From ef939c166f53d3c3e29ca650d063f6c0313bb159 Mon Sep 17 00:00:00 2001
From: Gautam Sheth <gautamdsheth@outlook.com>
Date: Mon, 2 Dec 2024 13:08:08 +0200
Subject: [PATCH] Add ExtendPermissionsToUnprotectedFiles parameter to
 Set-PnPTenant cmdlet (#4602)

Co-authored-by: Gautam Sheth <gautam.sheth@staffbase.com>
---
 documentation/Set-PnPTenant.md  | 15 +++++++++++++++
 src/Commands/Admin/SetTenant.cs | 29 +++++++++++++++++++----------
 2 files changed, 34 insertions(+), 10 deletions(-)

diff --git a/documentation/Set-PnPTenant.md b/documentation/Set-PnPTenant.md
index a2dcfef35..457d1539e 100644
--- a/documentation/Set-PnPTenant.md
+++ b/documentation/Set-PnPTenant.md
@@ -163,6 +163,7 @@ Set-PnPTenant [-SpecialCharactersStateInFileFolderNames <SpecialCharactersState>
  [-AllowWebPropertyBagUpdateWhenDenyAddAndCustomizePagesIsEnabled <Boolean>]
  [-SelfServiceSiteCreationDisabled <Boolean>]
  [-SyncAadB2BManagementPolicy]
+ [-ExtendPermissionsToUnprotectedFiles <Boolean>]
  [-Force] [-Connection <PnPConnection>]
 ```
 
@@ -2860,6 +2861,20 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -ExtendPermissionsToUnprotectedFiles
+This property can be used to turn on/off the capability called "Extended SharePoint permissions to unprotected files". To learn more about this feature check [here](https://learn.microsoft.com/en-us/purview/sensitivity-labels-sharepoint-extend-permissions)
+
+```yaml
+Type: Boolean
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -Force
 If provided, no confirmation will be requested and the action will be performed
 
diff --git a/src/Commands/Admin/SetTenant.cs b/src/Commands/Admin/SetTenant.cs
index 367194724..a37de4d74 100644
--- a/src/Commands/Admin/SetTenant.cs
+++ b/src/Commands/Admin/SetTenant.cs
@@ -1,13 +1,13 @@
 using Microsoft.Online.SharePoint.TenantAdministration;
+using Microsoft.Online.SharePoint.TenantManagement;
 using Microsoft.SharePoint.Client;
+using Microsoft.SharePoint.Client.Administration;
+using Microsoft.SharePoint.Client.Sharing;
 using PnP.PowerShell.Commands.Base;
-using System.Management.Automation;
 using System;
-using Microsoft.Online.SharePoint.TenantManagement;
 using System.Collections.Generic;
-using Microsoft.SharePoint.Client.Sharing;
-using Microsoft.SharePoint.Client.Administration;
 using System.Linq;
+using System.Management.Automation;
 using InformationBarriersMode = PnP.PowerShell.Commands.Enums.InformationBarriersMode;
 
 namespace PnP.PowerShell.Commands.Admin
@@ -473,10 +473,10 @@ public class SetTenant : PnPAdminCmdlet
 
         [Parameter(Mandatory = false)]
         public Role? CoreDefaultShareLinkRole { private set; get; }
-        
+
         [Parameter(Mandatory = false)]
         public SharingCapabilities? OneDriveSharingCapability { private set; get; }
-        
+
         [Parameter(Mandatory = false)]
         public string[] GuestSharingGroupAllowListInTenantByPrincipalIdentity { private set; get; }
 
@@ -488,7 +488,11 @@ public class SetTenant : PnPAdminCmdlet
 
         [Parameter(Mandatory = false)]
         public SwitchParameter SyncAadB2BManagementPolicy { private set; get; }
-        
+
+        [Parameter(Mandatory = false)]
+        public bool? ExtendPermissionsToUnprotectedFiles { private set; get; }
+
+
         protected override void ExecuteCmdlet()
         {
             AdminContext.Load(Tenant);
@@ -1543,12 +1547,12 @@ protected override void ExecuteCmdlet()
                 Tenant.CoreDefaultShareLinkRole = CoreDefaultShareLinkRole.Value;
                 modified = true;
             }
-            if(OneDriveSharingCapability.HasValue)
+            if (OneDriveSharingCapability.HasValue)
             {
                 Tenant.ODBSharingCapability = OneDriveSharingCapability.Value;
                 modified = true;
             }
-            if(AllowWebPropertyBagUpdateWhenDenyAddAndCustomizePagesIsEnabled.HasValue)
+            if (AllowWebPropertyBagUpdateWhenDenyAddAndCustomizePagesIsEnabled.HasValue)
             {
                 Tenant.AllowWebPropertyBagUpdateWhenDenyAddAndCustomizePagesIsEnabled = AllowWebPropertyBagUpdateWhenDenyAddAndCustomizePagesIsEnabled.Value;
                 modified = true;
@@ -1563,7 +1567,12 @@ protected override void ExecuteCmdlet()
                 Tenant.SyncAadB2BManagementPolicy();
                 modified = true;
             }
-            if (GuestSharingGroupAllowListInTenantByPrincipalIdentity !=null)
+            if (ExtendPermissionsToUnprotectedFiles.HasValue)
+            {
+                Tenant.ExtendPermissionsToUnprotectedFiles = ExtendPermissionsToUnprotectedFiles.Value;
+                modified = true;
+            }
+            if (GuestSharingGroupAllowListInTenantByPrincipalIdentity != null)
             {
                 if (GuestSharingGroupAllowListInTenantByPrincipalIdentity.Length > 0)
                 {