters to `Connect-PnPOnline` cmdlet for use in custom Azure environments. [#2925](https://github.com/pnp/powershell/pull/2925) - Added `SiteOwnerManageLegacyServicePrincipalEnabled` parameter to `Set-PnPTenant` cmdlet. With this parameter site owners will not be able to register/update apps unless the tenant admin explicitly allows it. [#3318](https://github.com/pnp/powershell/pull/3318) - Added `-EnableAutoExpirationVersionTrim`, `-ExpireVersionsAfterDays`, `-MajorVersions`, `-MinorVersions`, `-InheritTenantVersionPolicySettings`, `-StartApplyVersionPolicySettingToExistingDocLibs` and `-CancelApplyVersionPolicySettingToExistingDocLibs` to `Set-PnPSite` to allow for time based version expiration on the site level [#3373](https://github.com/pnp/powershell/pull/3373) +- Added `-ReduceTempTokenLifetimeEnabled`, `-ReduceTempTokenLifetimeValue`, `-ViewersCanCommentOnMediaDisabled`, `-AllowGuestUserShareToUsersNotInSiteCollection`, `-ConditionalAccessPolicyErrorHelpLink`, `-CustomizedExternalSharingServiceUrl`, `-IncludeAtAGlanceInShareEmails` and `-MassDeleteNotificationDisabled` to `Set-PnPTenant` [#3348](https://github.com/pnp/powershell/pull/3348) ### Fixed