Merge pull request #3081 from gautamdsheth/feature/add-props-site

Feature: added parameters to prevent recording downloads in Tenant cmdlet

CHANGELOG.md

@@ -17,6 +17,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - Added `EnableAzureADB2BIntegration` to be returned by `Get-PnPTenant` [#3022](https://github.com/pnp/powershell/pull/3022)
 - Added `-SkipUrlValidation` to `Get-PnPSiteCollectionAppCatalog` which allows for skipping the URL validation when retrieving the site collection app catalog making it faster but potentially returning URLs that have been renamed [#2305](https://github.com/pnp/powershell/pull/3025)
 - Added `Get-PnPLargeListOperationStatus` cmdlet to retrieve the status of a large list operation. [#3033](https://github.com/pnp/powershell/pull/3033)
+- Added `-BlockDownloadFileTypePolicy`, `-BlockDownloadFileTypeIds` and `-ExcludedBlockDownloadGroupIds` parameters to `Set-PnPTenant` cmdlet. [#3081](https://github.com/pnp/powershell/pull/3081)
 - Added `-BlockDownloadPolicy`, `-ExcludeBlockDownloadPolicySiteOwners` and `ExcludedBlockDownloadGroupIds` parameters to `Set-PnPTenantSite` and `Set-PnPSite` cmdlets. [#3084](https://github.com/pnp/powershell/pull/3084)
 - Added `-OpenInNewTab` parameter to `Add-PnPNavigationNode` cmdlet to allow links to be opened in a new tab. [#3094](https://github.com/pnp/powershell/pull/3094)
 - Added `-ArchiveRedirectUrl` to `Set-PnPTenant` allowing the configuration of a custom page to be shown when navigating to an archived SharePoint Online site [#3100](https://github.com/pnp/powershell/pull/3100)

documentation/Set-PnPTenant.md

@@ -119,6 +119,9 @@ Set-PnPTenant [-SpecialCharactersStateInFileFolderNames <SpecialCharactersState>
  [-IBImplicitGroupBased <Boolean>]
  [-ShowOpenInDesktopOptionForSyncedFiles <Boolean>]
  [-ShowPeoplePickerGroupSuggestionsForIB <Boolean>]
+ [-BlockDownloadFileTypePolicy <Boolean>]
+ [-BlockDownloadFileTypeIds <SPBlockDownloadFileTypeId[]>]
+ [-ExcludedBlockDownloadGroupIds <GUID[]>]
  [-ArchiveRedirectUrl <String>]
  [-Force] [-Connection <PnPConnection>]
 ```
@@ -907,7 +910,7 @@ True (default) - The Shared with Everyone folder is created.
 False - No folder is created when the site and OneDrive for Business document library is created.
 
 The default behavior of the Shared with Everyone folder changed in August 2015.
-For additional information about the change, see Provision the Shared with Everyone folder in OneDrive for Business (https://support.office.com/en-us/article/Provision-the-Shared-with-Everyone-folder-in-OneDrive-for-Business-6bb02c91-fd0b-42ba-9457-3921cb6dc5b2?ui=en-US&rs=en-US&ad=US)
+For additional information about the change, see Provision the Shared with Everyone folder in OneDrive for Business (https://support.office.com/article/Provision-the-Shared-with-Everyone-folder-in-OneDrive-for-Business-6bb02c91-fd0b-42ba-9457-3921cb6dc5b2)
 
 ```yaml
 Type: Boolean
@@ -1781,7 +1784,7 @@ In this case, Whiteboard provides temporary viewing and collaboration on the whi
 
 If you have external sharing enabled for OneDrive for Business, no further action is required.
 
