LogoLogo
Get CIPPJoin Discord
  • ☕CIPP Documentation
  • 🦸Setup
    • Self Hosting Guide
      • Prerequisites
      • Installation
      • Run From Package Mode
      • Post-Install Configuration
      • Configuring Automatic Updates
      • Updating Versions
      • Migrating to Hosted CIPP
      • Self-hosted API Setup
    • Service Account Setup
      • GDAP's Importance in CIPP
      • Creating the CIPP Service Account
      • Conditional Access best practices
      • Recommended Roles
    • Configuring CIPP
      • Adding users to CIPP
      • Executing the SAM Setup Wizard
      • Tenant Onboarding
      • Adding Tenants & Consenting the CIPP-SAM Application
      • User Roles in CIPP
      • Adding a custom domain name
      • I want to manage my own tenant
    • Implementing CIPP
      • Recommended First Steps
      • Standards Setup
    • Resources
      • Professional Onboarding Services
      • Sponsor Quick Start
  • 🙋User Documentation
    • Shared Features
      • Menu Bar
        • Tenant Select
        • Display Mode
        • 🔍Search
        • Bookmarks
        • User Preferences
      • Table Features
      • Speed Dial
      • Keyboard Shortcuts
    • CIPP Dashboard
    • Identity Management
      • Administration
        • Users
          • Bulk Add
          • Invite Guest
          • Add User
          • View Individual User
            • Edit User
            • Exchange Settings
            • Compromise Remediation
            • Conditional Access
        • Risky Users
        • Groups
          • Add Group
          • Edit Group
        • Group Templates
          • Add Group Template
          • Deploy Group Templates
        • Devices
        • Deleted items
        • Roles
        • JIT Admin
          • Add JIT Admin
        • Offboarding Wizard
      • Reports
        • MFA Report
        • Inactive Users
        • Sign Ins Report
        • AAD Connect Report
        • Risk Detections
    • Tenant Administration
      • Administration
        • Tenants
          • Edit Tenant
          • Tenant Groups
            • Add Tenant Group
            • Edit Tenant Group
        • Alert Configuration
          • Add Alert
        • Audit Logs
        • Enterprise Applications
        • Secure Score
        • App Consent Requests
        • Authentication Methods
        • Partner Relationships
      • GDAP Management
        • Relationships
          • Relationship Summary
            • Role Mappings
        • Role Mappings
          • Map GDAP Roles
        • Role Templates
          • Add Template
        • Invites
          • New Invite
        • Onboarding
        • Offboarding
      • Configuration Backup
        • Backups
          • Restore Configuration Backup
          • Add Configuration Backup
      • Standards
        • List Standards Templates
        • Add Standards Template
        • Compare Tenant to Standard
        • Best Practice Analyser
          • Best Practice Templates
          • Custom Reports
        • Domains Analyser
      • Conditional Access
        • CA Policies
          • Deploy CA Policies
        • CA Vacation Mode
          • Add Vacation Schedule
        • CA Templates
        • Named Locations
          • Add Named Locations
      • Reports
        • License Report
        • Sherweb License Report
          • Add Subscription
        • Consented Applications
    • Security & Compliance
      • Incidents & Alerts
        • Incidents
        • Alerts
      • Defender
        • Defender Status
        • Defender Deployment
        • Vulnerabilities
      • Reports
        • Device Compliance
    • Intune
      • Applications
        • Applications
          • Add Application
            • Add MSP App
            • Add Store App
            • Add Choco App
            • Add Office App
        • Application Queue
      • Autopilot
        • Autopilot Devices
        • Add Autopilot Device
        • Profiles
        • Add Profile
        • Status Pages
        • Add Status Page
      • Device Management
