Managing SharePoint Online tenant settings via the Graph API

While the Graph API has a good coverage of “end user” endpoints, which cover most client scenarios, the “admin” part of the experience remains largely non-existent. Especially when it comes to the various Microsoft 365 workloads. So it is with a great pleasure that I can announce the availability of the /settings endpoint for querying and managing (some of) SharePoint Online and OneDrive for Business tenant-wide settings. Let’s dig in.

First things first, this is currently only available under the /beta endpoint, and as such the experience is a subject to change – do not use this in production or do so at your own peril. The settings themselves are exposed as part of the microsoft.graph.tenantAdmin.settings resource, which you can access under the /beta/admin/sharepoint/settings endpoint. Use a GET operation to query the current values and a PATCH one to update them. The permissions needed are SharePointTenantSettings.Read.All for the former and SharePointTenantSettings.ReadWrite.All for the latter, with both delegate and application permissions supported.

To query the currently configured values, use a GET request against the /beta/admin/sharepoint/settings endpoint:

GET https://graph.microsoft.com/beta/admin/sharepoint/settings

As you can see from the output, only a handful of settings are currently supported, compared to the 100+ properties available within the SharePointOnline admin center or returned by the Get-SPOTenant cmdlet. For the sake of completeness, here’s the list of currently supported settings:

Property Description
allowedDomainGuidsForSyncApp Collection of trusted domain GUIDs for the OneDrive sync app.
availableManagedPathsForSiteCreation Collection of managed paths available for site creation. Read-only.
deletedUserPersonalSiteRetentionPeriodInDays The number of days for preserving a deleted user’s OneDrive.
excludedFileExtensionsForSyncApp Collection of file extensions not uploaded by the OneDrive sync app.
imageTaggingOption Specifies the image tagging option for the tenant. Possible values are: disabledbasicenhanced.
isCommentingOnSitePagesEnabled Indicates whether comments are allowed on modern site pages in SharePoint.
isFileActivityNotificationEnabled Indicates whether push notifications are enabled for OneDrive events.
isLoopEnabled Indicates whetherif Fluid Framework is allowed on SharePoint sites.
isMacSyncAppEnabled Indicates whether files can be synced using the OneDrive sync app for Mac.
isResharingByExternalUsersEnabled Indicates whether guests are allowed to reshare files, folders, and sites they don’t own.
isSharePointMobileNotificationEnabled Indicates whether mobile push notifications are enabled for SharePoint.
isSharePointNewsfeedEnabled Indicates whether the newsfeed is allowed on the modern site pages in SharePoint.
isSiteCreationEnabled Indicates whether users are allowed to create sites.
isSiteCreationUIEnabled Indicates whether the UI commands for creating sites are shown.
isSitePagesCreationEnabled Indicates whether creating new modern pages is allowed on SharePoint sites.
isSitesStorageLimitAutomatic Indicates whether site storage space is automatically managed or if specific storage limits are set per site.
isSyncButtonHiddenOnPersonalSite Indicates whether the sync button in OneDrive is hidden.
isUnmanagedSyncAppForTenantRestricted Indicates whether users are allowed to sync files only on PCs joined to specific domains.
personalSiteDefaultStorageLimitInMB The default OneDrive storage limit for all new and existing users who are assigned a qualifying license. Measured in megabytes (MB).
sharingAllowedDomainList Collection of email domains that are allowed for sharing outside the organization.
sharingBlockedDomainList Collection of email domains that are blocked for sharing outside the organization.
sharingCapability Sharing capability for the tenant. Possible values are: disabledexternalUserSharingOnlyexternalUserAndGuestSharingexistingExternalUserSharingOnly.
sharingDomainRestrictionMode Specifies the external sharing mode for domains. Possible values are: noneallowListblockList.
siteCreationDefaultManagedPath The value of the team site managed path. This is the path under which new team sites will be created.
siteCreationDefaultStorageLimitInMB The default storage quota for a new site upon creation. Measured in megabytes (MB).
tenantDefaultTimezone The default timezone of a tenant for newly created sites.

Among the things currently missing are the IP-based restriction settings, conditional access controls, the various claims controls, link expiration, to name a few. Another thing to keep in mind is that not all of these are set-able. The table below covers all the settings you can currently modify via a PATCH request:

Property Description
allowedDomainGuidsForSyncApp Collection of trusted domain GUIDs for the OneDrive sync app.
deletedUserPersonalSiteRetentionPeriodInDays The number of days for preserving a deleted user’s OneDrive.
excludedFileExtensionsForSyncApp Collection of file extensions not uploaded by the OneDrive sync app.
imageTaggingOption Specifies the image tagging option for the tenant. Possible values are: disabledbasicenhanced.
isCommentingOnSitePagesEnabled Indicates whether comments are allowed on modern site pages in SharePoint.
isFileActivityNotificationEnabled Indicates whether push notifications are enabled for OneDrive events.
isLoopEnabled Indicates whether Fluid Framework is allowed on SharePoint sites.
isMacSyncAppEnabled Indicates whether files can be synced using the OneDrive sync app for Mac.
isResharingByExternalUsersEnabled Indicates whether guests are allowed to reshare files, folders, and sites they don’t own.
isSharePointMobileNotificationEnabled Indicates whether mobile push notifications are enabled for SharePoint.
isSharePointNewsfeedEnabled Indicates whether the newsfeed is allowed on the modern site pages in SharePoint.
isSiteCreationEnabled Indicates whether users are allowed to create sites.
isSiteCreationUIEnabled Indicates whether the UI commands for creating sites are shown.
isSitePagesCreationEnabled Indicates whether creating new modern pages is allowed on SharePoint sites.
isSitesStorageLimitAutomatic Indicates whether site storage space is automatically managed or if specific storage limits are set per site.
isSyncButtonHiddenOnPersonalSite Indicates whether the sync button in OneDrive is hidden.
isUnmanagedSyncAppForTenantRestricted Indicates whether users are allowed to sync files only on PCs joined to specific domains.
personalSiteDefaultStorageLimitInMB The default OneDrive storage limit for all new and existing users who are assigned a qualifying license. Measured in megabytes (MB).
sharingAllowedDomainList Collection of email domains that are allowed for sharing outside the organization.
sharingBlockedDomainList Collection of email domains that are blocked for sharing outside the organization.
sharingCapability Sharing capability for the tenant. Possible values are: disabledexternalUserSharingOnlyexternalUserAndGuestSharingexistingExternalUserSharingOnly.
sharingDomainRestrictionMode Specifies the external sharing mode for domains. Possible values are: noneallowListblockList.
siteCreationDefaultManagedPath The value of the team site managed path. This is the path under which new team sites will be created.
siteCreationDefaultStorageLimitInMB The default storage quota for a new site upon creation. Measured in megabytes (MB).
tenantDefaultTimezone The default timezone of a tenant for newly created sites.

And here’s an example of using a PATCH request to modify the value of the isLoopEnabled setting:

PATCH https://graph.microsoft.com/beta/admin/sharepoint/settings

Interestingly enough, success is designated by 200 OK response and a refreshed list of the settings:

And that’s pretty much all there is to it, for now 🙂

This entry was posted in Graph API, Microsoft 365, Office 365. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.