Welcome to the fourth post in our SharePoint Online Administrator series! So far, we’ve explored your role, the SharePoint Admin Center, and how to manage sites and permissions. Now, we turn to a key challenge in modern collaboration: external sharing.
SharePoint Online makes it incredibly easy to share documents and sites with people outside your organization — but if not properly configured, it can become a serious security risk. In this post, you’ll learn how to enable external sharing the right way — giving users the access they need while keeping your data safe.
🌐 What Is External Sharing?
External sharing in SharePoint Online allows your users to:
- Share documents or folders with clients, vendors, or contractors
- Collaborate with guest users directly in shared sites
- Work securely across company boundaries
There are four levels of external sharing, ranging from most to least restrictive:
| Level | Description |
|---|---|
| Only people in your org | Blocks all external sharing |
| Existing guests only | Share only with already invited external users |
| New and existing guests | Anyone can be invited (email verification required) |
| Anyone (anonymous) | Shareable link — no sign-in required |
⚠️ Warning: Avoid “Anyone with the link” unless necessary — it’s the least secure option.
🛠 How to Configure External Sharing Settings (Step-by-Step)
Step 1: Configure Global Sharing Settings
- Go to the Microsoft 365 Admin Center
- Navigate to: Settings → Org settings → Services → SharePoint
- Under External sharing, choose the default sharing level for:
- SharePoint
- OneDrive
Recommended: Start with “New and existing guests” and tighten as needed.
Step 2: Configure Sharing at the Site Level
Each site can have its own sharing level (equal to or more restrictive than the org-wide setting).
- Go to SharePoint Admin Center → Active Sites
- Click the site you want to manage → Policies → Sharing
- Choose:
- No external sharing
- Existing guests only
- New and existing guests
- Anyone
💡 Useful for keeping sensitive HR or Finance sites internal while allowing Marketing or Project sites to be shared.
Step 3: Configure Guest Access Policies (Azure AD)
Go to Azure Active Directory → External Identities → External Collaboration Settings
Set policies like:
- Guest user permissions
- Invitation restrictions
- Expiration and lifecycle of guest access
🔐 Tip: Enable guest expiration policies to remove dormant users after X days.
Step 4: Monitor External Sharing Activity
Use these tools to keep visibility and control:
- Microsoft 365 Audit Logs
- SharePoint Sharing Reports
- Defender for Cloud Apps (formerly MCAS) for advanced sharing analytics
✅ Best Practices for Secure External Sharing
- Use guest access over anonymous links — guests sign in and can be tracked.
- Set expiration for sharing links to auto-disable access after X days.
- Enable email notifications when files are shared externally.
- Educate users on when, how, and with whom to share.
Common Use Case: Sharing a Document Securely
Scenario: A project manager needs to share a document with a vendor.
Solution:
- Go to the document in SharePoint or OneDrive
- Click Share
- Choose “Specific people”
- Enter the vendor’s email
- Ensure link requires sign-in
- Set expiration date + prevent download if needed
Coming Up Next: Content Lifecycle Management and Retention in SharePoint Online
In the next post, we’ll talk about how to manage documents at scale — versioning, content approval, and retention policies — to ensure you stay compliant while maintaining productivity.
Have questions about external sharing? Drop them in the comments — or let me know how your organization manages guest access.
Keep going — you’re building a secure, modern workplace one setting at a time! 🔐💼