SPO and O4B Per Group Sharing Controls

This new feature – which hits first release tenants in June 2017 – will give extra control over who and how information can be shared with external/third party users in SharePoint Online and OneDrive for Business.

This control allows to limit the share with external users based on an specific AD security group, providing the ability to configure more than 1 security group to that control.

In order to configure this feature, we have to take into account that provides 2 options:

  • Users in selected security groups share with authenticated external users: Only users in the assigned security groups will be able to share with external users. If you are not included in these groups you cannot share with an external user who is not in your organization.


  • Users in selected security groups share with authenticated external users and using anonymous links: Users will be able to share with external users and also create anonymous links.


An important thing to note about this new sharing control is that the site collection policy will always take precedence. So, If the anonymous sharing is disabled at site colletion level (wether it is SPO or OneDrive personal site), users in the security group that will not be able to do so in that site collection.


SharePoint Online Save As Template Access denied

While I was configuring a SPO tenant, i received an error when I tried to navigate to the url “_layouts/savetmpl.aspx” I receveid the error “You don’t have permissions to access to this site”. So what can we do?

Following the post https://albandrodsmemory.wordpress.com/2016/06/06/master-page-gallery-access-denied/ you will need to use PowerShell to solve this problem.

First, open the SharePoint Powershell and type the following:

Connect-Sposervice -url “https://tenant-admin.sharepoint.com”

Set-sposite “https://tenant.sharepoint.com/sites/url” -denyaddandcustomizepages 0

Once this has been executed, you will be able to save the site as a template

How to secure guest links

In SPO, we have a little problem, because when we invite an external user to our tenant, this person will receive an invitation, but he/she can decide whether use it or not, and instead of using it, forward the invitation to someone else to access the site or document.

So to prevent this, we can use the following PowerShell:

Set-SPOTenant -RequireAcceptingAccountMatchInvitedAccount $true

This will require that only the owner will have access 🙂


How to delete sites from SPO recycle bin

By default, when you delete a SharePoint Online site collection from the SharePoint admin center, it is moved to the Recycle Bin, where it is retained for a 30-day period. But, what if you don’t want to wait 30 days? Or you need the quota that the site collection has or even you need to create a new SC with the same url? To all those question, PowerShell is your answer, so let’s begin:


$siteAdminURL = “https://yourtenanturl-admin.sharepoint.com”

Import-Module Microsoft.Online.SharePoint.PowerShell

connect-sposervice -url $siteadminurl -credential $cred

Get-SPODeletedSite | foreach {
Write-host “Deleting ” $_.Url
Remove-SPODeletedSite –Identity $_.Url –Confirm:$false

Master Page Gallery Access Denied

Today, a colleague was working in some customizations in SharePoint Online and he needed to access to the Master Page Gallery, he could access using the url, but when he tried to upload files he received the typical Access denied message.

I catch an eye to this weird behaviour and I realized that this was happening for any Site Collection administrator, so what was happening? tracking the issue we were able to discover by Check permission that the permission of “Adding or Customizing Pages” was denied in that library.

So my next step was to check if the scripting capabilities were turned on, in our case how the tenant was new the feature was set to Prevent, so I changed it to Allow


MS says that it is necessary to wait at least 24 hours to see the changes, but if you’re in a hurry and don’t want to waste your time, open your PowerShell Shell and execute the following:

Set-SPOsite “https://urltenant.sharepoint.com” -DenyAddAndCustomizePages 0

Once executed, the option of master page gallery will appear in the settings panel, so my colleague could continue with his work.

Hope it helps!