Gain control over external sharing in Microsoft 365

Documents in MetaShare can be shared with users that do not have access to the workspace they are residing in. As a global admin or SharePoint admin you can however control what type of sharing you want to allow within your organization and also within different workspaces. Beneath you see what options you have and instructions on how to set these settings.

How to change sharing setting for your organization

Depending on your business needs and the sensitivity of your data, you can:

  1. Forbid sharing with people outside your organization
  2. Require people outside your organization to authenticate
  3. Restrict sharing to specified domains

This section describes how you control the sharing capabilities at the organization level in SharePoint and OneDrive.

Azure Organizational relationships settings

Sharing in Microsoft 365 is governed at its highest level by the organizational relationships settings in Azure Active Directory. If guest sharing is disabled or restricted in Azure AD, this will override any sharing settings that you configure in Microsoft 365. If you want to be able to share documents with external users, check the organizational relationships settings to ensure that sharing with guests is not blocked by:

  1. Log in to the Azure portal.
  2. Open “Microsoft Entra ID“.
  3. In the left navigation, click on “External Identities“:
    External identities
  4. In the left navigation, click on “External collaboration settings“:
    External collaboration settings
  5. Set appropriate settings in the “Guest invite settings” section. For everyone to be able to share documents, then you need to select the “Member users and users assigned to specific admin roles can invite guest users including guests with member permissions” option:
    Guest invite settings
  6. Note the settings in the “Collaboration restrictions” section. Make sure that the domains of the guests that you want to collaborate with aren’t blocked. To not restrict sharing to any domains, select the “Allow invitations to be sent to any domain (most inclusive)” option:
    Collaboration restrictions
  7. If you made changes, click on “Save” in the toolbar.

SharePoint organization level sharing settings

In order for people outside your organization to have access to a document in SharePoint or OneDrive, the SharePoint and OneDrive organization-level sharing settings must allow for sharing with people outside your organization.

The organization-level settings for SharePoint determine what settings are available for individual SharePoint sites. Site settings cannot be more permissive than the organization-level settings. The organization-level setting for OneDrive determines what level of sharing is available in users’ OneDrive libraries.

For SharePoint and OneDrive, if you want to allow unauthenticated document sharing, choose “Anyone”. If you want to ensure that people outside your organization have to authenticate, choose “New and existing guests”. “Anyone” links are the easiest way to share: people outside your organization can open the link without authentication and are free to pass it on to others.

For SharePoint, choose the most permissive setting that will be needed by any site in your organization. To set SharePoint organization level sharing settings:

Enable external sharing in SharePoint

  1. Login to Microsoft 365 and open the “Admin” app (Microsoft 365 admin center):
  2. Open the SharePoint admin center:
  3. Under the “Policies” section, open the “Sharing” page:
  4. Set content can be shared with to “Anyone” or “New and existing guests”. Note that the OneDrive setting cannot be more permissive than the SharePoint setting:

Configure sharing links

The default file and folder links settings determine which link option is shown to the user by default when they share a document. Users can change the link type to one of the other options before sharing if desired.

  • Specific people: consider this option if you expect to do a lot of document sharing with guests. This type of link works with guests and requires them to authenticate.
  • Only people in your organization: choose this option if you expect most document sharing to be with people inside your organization.
  • Anyone with the link: choose this option if you expect to do a lot of unauthenticated document sharing. If you want to allow “Anyone” links but are concerned about accidental unauthenticated sharing, consider one of the other options as the default. This link type is only available if you’ve enabled “Anyone” sharing.
  1. Choose the type of link and permission that’s selected by default when users share documents. A recommended option to choose is “Only people in your organization” and “View”. Keep in mind that this setting affects SharePoint sites in your organization, as well as OneDrive.
    File and folder links
  2. Set the maximum period that “Anyone” links are valid and set permissions for “Anyone” links.If you set a restriction, the maximum allowed is 730 days. Note that once an “Anyone” link expires, the document can be re-shared with a new “Anyone” link.
    Choose expiration and permissions options for Anyone links
  3. If you made changes, click “Save”.

How to change sharing settings for a site

If you’re sharing files that are in a SharePoint site, you also need to check the site-level sharing settings for that site.

The settings available are dependent on your organization-level setting. If you enable external sharing for a site and it is later turned off for your organization, external sharing will become unavailable at the site level and any shared links will stop working. If it is turned back on for the organization, the site sharing setting will return to what it was before and the shared links will resume working.

To set site-level sharing settings do the following:

  1. Open SharePoint’s “Active sites”:
    1. Login to Microsoft 365 and open the “Admin” app:
      Open the Office 365 "Admin" app
    2. Open the SharePoint admin center:
      Open the SharePoint admin center
    3. Under the “Sites” section, open the “Active sites” page:
  2. Select the site that you want to change sharing for and In the ribbon, click on the Sharing function:
  3. Set the desired sharing level for the site:
  4. If you want to limit the sharing by domain or if you want to set an expiration time for guest access, then open the “Advanced settings for external sharing” and select which domains to allow/restrict the sharing with by ticking the check box “Limit sharing by domain” and thereafter add the domains that you want to allow/restrict. To to set an expiration time for guest access clear the “Same as organization-level setting” check box and set the value that you want to use for this site:
    Advanced settings for external sharing
  5. If you want to have another default sharing link type in the site than is set on the organization level, clear the “Same as organization-level setting” check box and set the value that you want to use for this site:
    Default sharing link type
  6. If you have selected “Anyone” and want to have another expiration time for “Anyone” links in the site than is set on the organization level, open the “Advanced settings for Anyone links” and clear the “Same as organization-level setting” check box and set the value that you want to use for this site:
  7. If you want to have another link permission in the site than is set on the organization level, clear the “Same as organization-level setting” check box and set the value that you want to use for this site:
  8. If you made changes, click Save.