tashatuvango - Fotolia

SharePoint Online PowerShell commands for admin tasks

You can avoid the admin portal when you pick up your PowerShell game and learn how to manage cloud-based resources in Office 365, including the SharePoint collaboration platform.

SharePoint Online is a powerful platform that underpins many aspects of Office 365 and its associated offerings. Managing all these sites programmatically, rather than from the different admin portals, can make life for the system administrator much easier.

PowerShell is the go-to language for most Microsoft and Azure admins to manage both the users and the resources they can access from their subscription. How can we tap into the strengths of PowerShell to work more efficiently with SharePoint Online? This tutorial explores how to access the PowerShell modules tailored for management of the cloud-based collaboration platform and then perform a few simple administrative tasks with SharePoint Online PowerShell commands.

Managing SharePoint Online via PowerShell

There are two primary PowerShell modules used to manage SharePoint Online: SharePoint Online Management Shell and SharePoint Patterns and Practices (PnP). Each module covers different purposes and adds a lot of capabilities to PowerShell for SharePoint Online management.

SharePoint Online Management Shell is meant for administrative tasks with SharePoint itself and includes the functionality to create and modify sites and environment-wide policies. The SharePoint PnP module is typically used to modify site content, rather than make changes across an entire environment.

Install and connect to the SharePoint Online Management Shell module

To get the SharePoint Online Management Shell module, use the Install-Module command as shown in the example below. After installation, use the Connect-SPOService command to connect to the shell. If you do not provide a Credential object, you can authenticate via a multifactor login when prompted for a verification code.

# Install the SharePoint Pnline Management Shell
Install-Module -Name 'Microsoft.Online.SharePoint.PowerShell'

# Connect to the admin SharePoint instance
$Params = @{
    "Url"        = 'https://{site url}-admin.sharepoint.com'
    "Credential" = (Get-Credential)
}

Connect-SPOService @Params

Note the admin in the URL. This is required to connect to the correct endpoint. Also, if you need to run this command in PowerShell Core or PowerShell 7, you need to use the -UseWindowsPowerShell parameter.

Install and connect to the SharePoint Patterns and Practices module

The installation for this PowerShell module is similar to the method used above. Install using the Install-Module command, then use Connect-PnPOnline to connect to a SharePoint site. Unlike the SharePoint Online module, you will need to pass in the -UseWebLogin parameter for multifactor authentication without the Credentials parameter.

# Install the SharePoint Patterns and Practices Module
Install-Module -Name 'SharePointPnPPowerShellOnline'

# Connect to the SharePoint site
$Params = @{
    "Url"         = 'https://{site url}.sharepoint.com'
    "Credentials" = (Get-Credential)
}

Connect-PnPOnline @Params

For administrators using PowerShell Core or PowerShell 7, you need to use the -UseWindowsPowerShell command.

Now that you can connect to SharePoint Online, the following examples explore a few common scenarios for using SharePoint Online PowerShell commands to manage resources on the cloud collaboration platform.

How to add a user to a group in a SharePoint Online site

One familiar task for SharePoint administrators is adding a user to a group within a SharePoint Online site. To do this in PowerShell, you can use the Add-SPOUser command from the SharePoint Online Management Shell module designated by the SPO prefix on the commands.

$Params = @{
  "Site"      = "https://tenant.sharepoint.com/sites/testsite"
  "LoginName" = "[email protected]"
  "Group"     = "Auditors"
}

Add-SPOUser @Params

How to add a site collection administrator

One feature in SharePoint Online is a site collection, which requires a user to be set up as a site collection administrator so the user can perform management tasks, such as adjust the site collection policies and change the site directory configuration.

To set up the site collection administrator in PowerShell, the example below uses the Set-SPOUser command and requires the user to be a member of the site.

$Params = @{
  "Site"                  = "https://tenant.sharepoint.com/sites/testsite"
  "LoginName"             = "[email protected]"
  "IsSiteCollectionAdmin" = $True
}

Set-SPOUser @Params

How to generate SharePoint Online user reports

After making modifications to users within a SharePoint Online site, you can generate a report on those sites to double-check those user permissions. You use the following Get-SPOUser command to retrieve user details and then export the information to a CSV file.

Get-SPOUser -Site "https://tenant.sharepoint.com/sites/testsite" | Select-Object LoginName, IsSiteAdmin, Groups, UserType | Format-Table -Wrap -AutoSize

# Export CSV Report
Get-SPOUser -Site "https://tenant.sharepoint.com/sites/testsite" | Select-Object LoginName, IsSiteAdmin, Groups, UserType | Export-CSV -Path ".\userreport.csv"

To generate a report on all sites, expand the command slightly to iterate over each site.

Get-SPOSite | ForEach-Object {
  $Site = $_.URL
  Get-SPOUser -Site $Site | Select-Object @{Name="Site";Expression={$Site}}, LoginName, IsSiteAdmin, Groups, UserType
} | Format-Table -Wrap -AutoSize

# Export CSV Report
Get-SPOSite | ForEach-Object {
  $Site = $_.URL
  Get-SPOUser -Site $Site | Select-Object @{Name="Site";Expression={$Site}}, LoginName, IsSiteAdmin, Groups, UserType
} | Export-CSV -Path ".\userreport.csv"

How to set up versioning on a SharePoint Online list

For added control on SharePoint Online, you can turn on versioning on a list to undo changes if needed. To enable versioning on a list, use the SharePoint PNP module command Set-PnPList. The PowerShell code in the following example sets 10 major and minor versions in the list.

$Params = @{
  "Identity"         = 'TestList'
  "EnableVersioning" = $True
  "MajorVersions"    = 10
  "MinorVersions"    = 10
}

Set-PnPList @Params

The flexibility of PowerShell allows you to quickly configure versioning on all lists by using the Get-PnPList command and iterating over each list.

$Lists = Get-PnPList | Where-Object Hidden -EQ $False

$Lists | ForEach-Object {
  $Params = @{
    "Identity"         = $_.Title
    "EnableVersioning" = $True
    "MajorVersions"    = 10
    "MinorVersions"    = 10
  }

  Set-PnPList @Params
}

How to set sharing settings on a SharePoint site

In the final example, you can set sharing settings for a given site with the Set-SPOSite command with different options for anonymous and authenticated users.

$Site = "https://tenant.sharepoint.com/sites/testsite"

# Disable Sharing
Set-SPOSite -Identity $Site -SharingCapability 'Disabled'
# Set Sharing to only Authenticated Users
Set-SPOSite -Identity $Site -SharingCapability 'ExternalUserSharingOnly'
# Set Sharing to Anonymous
Set-SPOSite -Identity $Site -SharingCapability 'ExternalUserAndGuestSharing'

Go beyond the basics with these SharePoint PowerShell modules

The previous PowerShell examples just touched on a few of the many possibilities for administrators tasked with managing SharePoint Online. There are many more commands contained in the SharePoint Online Management Shell and the SharePoint PnP modules that you can explore at Microsoft's documentation site. Between these two modules, you can accomplish most management tasks via PowerShell without needing to access the admin portal.

Dig Deeper on IT operations and infrastructure management