pnp · reshmee011 · May 29, 2026 · May 29, 2026 · May 29, 2026 · May 29, 2026
diff --git a/documentation/Set-PnPTenant.md b/documentation/Set-PnPTenant.md
@@ -187,6 +187,13 @@ Set-PnPTenant [-SpecialCharactersStateInFileFolderNames <SpecialCharactersState>
  [-ResyncContentSecurityPolicyConfigurationEntries]
  [-ContentSecurityPolicyEnforcement <Boolean>]
  [-DisableSpacesActivation <Boolean>]
+ [-CoreOrganizationSharingLinkRecommendedExpirationInDays <int>] 
+ [-CoreOrganizationSharingLinkMaxExpirationInDays <int>]
+ [-RestrictResourceAccountAccess <Boolean>]
+ [-EnforceRequestDigest <Boolean>]
+ [-RestrictExternalSharingForAgents <Boolean>]
+ [-AllowFileArchive <Boolean>]
+ [-AllowFileArchiveOnNewSitesByDefault <Boolean>]
  [-DelayContentSecurityPolicyEnforcement <Boolean>]
  [-EnforceRequestDigest <Boolean>]
  [-EnableNotificationsSubscriptions <Boolean>]
@@ -1117,7 +1124,7 @@ Accept wildcard characters: False
 ### -OneDriveOrganizationSharingLinkMaxExpirationInDays
 Specifies the maximum number of days before organization sharing links expire for all OneDrive sites. This is a tenant wide setting, and all geos will inherit the policy.
 
-The value can be from 7 to 720 days.
+The value can be from 7 to 730 days.
 
 To remove the expiration requirement, set the value to zero (0).
 
@@ -1135,7 +1142,7 @@ Accept wildcard characters: False
 ### -OneDriveOrganizationSharingLinkRecommendedExpirationInDays
 Specifies the recommended number of days before organization sharing links expire for all OneDrive sites. This setting provides a suggested expiration period to users when they create sharing links. This is a tenant wide setting, and all geos will inherit the policy.
 
-The value can be from 7 to 720 days and must be less than or equal to the maximum expiration value set by `OneDriveOrganizationSharingLinkMaxExpirationInDays`.
+The value can be from 7 to 730 days and must be less than or equal to the maximum expiration value set by `OneDriveOrganizationSharingLinkMaxExpirationInDays`.
 
 When set to 0, the default value will be `OneDriveOrganizationSharingLinkMaxExpirationInDays`.
 
@@ -3391,6 +3398,158 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -CoreOrganizationSharingLinkRecommendedExpirationInDays
+This parameter specifies the recommended number of days before organization sharing links expire in SharePoint sites (not including OneDrive sites). Users can still choose a different expiration period if permitted by policy, but this value is presented as the recommended default. This is a tenant wide setting, and all geos will inherit the policy.
+
+The valid values :
+
+- Can be from 7 to 730 days and must be less than or equal to the maximum expiration value set by CoreOrganizationSharingLinkMaxExpirationInDays.
+- When set to 0 (default), the default value will be CoreOrganizationSharingLinkMaxExpirationInDays.
+
+```yaml
+Type: Int32
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -CoreOrganizationSharingLinkMaxExpirationInDays
+This parameter specifies the maximum number of days that organization sharing links can remain active before they expire for all SharePoint sites (not including OneDrive sites). This is a tenant wide setting, and all geos will inherit the policy.
+
+The valid values :
+
+- can be from 7 to 730 days.
+- `0` (default) - No maximum expiration limit is enforced.
+
+```yaml
+Type: Int32
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -RestrictResourceAccountAccess
+Controls whether resource accounts used by Teams Rooms and Devices can retain access to files after the meeting/collaboration is complete. 
+
+The valid values are:
+
+- False (default) - Allows devices from accessing files and other Microsoft 365 assets when not actively in-use.
+- True - Prevents devices from accessing files and other Microsoft 365 assets when not actively in-use.
+
+```yaml
+Type: Boolean
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -EnforceRequestDigest
+This parameter controls whether SharePoint enforces request digest validation for client requests.
+
+The valid values are:
+
+- False - a valid request digest is not required on SOAP API calls that perform a state-changing operation.
+- True - A valid request digest is required on SOAP API calls that perform a state-changing operation.
+
+```yaml
+Type: Boolean
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -RestrictExternalSharingForAgents
+This parameter controls whether external sharing is restricted for agents.
+
+The valid values are:
+
+- False (default) - Agents can share content externally according to existing sharing policies.
+- True - External sharing for agents is restricted.
+
+```yaml
+Type: Boolean
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -AllowFileArchive
+Controls whether file-level archiving is allowed at the tenant level. This setting can be overridden for specific sites by the site-level flag of the same name and has no effect unless Microsoft 365 Archive is enabled for your organization.
+
+The valid values are:
+
+- False (default) - Blocks manual archiving for all files, regardless of the site-level setting. Admin-defined policies can still archive files automatically.
+- True - Allows users to manually archive files on sites where file-level archiving is also enabled. Manual archiving is limited to internal users with write access to the file.
+
+```yaml
+Type: Boolean
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -AllowFileArchiveOnNewSitesByDefault
+This parameter controls whether file archiving is enabled by default.
+
+The valid values are:
+
+- False (default) - File archiving is not enabled by default.
+- True - File archiving is enabled by default where supported.
+
+```yaml
+Type: Boolean
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -EnableNotificationsSubscriptions
+This is an opt-in setting that enables or disables writing SharePoint News and Announcement notification data to a list (NewsNotificationList) in the My Site of every user. When enabled, SharePoint Online emits notification events to this list. Third-party solutions must create and manage webhook solutions to receive change notifications and then read the list to process new entries for triggering their own notifications for the user. 
+
+The valid values are:
+
+- False (default) - Disables writing SharePoint News and Announcement notification data to a list (NewsNotificationList) in the My Site of every user.
+- True - Enables or disables writing SharePoint News and Announcement notification data to a list (NewsNotificationList) in the My Site of every user.
+
+```yaml
+Type: Boolean
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -Force
 If provided, no confirmation will be requested and the action will be performed
 

