Add domain to allow list of a site
This is a note to self kind of article. I found a way of managing the allow list for external sharing of individual SharePoint Online sites via Power Automate. This example shows how you could add domains for a couple of sites at once.
This question from MichelBr:
The second problem I’m facing is to add the domain to the Sharepoint whitelist. I couldn’t find any information how to add a domain to “Limit external sharing by domain”.
Power Users Community thread: Create GuestUser accounts and whitelist domain with approval.
You can manage SharePoint Online sharing settings on a organization level or a site level.
However, for a site it must be at the same or more restrictive setting as the organization. If you want to read more about sharing I would suggest to read Manage sharing settings.
Limit external sharing by domain
In this article we are talking about sharing with external guests. We want to limit the external sharing of the site to only allow sharing with a list of certain domains, which are our trusted partners. A first (preferred) approach would be to set this on organizational level. You could use Microsoft.Online.SharePoint.PowerShell module and the Set-SPOTenant cmdlet for this. Below is an example code snippet of that approach:
It is also possible to manage these settings on a site level. Some requirements might force you to this second approach. In that case you could manage it via the interface, the steps can be found in Restrict sharing of SharePoint and OneDrive content by domain.
But I wanted to automate this 😀 After a quick search I discovered you could use a POST Request to interact with the Tenant administration. These requests use the Microsoft.Online.SharePoint.TenantAdministration namespace.
You can use properties like SharingCapability, SharingDomainRestrictionMode & SharingAllowedDomainList to update a individual site.
Before you start: this setup will update the existing SharingAllowedDomainList value of your site. If you already have some existing domains in your list you need to include them in the update as well.
In my example below I will loop through an array of sites and for each site a new allowed domain is added.
1. Add a Manually trigger a flow trigger action.
2. Add a three Initialize variable actions. Below is a table with the name, type and value for each of the variables.
The list of domains in a HTTP request need a comma delimiter, while in the Set-SPOTenant cmdlet the space character is used as the delimiter for the SharingAllowedDomainList parameter.
|AdminCentre||String||Your Admin Centre Url|
3. Add an Apply to Each action. Use the Sites variable in the Select an output from previous steps field.
This action will loop through every item of the Site Array variable.
4. Add a Send an HTTP request to SharePoint action within the Apply to Each loop. Use the item() as an expression for the Site Address field.
This action is to retrieve the specific GUID of the site.
5. Add a second Send an HTTP request to SharePoint action within the Apply to Each loop. Use the Id field of the previous action in the Uri. Also make sure you use the same kind of Body. See the code snippet and screenshot below.
That should be it for the setup.
does this work? tried it and it added the domain into the list but still doesnt work when they login says domain is restricted. I can see _api/Microsoft.Online.SharePoint.TenantAdministration.Tenant/Sites/Update exists but dont know how to use it.
would you know how to amend the org level instead of individual site collections?
Do we have a power Automate to set the white listing at the Tenant level instead of the individual sites.