diff --git a/documentation/Set-PnPTenant.md b/documentation/Set-PnPTenant.md index 1d291006d..d014a7831 100644 --- a/documentation/Set-PnPTenant.md +++ b/documentation/Set-PnPTenant.md @@ -187,6 +187,13 @@ Set-PnPTenant [-SpecialCharactersStateInFileFolderNames [-ResyncContentSecurityPolicyConfigurationEntries] [-ContentSecurityPolicyEnforcement ] [-DisableSpacesActivation ] + [-CoreOrganizationSharingLinkRecommendedExpirationInDays ] + [-CoreOrganizationSharingLinkMaxExpirationInDays ] + [-RestrictResourceAccountAccess ] + [-EnforceRequestDigest ] + [-RestrictExternalSharingForAgents ] + [-AllowFileArchive ] + [-AllowFileArchiveOnNewSitesByDefault ] [-DelayContentSecurityPolicyEnforcement ] [-EnforceRequestDigest ] [-EnableNotificationsSubscriptions ] @@ -1117,7 +1124,7 @@ Accept wildcard characters: False ### -OneDriveOrganizationSharingLinkMaxExpirationInDays Specifies the maximum number of days before organization sharing links expire for all OneDrive sites. This is a tenant wide setting, and all geos will inherit the policy. -The value can be from 7 to 720 days. +The value can be from 7 to 730 days. To remove the expiration requirement, set the value to zero (0). @@ -1135,7 +1142,7 @@ Accept wildcard characters: False ### -OneDriveOrganizationSharingLinkRecommendedExpirationInDays Specifies the recommended number of days before organization sharing links expire for all OneDrive sites. This setting provides a suggested expiration period to users when they create sharing links. This is a tenant wide setting, and all geos will inherit the policy. -The value can be from 7 to 720 days and must be less than or equal to the maximum expiration value set by `OneDriveOrganizationSharingLinkMaxExpirationInDays`. +The value can be from 7 to 730 days and must be less than or equal to the maximum expiration value set by `OneDriveOrganizationSharingLinkMaxExpirationInDays`. When set to 0, the default value will be `OneDriveOrganizationSharingLinkMaxExpirationInDays`. @@ -3391,6 +3398,158 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -CoreOrganizationSharingLinkRecommendedExpirationInDays +This parameter specifies the recommended number of days before organization sharing links expire in SharePoint sites (not including OneDrive sites). Users can still choose a different expiration period if permitted by policy, but this value is presented as the recommended default. This is a tenant wide setting, and all geos will inherit the policy. + +The valid values : + +- Can be from 7 to 730 days and must be less than or equal to the maximum expiration value set by CoreOrganizationSharingLinkMaxExpirationInDays. +- When set to 0 (default), the default value will be CoreOrganizationSharingLinkMaxExpirationInDays. + +```yaml +Type: Int32 +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CoreOrganizationSharingLinkMaxExpirationInDays +This parameter specifies the maximum number of days that organization sharing links can remain active before they expire for all SharePoint sites (not including OneDrive sites). This is a tenant wide setting, and all geos will inherit the policy. + +The valid values : + +- can be from 7 to 730 days. +- `0` (default) - No maximum expiration limit is enforced. + +```yaml +Type: Int32 +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RestrictResourceAccountAccess +Controls whether resource accounts used by Teams Rooms and Devices can retain access to files after the meeting/collaboration is complete. + +The valid values are: + +- False (default) - Allows devices from accessing files and other Microsoft 365 assets when not actively in-use. +- True - Prevents devices from accessing files and other Microsoft 365 assets when not actively in-use. + +```yaml +Type: Boolean +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnforceRequestDigest +This parameter controls whether SharePoint enforces request digest validation for client requests. + +The valid values are: + +- False - a valid request digest is not required on SOAP API calls that perform a state-changing operation. +- True - A valid request digest is required on SOAP API calls that perform a state-changing operation. + +```yaml +Type: Boolean +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RestrictExternalSharingForAgents +This parameter controls whether external sharing is restricted for agents. + +The valid values are: + +- False (default) - Agents can share content externally according to existing sharing policies. +- True - External sharing for agents is restricted. + +```yaml +Type: Boolean +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowFileArchive +Controls whether file-level archiving is allowed at the tenant level. This setting can be overridden for specific sites by the site-level flag of the same name and has no effect unless Microsoft 365 Archive is enabled for your organization. + +The valid values are: + +- False (default) - Blocks manual archiving for all files, regardless of the site-level setting. Admin-defined policies can still archive files automatically. +- True - Allows users to manually archive files on sites where file-level archiving is also enabled. Manual archiving is limited to internal users with write access to the file. + +```yaml +Type: Boolean +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowFileArchiveOnNewSitesByDefault +This parameter controls whether file archiving is enabled by default. + +The valid values are: + +- False (default) - File archiving is not enabled by default. +- True - File archiving is enabled by default where supported. + +```yaml +Type: Boolean +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableNotificationsSubscriptions +This is an opt-in setting that enables or disables writing SharePoint News and Announcement notification data to a list (NewsNotificationList) in the My Site of every user. When enabled, SharePoint Online emits notification events to this list. Third-party solutions must create and manage webhook solutions to receive change notifications and then read the list to process new entries for triggering their own notifications for the user. + +The valid values are: + +- False (default) - Disables writing SharePoint News and Announcement notification data to a list (NewsNotificationList) in the My Site of every user. +- True - Enables or disables writing SharePoint News and Announcement notification data to a list (NewsNotificationList) in the My Site of every user. + +```yaml +Type: Boolean +Parameter Sets: (All) + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Force If provided, no confirmation will be requested and the action will be performed diff --git a/src/Commands/Admin/SetTenant.cs b/src/Commands/Admin/SetTenant.cs index dfc49e56f..be73b0c87 100644 --- a/src/Commands/Admin/SetTenant.cs +++ b/src/Commands/Admin/SetTenant.cs @@ -582,10 +582,16 @@ public class SetTenant : PnPSharePointOnlineAdminCmdlet [Parameter(Mandatory = false)] public KnowledgeAgentScopeMode? KnowledgeAgentScope { set; get; } - + [Parameter(Mandatory = false)] + public int? CoreOrganizationSharingLinkRecommendedExpirationInDays { set; get; } + [Parameter(Mandatory = false)] + public int? CoreOrganizationSharingLinkMaxExpirationInDays { set; get; } + [Parameter(Mandatory = false)] + public bool? RestrictResourceAccountAccess { set; get; } + [Parameter(Mandatory = false)] + public bool? RestrictExternalSharingForAgents { set; get; } [Parameter(Mandatory = false)] public string[] FileTypesForVersionExpiration { set; get; } - [Parameter(Mandatory = false)] public bool? DelayContentSecurityPolicyEnforcement { set; get; } @@ -872,7 +878,7 @@ protected override void ExecuteCmdlet() { if (!IsValidOrganizationSharingLinkExpirationInDays(OneDriveOrganizationSharingLinkMaxExpirationInDays.Value)) { - throw new PSArgumentException("OneDriveOrganizationSharingLinkMaxExpirationInDays must have a value of 0 or between 7 and 720", nameof(OneDriveOrganizationSharingLinkMaxExpirationInDays)); + throw new PSArgumentException("OneDriveOrganizationSharingLinkMaxExpirationInDays must have a value of 0 or between 7 and 730", nameof(OneDriveOrganizationSharingLinkMaxExpirationInDays)); } Tenant.OneDriveOrganizationSharingLinkMaxExpirationInDays = OneDriveOrganizationSharingLinkMaxExpirationInDays.Value; @@ -882,7 +888,7 @@ protected override void ExecuteCmdlet() { if (!IsValidOrganizationSharingLinkExpirationInDays(OneDriveOrganizationSharingLinkRecommendedExpirationInDays.Value)) { - throw new PSArgumentException("OneDriveOrganizationSharingLinkRecommendedExpirationInDays must have a value of 0 or between 7 and 720", nameof(OneDriveOrganizationSharingLinkRecommendedExpirationInDays)); + throw new PSArgumentException("OneDriveOrganizationSharingLinkRecommendedExpirationInDays must have a value of 0 or between 7 and 730", nameof(OneDriveOrganizationSharingLinkRecommendedExpirationInDays)); } var oneDriveOrganizationSharingLinkMaxExpirationInDays = OneDriveOrganizationSharingLinkMaxExpirationInDays ?? Tenant.EnsureProperty(t => t.OneDriveOrganizationSharingLinkMaxExpirationInDays); @@ -1865,6 +1871,42 @@ protected override void ExecuteCmdlet() modified = true; } } + if (CoreOrganizationSharingLinkMaxExpirationInDays.HasValue) + { + if (!IsValidOrganizationSharingLinkExpirationInDays(CoreOrganizationSharingLinkMaxExpirationInDays.Value)) + { + throw new PSArgumentException("CoreOrganizationSharingLinkMaxExpirationInDays must have a value of 0 or between 7 and 730", nameof(CoreOrganizationSharingLinkMaxExpirationInDays)); + } + + Tenant.CoreOrganizationSharingLinkMaxExpirationInDays = CoreOrganizationSharingLinkMaxExpirationInDays.Value; + modified = true; + } + if (CoreOrganizationSharingLinkRecommendedExpirationInDays.HasValue) + { + if (!IsValidOrganizationSharingLinkExpirationInDays(CoreOrganizationSharingLinkRecommendedExpirationInDays.Value)) + { + throw new PSArgumentException("CoreOrganizationSharingLinkMaxExpirationInDays must have a value of 0 or between 7 and 730", nameof(CoreOrganizationSharingLinkRecommendedExpirationInDays)); + } + + var coreOrganizationSharingLinkMaxExpirationInDays = CoreOrganizationSharingLinkMaxExpirationInDays ?? Tenant.EnsureProperty(t => t.CoreOrganizationSharingLinkMaxExpirationInDays); + if (CoreOrganizationSharingLinkRecommendedExpirationInDays.Value > coreOrganizationSharingLinkMaxExpirationInDays) + { + throw new PSArgumentException("CoreOrganizationSharingLinkRecommendedExpirationInDays must be less than or equal to CoreOrganizationSharingLinkMaxExpirationInDays", nameof(CoreOrganizationSharingLinkRecommendedExpirationInDays)); + } + + Tenant.CoreOrganizationSharingLinkRecommendedExpirationInDays = CoreOrganizationSharingLinkRecommendedExpirationInDays.Value; + modified = true; + } + if (RestrictResourceAccountAccess.HasValue) + { + Tenant.RestrictResourceAccountAccess = RestrictResourceAccountAccess.Value; + modified = true; + } + if (RestrictExternalSharingForAgents.HasValue) + { + Tenant.RestrictExternalSharingForAgents = RestrictExternalSharingForAgents.Value; + modified = true; + } if (GuestSharingGroupAllowListInTenantByPrincipalIdentity != null) { if (GuestSharingGroupAllowListInTenantByPrincipalIdentity.Length > 0) @@ -2064,7 +2106,7 @@ protected override void ExecuteCmdlet() private static bool IsValidOrganizationSharingLinkExpirationInDays(int value) { - return value == 0 || value >= 7 && value <= 720; + return value == 0 || value >= 7 && value <= 730; } } } \ No newline at end of file diff --git a/src/Commands/Model/SPOTenant.cs b/src/Commands/Model/SPOTenant.cs index 60c0dafb2..5581f2818 100644 --- a/src/Commands/Model/SPOTenant.cs +++ b/src/Commands/Model/SPOTenant.cs @@ -10,6 +10,7 @@ using System; using System.Collections.Generic; using System.Linq; +using System.Management.Automation; using System.Reflection; namespace PnP.PowerShell.Commands.Model @@ -522,6 +523,10 @@ public class SPOTenant public bool? TaxonomyTaggingEnabled { private set; get; } public bool? TranslationEnabled { private set; get; } + + public bool? EnforceRequestDigest { private set; get; } + + public bool? EnableNotificationsSubscriptions { set; get; } public long? ArchivedFileStorageUsageMB { get; private set; } @@ -539,10 +544,6 @@ public class SPOTenant public Guid[] DisabledAdaptiveCardExtensionIds { get; private set; } - public bool? EnableNotificationsSubscriptions { get; private set; } - - public bool? EnforceRequestDigest { get; private set; } - public bool? M365AdditionalStorageSPOEnabled { get; private set; } public bool? M365SharePointStorageEnabled { get; private set; }