        • Devices
        • Configuration Policies
        • Compliance Policies
        • Protection Policies
        • Apply Policy
        • Policy Templates
        • Scripts
      • Reports
        • Analytics Device Score
    • Teams & SharePoint
      • OneDrive
      • SharePoint
        • Add Site
        • Bulk Add Site
      • Teams
        • Teams
          • Add Team
        • Teams Activity
        • Business Voice
    • Email & Exchange
      • Administration
        • Mailboxes
          • Add Shared Mailbox
        • Deleted Mailboxes
        • Mailbox Rules
        • Contacts
          • Add Contact
          • Edit Contact
        • Quarantine
        • Tenant Allow/Block Lists
          • Add Entry
      • Transport
        • Transport rules
          • Deploy Template
        • Transport Templates
        • Connectors
          • Deploy connector Templates
        • Connector Templates
      • Spamfilter
        • Spamfilter
          • Deploy Spamfilter
        • Spamfilter Templates
        • Connection filter
          • Deploy Connection Filter
        • Connection filter templates
      • Tools
        • Mailbox Restore Wizard
        • Mail Test
      • Resource Management
        • Rooms
          • Add Room
          • Edit Room
        • Room Lists
      • Reports
        • Mailbox Statistics
        • Mailbox Client Access Settings
        • Anti-Phishing Filters
        • Malware Filters
        • Safe Link Filters
        • Safe Attachment Filters
        • Shared Mailbox with Enabled Account
        • Global Address List
    • Tools
      • Tenant Tools
        • Graph Explorer
        • Application Approval
        • Tenant Lookup
        • IP Database
        • Individual Domain Check
      • Email Tools
        • Message Trace
        • Mailbox Restores
        • Message Viewer
      • Dark Web Tools
        • Tenant Breach Lookup
        • Breach Lookup
      • Template Library
      • Community Repositories
        • View Repository Templates
      • Scheduler
        • Add Job
    • CIPP
      • Application Settings
        • Permissions
        • Tenants
        • Backend
        • Notifications
        • Partner Webhooks
        • Licenses
        • CIPP Backup
        • Global Variables
      • Logbook
      • SAM Setup Wizard
      • Integrations
        • Integration Sync
        • CIPP-API
        • Sherweb
        • Gradient
        • Halo PSA Ticketing
        • NinjaOne
        • Hudu
        • Password Pusher
        • Have I Been Pwned?
        • Cloudflare
        • GitHub
      • Custom Data
        • Directory Extensions
          • Add Directory Extension
        • Schema Extensions
          • Add Schema Extension
        • Mappings
          • Add Mapping
          • Edit Mapping
      • Advanced
        • Super Admin
          • Tenant Mode
          • Function Offloading
          • Custom Roles
          • SAM App Roles
          • SAM App Permissions
        • Exchange Cmdlets
        • Timers
        • Table Maintenance
  • 📂Troubleshooting
    • Error codes
    • Troubleshooting instructions
      • Refreshing a Specific Tenant's Permissions via CPV API
    • Frequently Asked Questions
      • I got a "Potential Phishing page detected" alert. What do I do with that?
  • 🔐Security
    • CIPP Security and Compliance
      • Security Policy
      • Security reports
    • CIPP Community Vulnerability Disclosure Policy
  • 👩‍💻👩💻 Dev Documentation
    • CIPP Dev Guide
      • Setting Up for Local Development
      • Executing Local Development
      • Project Structure
      • Development Tips
      • CIPP v7 Developer Brief
    • Contributing to the Code
    • Contributing to the Documentation
  • ⚙️API Documentation
    • Setup & Authentication
    • Endpoints
  • 🧰MSP Adoption Toolkit
    • Building a CIPP Business Case
  • ☕Sip & CIPP
    • Conditional Access
    • Autopilot & Intune
  • CIPP New Interface Release Candidate 2 (rc2)
Powered by GitBook
On this page
  • Low Impact
  • Medium Impact
  • High Impact