-If you restrict external sharing for OneDrive for Business, you can keep it restricted, and just enable this new setting in order for external and shared device accounts to work. For more information, see [Manage sharing for Microsoft Whiteboard](https://learn.microsoft.com/en-us/microsoft-365/whiteboard/manage-sharing-organizations).
+If you restrict external sharing for OneDrive for Business, you can keep it restricted, and just enable this new setting in order for external and shared device accounts to work. For more information, see [Manage sharing for Microsoft Whiteboard](https://learn.microsoft.com/microsoft-365/whiteboard/manage-sharing-organizations).
 
 ```yaml
 Type: SharingState
@@ -2028,6 +2031,59 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -BlockDownloadFileTypePolicy
+
+You can block the download of Teams meeting recording files from SharePoint or OneDrive. This allows users to remain productive while addressing the risk of accidental data loss. Users have browser-only access to play the meeting recordings with no ability to download or sync files or access them through apps.
+
+This policy applies to new meeting recordings across the entire organization. You can exempt people who are members of specified security groups from the policy. This allows you to specify governance or compliance specialists who should have download access to meeting recordings.
+
+After the policy is turned on, any new Teams meeting recording files created by the Teams service and saved in SharePoint and OneDrive are blocked from download.
+
+Because this policy affects meeting recordings stored in OneDrive and SharePoint, you must be a SharePoint administrator to configure it.
+
+Note that this policy doesn't apply to manually uploaded meeting recording files. For more details, see [Block the download of Teams meeting recording files from SharePoint or OneDrive.](https://learn.microsoft.com/microsoftteams/block-download-meeting-recording)
+
+```yaml
+Type: Boolean
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -BlockDownloadFileTypeIds
+
+The File Type IDs which need to specified to prevent download.
+
+```yaml
+Type: SPBlockDownloadFileTypeId[]
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ExcludedBlockDownloadGroupIds
+
+This parameter exempts users in the specified security groups from this policy so that they can download meeting recording files.
+
+```yaml
+Type: GUID[]
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -Force
 If provided, no confirmation will be requested and the action will be performed
 

src/Commands/Admin/SetTenant.cs

@@ -6,6 +6,8 @@
 using Microsoft.Online.SharePoint.TenantManagement;
 using System.Collections.Generic;
 using Microsoft.SharePoint.Client.Sharing;
+using Microsoft.SharePoint.Client.Administration;
+using System.Linq;
 
 namespace PnP.PowerShell.Commands.Admin
 {
@@ -347,10 +349,21 @@ public class SetTenant : PnPAdminCmdlet
         public bool? ShowPeoplePickerGroupSuggestionsForIB { get; set; }
 
         [Parameter(Mandatory = false)]
-        public int? OneDriveRequestFilesLinkExpirationInDays { get; set; }
+        public int? OneDriveRequestFilesLinkExpirationInDays { get; set; }  
 
         [Parameter(Mandatory = false)]
-        public SwitchParameter Force;
+        public bool? BlockDownloadFileTypePolicy { get; set; }
+
+        [Parameter(Mandatory = false)]
+        [ValidateNotNull]
+        public SPBlockDownloadFileTypeId[] BlockDownloadFileTypeIds { get; set; }
+
+        [Parameter(Mandatory = false)]
+        [ValidateNotNull]
+        public Guid[] ExcludedBlockDownloadGroupIds { get; set; }
+
+        [Parameter(Mandatory = false)]
+        public SwitchParameter Force;           
 
         [Parameter(Mandatory = false)]
         public string ArchiveRedirectUrl { get; set; }
@@ -1064,7 +1077,7 @@ protected override void ExecuteCmdlet()
             {
                 Tenant.EnableRestrictedAccessControl = EnableRestrictedAccessControl.Value;
                 modified = true;
-            }            
+            }
 
             if (SyncAadB2BManagementPolicy.HasValue)
             {
@@ -1227,6 +1240,50 @@ protected override void ExecuteCmdlet()
                 modified = true;
             }
 
+            if (BlockDownloadFileTypePolicy.HasValue)
+            {
+                if (!BlockDownloadFileTypePolicy.Value)
+                {
+                    Tenant.SetBlockDownloadFileTypePolicyData(BlockDownloadFileTypePolicy.Value, new SPBlockDownloadFileTypeId[0], new Guid[0]);
+                    modified = true;
+                }
+                else
+                {
+                    if (BlockDownloadFileTypeIds == null || BlockDownloadFileTypeIds.Length == 0)
+                    {
+                        throw new InvalidOperationException("Please specify the File Type Ids that you want to block for download.");
+                    }
+                    if (BlockDownloadFileTypeIds.Contains(SPBlockDownloadFileTypeId.TeamsMeetingRecording))
+                    {
+                        WriteWarning("Please note that this policy only prevents download of Teams Meeting Recording files saved in SharePoint Online by the Teams service. Only new meeting recordings saved after this policy is set will be impacted.");
+                    }
+                    BlockDownloadFileTypeIds = BlockDownloadFileTypeIds.Distinct().ToArray();
+                    if (ExcludedBlockDownloadGroupIds != null && ExcludedBlockDownloadGroupIds.Length != 0)
+                    {
+                        if (ExcludedBlockDownloadGroupIds.Length > 10)
+                        {
+                            throw new InvalidOperationException("You can only specify 10 IDs in the Block Download File Type Policy Invalid Exclusion List");
+                        }
+                        Tenant.SetBlockDownloadFileTypePolicyData(BlockDownloadFileTypePolicy.Value, BlockDownloadFileTypeIds, ExcludedBlockDownloadGroupIds);
+                    }
+                    else
+                    {
+                        Tenant.SetBlockDownloadFileTypePolicyData(BlockDownloadFileTypePolicy.Value, BlockDownloadFileTypeIds, new Guid[0]);
+                    }
+                    modified = true;
+                }
+
+            }
+            else if (ExcludedBlockDownloadGroupIds != null)
+            {
+                if (ExcludedBlockDownloadGroupIds.Length > 10)
+                {
+                    throw new InvalidOperationException("You can only specify 10 IDs in the Block Download File Type Policy Invalid Exclusion List");
+                }
+                Tenant.SetBlockDownloadFileTypePolicyExclusionList(ExcludedBlockDownloadGroupIds);
+                modified = true;
+            }            
+
             if (modified)
             {
                 AdminContext.ExecuteQueryRetry();