SharePoint lets users easily collaborate with other parties, including internal team members as well as external clients and partners. By default, individual employees can freely decide which files to share with external parties and what level of access to grant.
But there are often good reasons for admins to step in and adjust SharePoint’s external sharing settings for the entire organization.
Let’s look at why this makes sense and how to go about it.
Why control SharePoint’s external sharing settings?
While directly sharing files with external parties can speed up tasks and processes, it also carries certain risks, including:
- Higher chance of data leaks or unauthorized access to sensitive information
- Increased complexity for SharePoint admins due to fragmented external sharing levels set by various internal users and departments.
- Risk of compliance issues or breach of regulations related to sharing of sensitive data (e.g. GDPR)
That’s why SharePoint admins will often want to set certain external sharing limits for the entire organization.
How to adjust SharePoint external sharing?
Here’s how to access the “External sharing” menu to make adjustments:
1. Log in to your SharePoint admin center.
2. Expand the Policies dropdown in the left-hand menu.
3. Click on Sharing.
4. You should now see the following:
The above sliders for SharePoint and OneDrive now let you quickly adjust the external sharing settings from most to least permissive. These settings will define the maximum level of access a user within your organization is allowed to grant any external party when sharing files.
The sharing levels are as follows:
- Anyone: As the name suggests, this lets any internal user share files with any third party without restrictions or authentication.
- New and existing guests: This lets users share only with existing guests while requiring new guests to sign up via an invitation link.
- Existing guests: This restricts access only to pre-approved existing guests. External parties without established guest accounts in your organization cannot be granted access by an individual user.
- Only people in your organization: As you’d expect, this essentially means “No external sharing at all.”
Additional external sharing options explained
Below the above External sharing sliders, admins will see a dropdown called More external sharing settings.
Let’s take a closer look at what those are:
- Limit external sharing by domain: This lets admins whitelist specific domains that internal users can share access with. Sharing with other domains won’t be allowed.
- Allow only users in specific security groups to share externally: Admins can create different security groups within their organization and limit external sharing accordingly. For more on how this works, visit Microsoft’s “Manage security groups” page.
- Guests must sign in using the same account to which sharing invitations are sent: Ticking this button makes sure that third parties can’t e.g. receive an invite on their work account but then log in using their private email.
- Allow guests to share items they don’t own: This is checked off by default, but admins can choose to e.g. let users share files they themselves don’t have full control permissions for.
- Guest access to a site or OneDrive will expire automatically after this many days: This makes sure that any external invites will only be valid for a set number of days.
- People who use a verification code must reauthenticate after this many days: This forces external parties to sign in again after a set number of days to verify their access.
Adjusting external sharing for specific sites
Note that the above External sharing settings apply to your entire organization by default. This is sufficient for most circumstances. But if you manage multiple sites within a company, you may want a more nuanced degree of control.
To change sharing settings for a specific site, follow these steps:
1. Expand the Sites dropdown in the left-hand menu of your SharePoint admin center.
2. Select Active sites to see the full list.
3. From the Active sites list, select the site(s) you wish to adjust sharing settings for.
4. Click on the Sharing icon at the top.
5. You will now see a familiar Sharing screen:
6. Adjust the external sharing settings for the site(s) following our explainers above.
7. Click Save
That’s it!
For a quick summary of SharePoint’s external sharing settings, take a look at this 2-minute video: https://www.microsoft.com/en-us/videoplayer/embed/RE4yw9m?autoplay=false&postJsllMsg=true
Automate your SharePoint’s external sharing rules with Tricent
As you can see, managing top-level settings for multiple SharePoint sites can quickly become overwhelming. This is especially true for large multinational organizations.
We built Tricent to make compliance automation and sharing rules management faster, easier, and less manual.
Our tool lets you:
- Perform comprehensive audits of all shared SharePoint items in seconds
- Gain a comprehensive overview of all files shared and permissions granted—across both personal drives and sharepoint drives
- Administrate bulk remediation
- Set blanket sharing rules for SharePoint in a more intuitive way
- Involve end-users in auditing their own shared items
- …and more.
As a Microsoft partner, our tool meets their highest security standards. You can read more about it here: https://www.tricent.com/products/microsoft-365/
Want to test it out for yourself?
Calculate your digital footprint.
If you are concerned about your company’s exposure level, try our FREE RISK CALCULATOR and get a benchmark estimate on your exposure to your external file sharing.
Related Articles on the blog:
- https://www.tricent.com/blog/azure-microsoft-365-admin-concerns-with-external-file-sharing/
- https://www.tricent.com/blog/managing-file-sharing-in-azure-and-microsoft-365-a-guide-for-system-administrators/
Background sources:
https://learn.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off
https://sharegate.com/blog/ultimate-guide-to-sharepoint-external-sharing
https://blog.mydock365.com/configure-organization-level-sharing-settings-for-sharepoint