diff --git a/src/Commands/Admin/SetTenant.cs b/src/Commands/Admin/SetTenant.cs
@@ -582,10 +582,16 @@ public class SetTenant : PnPSharePointOnlineAdminCmdlet
 
         [Parameter(Mandatory = false)]
         public KnowledgeAgentScopeMode? KnowledgeAgentScope { set; get; }
-
+        [Parameter(Mandatory = false)]
+        public int? CoreOrganizationSharingLinkRecommendedExpirationInDays { set; get; }
+        [Parameter(Mandatory = false)]
+        public int? CoreOrganizationSharingLinkMaxExpirationInDays { set; get; }
+        [Parameter(Mandatory = false)]
+        public bool? RestrictResourceAccountAccess { set; get; }
+        [Parameter(Mandatory = false)]
+        public bool? RestrictExternalSharingForAgents { set; get; }
         [Parameter(Mandatory = false)]
         public string[] FileTypesForVersionExpiration { set; get; }
-
         [Parameter(Mandatory = false)]
         public bool? DelayContentSecurityPolicyEnforcement { set; get; }
 
@@ -872,7 +878,7 @@ protected override void ExecuteCmdlet()
             {
                 if (!IsValidOrganizationSharingLinkExpirationInDays(OneDriveOrganizationSharingLinkMaxExpirationInDays.Value))
                 {
-                    throw new PSArgumentException("OneDriveOrganizationSharingLinkMaxExpirationInDays must have a value of 0 or between 7 and 720", nameof(OneDriveOrganizationSharingLinkMaxExpirationInDays));
+                    throw new PSArgumentException("OneDriveOrganizationSharingLinkMaxExpirationInDays must have a value of 0 or between 7 and 730", nameof(OneDriveOrganizationSharingLinkMaxExpirationInDays));
                 }
 
                 Tenant.OneDriveOrganizationSharingLinkMaxExpirationInDays = OneDriveOrganizationSharingLinkMaxExpirationInDays.Value;
@@ -882,7 +888,7 @@ protected override void ExecuteCmdlet()
             {
                 if (!IsValidOrganizationSharingLinkExpirationInDays(OneDriveOrganizationSharingLinkRecommendedExpirationInDays.Value))
                 {
-                    throw new PSArgumentException("OneDriveOrganizationSharingLinkRecommendedExpirationInDays must have a value of 0 or between 7 and 720", nameof(OneDriveOrganizationSharingLinkRecommendedExpirationInDays));
+                    throw new PSArgumentException("OneDriveOrganizationSharingLinkRecommendedExpirationInDays must have a value of 0 or between 7 and 730", nameof(OneDriveOrganizationSharingLinkRecommendedExpirationInDays));
                 }
 
