Introduction
External sharing in SharePoint Online allows users to collaborate with people outside the organization, such as clients, vendors, and partners. While this feature enhances productivity, it also requires proper security controls to prevent unauthorized access.
This guide walks through the step-by-step process of configuring, managing, and securing external sharing in SharePoint Online.
1. Understanding External Sharing in SharePoint Online
External sharing is controlled at two levels:
✔ Tenant Level – Admins define organization-wide settings via the Microsoft 365 Admin Center.
✔ Site Level – Site owners can customize external sharing settings per site.
● Types of External Sharing in SharePoint Online
| Sharing Type | Description |
|---|---|
| Anyone (Anonymous Links) | Users can share files/folders with a link that does not require sign-in. |
| New and Existing Guests | Users can invite external guests (with a Microsoft or work email account). |
| Existing Guests Only | Only pre-approved guests can access content. |
| No External Sharing | Blocks all external sharing. |
2. Configuring External Sharing at the Tenant Level
To manage external sharing settings for all SharePoint sites, follow these steps:
● Enable or Disable External Sharing
- Go to the Microsoft 365 Admin Center (https://admin.microsoft.com).
- Click SharePoint under Admin centers.
- In the SharePoint admin center, select Policies > Sharing.
- Under External Sharing, choose a level:
- Anyone (Least secure, use with caution).
- New and existing guests (Recommended for controlled access).
- Existing guests only (Most restrictive).
- Only people in your organization (Disables external sharing).
- Click Save.
● Restrict External Sharing to Specific Domains
Admins can allow or block specific external domains.
- In the SharePoint Admin Center, go to Policies > Sharing.
- Scroll to “More external sharing settings”.
- Under Limit sharing by domain, select:
- Allow only specific domains (Enter allowed domains).
- Block specific domains (Enter blocked domains).
- Click Save.
3. Configuring External Sharing at the Site Level
By default, a SharePoint site inherits tenant-level settings, but site owners can adjust them for specific needs.
● How to Manage External Sharing for a SharePoint Site
- Go to the SharePoint Admin Center.
- Click Active sites and select the site to modify.
- Click Sharing on the top menu.
- Choose an appropriate external sharing level.
- Click Save.
Tip: If external sharing is disabled at the tenant level, it cannot be enabled for a specific site.
4. How to Share Content Externally in SharePoint
Once external sharing is configured, users can share files and folders with external users.
● Steps to Share a File or Folder Externally
- Open SharePoint Online and go to the document library.
- Select the file or folder you want to share.
- Click Share.
- Choose Anyone with the link, People in your organization, or Specific people.
- Set permissions (View/Edit).
- Click Apply and then Send.
5. Managing Guest Users in Microsoft 365
External users are added as guest accounts in Azure Active Directory (Azure AD).
● How to Manage Guest Users
- Go to the Microsoft Entra Admin Center (https://entra.microsoft.com).
- Click Users > Guest Users.
- Select a guest user to view, edit, or remove permissions.
● Remove Guest Access from SharePoint
- Go to SharePoint Admin Center > Active sites.
- Select the site and click Permissions.
- Remove external users as needed.
6. Secure External Sharing Best Practices
✔ Use “Specific People” Sharing Instead of “Anyone” Links – Prevents unauthorized access.
✔ Enable Expiration Dates for Guest Access – Set time-limited access for security.
✔ Restrict External Sharing to Certain Sites – Avoid exposing sensitive data.
✔ Monitor External Sharing Reports – Use Microsoft Audit Logs to track shared files.
✔ Use Multi-Factor Authentication (MFA) – Ensures external users authenticate securely.
Final Thoughts
External sharing in SharePoint Online provides flexibility for collaboration, but it must be configured carefully to ensure security. By managing tenant-level and site-level settings, controlling guest access, and implementing security best practices, organizations can safely collaborate with external partners without compromising data security.