The great thing about working on collaborative platforms like Microsoft 365 is that there are always new things coming up. And therefore every day more things to learn and share.
Except that last week… I discovered a basic feature that was unknown to me and that would have been very useful for previous missions. To my great surprise, I saw that it was possible to disable company links (i.e. OneDrive for Business and SharePoint Online share links that can be accessed by anyone in the company).
This feature is obviously not new, as the history of the “Get-SPOSite” page already mentions it in 2016. However, I couldn’t find any documentation outside of PowerShell and the CSOM documentation. So it must be a SharePoint on-premises feature, migrated to SharePoint Online but not many people have detailed in Online Cloud version…
Restricting the use company links can be interesting for particularly sensitive sites, where you want to prevent users from inadvertently sharing an item with too large an audience.
From what I’ve seen, only a SharePoint service administrator (or a Global Administrator) will be able to act on such and such a site.
How to disable company links for a site?
As you can see in the image below, the default link for a SharePoint site in my tenant is a company link.
With the PowerShell cmdlet “Set-SPOSite” you can modify the attribute DisableCompanySharingLinks (accepted values: Unknown, Disabled, Enabled).
As soon as this value is changed, the company link is no longer available.
The default link becomes “Specific people”.
Can a user (Owner or Site Administrator) act on this setting?
From what I have seen, no! I did not see a corresponding setting in the site settings.
The DisableCompanyWideSharingLinks parameter seems to exist in PowerShell Pnp. But this one seems to be deprecated, as it has no effect.
Is it possible to disable company links for the whole company?
From what I’ve seen, no! The settings of the tenant configurable through Get-SPOTenant and Set-SPOTenant do not indicate anything like that.
How to report on this feature?
Here again, the possibilities are very limited:
- Graph API does not contain this type of attribute.
- The SharePoint CSOM APIs should be able to meet this need, but I haven’t tried.
- PowerShell only returns this information for a given site. If no Identity is specified, the default value is returned, i.e. “Unknown”.
Even when using the “Filter” and “Limit” parameters, as recommended in the documentation, the value is still the default.
In conclusion, it is possible to disable company links for a given site. This action can only be done by a SharePoint Administrator, not by an end user. Since the reporting is limited for this attribute, I would recommend to limit this action to well-identified sensitive sites.