Was this helpful?

Edit on GitHub
Export as PDF
  1. User Documentation
  2. Tenant Administration
  3. Standards
  4. List Standards Templates

SharePoint Standards

Low Impact

Standard Name
Description
Recommended By
PowerShell Equivalent
APIName

Set deleted user retention time in OneDrive

When a OneDrive user gets deleted, the personal SharePoint site is saved for selected amount of time that data can be retrieved from it.

Update-MgBetaAdminSharepointSetting

DeletedUserRentention

Enable SharePoint and OneDrive integration with Azure AD B2B

Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled

"CIS 3.0"

Set-SPOTenant -EnableAzureADB2BIntegration $true

SPAzureB2B

Disable Legacy Workflows

Disables the creation of new SharePoint 2010 and 2013 classic workflows and removes the 'Return to classic SharePoint' link on modern SharePoint list and library pages.

Set-SPOTenant -DisableWorkflow2010 $true -DisableWorkflow2013 $true -DisableBackToClassic $true

SPDisableLegacyWorkflows

Disallow downloading infected files from SharePoint

Ensure Office 365 SharePoint infected files are disallowed for download

"CIS 3.0"

Set-SPOTenant -DisallowInfectedFileDownload $true

SPDisallowInfectedFiles

Set Default Timezone for Tenant

Sets the default timezone for the tenant. This will be used for all new users and sites.

Update-MgBetaAdminSharepointSetting

TenantDefaultTimezone

Medium Impact

Standard Name
Description
Recommended By
PowerShell Equivalent
APIName

Set Add Shortcuts To OneDrive button state

If disabled, the button Add shortcut to OneDrive will be removed and users in the tenant will no longer be able to add new shortcuts to their OneDrive. Existing shortcuts will remain functional

Set-SPOTenant -DisableAddShortcutsToOneDrive $true or $false

DisableAddShortcutsToOneDrive

Disable legacy basic authentication for SharePoint

Disables the ability for users and applications to access SharePoint via legacy basic authentication. This will likely not have any user impact, but will block systems/applications depending on basic auth or the SharePointOnlineCredentials class.

"CIS"

Set-SPOTenant -LegacyAuthProtocolsEnabled $false

DisableSharePointLegacyAuth

Default sharing to Direct users

Ensure default link sharing is set to Direct in SharePoint and OneDrive

"CIS 3.0"

Set-SPOTenant -DefaultSharingLinkType Direct

SPDirectSharing

Require reauthentication with verification code

Ensure reauthentication with verification code is restricted

"CIS 3.0"

Set-SPOTenant -EmailAttestationRequired $true -EmailAttestationReAuthDays 15

SPEmailAttestation

Set guest access to expire automatically

Ensure guest access to a site or OneDrive will expire automatically

"CIS 3.0"

Set-SPOTenant -ExternalUserExpireInDays 30 -ExternalUserExpirationRequired $True

SPExternalUserExpiration

Set SharePoint sync button state

If disabled, users in the tenant will no longer be able to use the Sync button to sync SharePoint content on all sites. However, existing synced content will remain functional on the user's computer.

Set-SPOTenant -HideSyncButtonOnTeamSite $true or $false

SPSyncButtonState

High Impact

Standard Name
Description
Recommended By
PowerShell Equivalent
APIName

Do not allow Mac devices to sync using OneDrive

Disables the ability for Mac devices to sync with OneDrive.

Update-MgAdminSharepointSetting

disableMacSync

Disable Resharing by External Users

Disables the ability for external users to share files they don't own. Sharing links can only be made for People with existing access. This is a tenant wide setting and overrules any settings set on the site level

"CIS"

Update-MgBetaAdminSharepointSetting

DisableReshare

Disable site creation by standard users

Disables standard users from creating SharePoint sites, also disables the ability to fully create teams

Update-MgAdminSharepointSetting

DisableUserSiteCreate

Exclude File Extensions from Syncing

Sets the file extensions that are excluded from syncing with OneDrive. These files will be blocked from upload. '*.' is automatically added to the extension and can be omitted.

Update-MgAdminSharepointSetting

ExcludedfileExt

Set Sharing Level for OneDrive and Sharepoint

Sets the default sharing level for OneDrive and Sharepoint. This is a tenant wide setting and overrules any settings set on the site level

"CIS"

Update-MgBetaAdminSharepointSetting

sharingCapability

Restrict sharing to a specific domain

Restricts sharing to only users with the specified domain. This is useful for organizations that only want to share with their own domain.

Update-MgAdminSharepointSetting

sharingDomainRestriction

Only allow users to sync OneDrive from AAD joined devices

The unmanaged Sync standard has been temporarily disabled and does nothing.

Update-MgAdminSharepointSetting

unmanagedSync

Last updated 5 months ago

Was this helpful?

🙋