                 var oneDriveOrganizationSharingLinkMaxExpirationInDays = OneDriveOrganizationSharingLinkMaxExpirationInDays ?? Tenant.EnsureProperty(t => t.OneDriveOrganizationSharingLinkMaxExpirationInDays);
@@ -1865,6 +1871,42 @@ protected override void ExecuteCmdlet()
                     modified = true;
                 }
             }
+            if (CoreOrganizationSharingLinkMaxExpirationInDays.HasValue)
+            {
+                if (!IsValidOrganizationSharingLinkExpirationInDays(CoreOrganizationSharingLinkMaxExpirationInDays.Value))
+                {
+                    throw new PSArgumentException("CoreOrganizationSharingLinkMaxExpirationInDays must have a value of 0 or between 7 and 730", nameof(CoreOrganizationSharingLinkMaxExpirationInDays));
+                }
+
+                Tenant.CoreOrganizationSharingLinkMaxExpirationInDays = CoreOrganizationSharingLinkMaxExpirationInDays.Value;
+                modified = true;
+            }
+            if (CoreOrganizationSharingLinkRecommendedExpirationInDays.HasValue)
+            {
+                if (!IsValidOrganizationSharingLinkExpirationInDays(CoreOrganizationSharingLinkRecommendedExpirationInDays.Value))
+                {
+                    throw new PSArgumentException("CoreOrganizationSharingLinkMaxExpirationInDays must have a value of 0 or between 7 and 730", nameof(CoreOrganizationSharingLinkRecommendedExpirationInDays));
+                }
+
+                var coreOrganizationSharingLinkMaxExpirationInDays = CoreOrganizationSharingLinkMaxExpirationInDays ?? Tenant.EnsureProperty(t => t.CoreOrganizationSharingLinkMaxExpirationInDays);
+                if (CoreOrganizationSharingLinkRecommendedExpirationInDays.Value > coreOrganizationSharingLinkMaxExpirationInDays)
+                {
+                    throw new PSArgumentException("CoreOrganizationSharingLinkRecommendedExpirationInDays must be less than or equal to CoreOrganizationSharingLinkMaxExpirationInDays", nameof(CoreOrganizationSharingLinkRecommendedExpirationInDays));
+                }
+
+                Tenant.CoreOrganizationSharingLinkRecommendedExpirationInDays = CoreOrganizationSharingLinkRecommendedExpirationInDays.Value;
+                modified = true;
+            }
+            if (RestrictResourceAccountAccess.HasValue)
+            {
+                Tenant.RestrictResourceAccountAccess = RestrictResourceAccountAccess.Value;
+                modified = true;
+            }
+            if (RestrictExternalSharingForAgents.HasValue)
+            {
+                Tenant.RestrictExternalSharingForAgents = RestrictExternalSharingForAgents.Value;
+                modified = true;
+            }
             if (GuestSharingGroupAllowListInTenantByPrincipalIdentity != null)
             {
                 if (GuestSharingGroupAllowListInTenantByPrincipalIdentity.Length > 0)
@@ -2064,7 +2106,7 @@ protected override void ExecuteCmdlet()
 
         private static bool IsValidOrganizationSharingLinkExpirationInDays(int value)
         {
-            return value == 0 || value >= 7 && value <= 720;
+            return value == 0 || value >= 7 && value <= 730;
         }
     }
 }
diff --git a/src/Commands/Model/SPOTenant.cs b/src/Commands/Model/SPOTenant.cs
@@ -10,6 +10,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Management.Automation;
 using System.Reflection;
 
 namespace PnP.PowerShell.Commands.Model
@@ -522,6 +523,10 @@ public class SPOTenant
         public bool? TaxonomyTaggingEnabled { private set; get; }
 
         public bool? TranslationEnabled { private set; get; }
+
+        public bool? EnforceRequestDigest { private set; get; }
+
+        public bool? EnableNotificationsSubscriptions { set; get; }
 
         public long? ArchivedFileStorageUsageMB { get; private set; }
 
@@ -539,10 +544,6 @@ public class SPOTenant
 
         public Guid[] DisabledAdaptiveCardExtensionIds { get; private set; }
 
-        public bool? EnableNotificationsSubscriptions { get; private set; }
-
-        public bool? EnforceRequestDigest { get; private set; }
-
         public bool? M365AdditionalStorageSPOEnabled { get; private set; }
 
         public bool? M365SharePointStorageEnabled { get; private set; }