In this post, we will see how to control External Sharing in SharePoint Online & OneDrive for Business Online. It is better to control external sharing to restrict who can share contents with whom and this ensures your organization data safe.


Default settings on OneDrive for Business Online or for SharePoint Online is to share the content with anyone in the world (not to aliens 😉 ). Below the shows the default settings. ‘

You can login to Admin.OneDrive.com to control the external sharing both the applications.

OneDrive for Business Online

In addition, you can login to SharePoint Online Admin center to see the default settings, which will be like Allows external sharing with Authentication users, which means share with anyone who can authenticate with Azure AD.

Below the settings available for external sharing and you can choose any option that best suits your requirement or policy.

  • Only People in your organization – In other words, you are disabling the external sharing capabilities.
  • Existing external users – External users account already created in your Azure AD. If you create an external user, user in your organization can share with that external user
  • New and existing external users – You can share with anyone, if they authenticate with Azure AD using their organization account or using their live.com account then that account will be created in your organization’s Azure AD and users in your organization can share the content with them.
  • Anyone – Default option, as it is says sharing can be done to anyone and there is no requirement to login using his or her account.

We can move the slider based on our requirement to set the external sharing options.

Advanced settings for External Sharing:

Organizations may want to set the external sharing only to the domains that they collaborate on daily basis, to achieve this; on the same OneDrive admin center we control the advanced external sharing options.

You can manage the Advanced settings for external sharing settings here. I have explained the available options below.

Let external users shared items they don’t own: By default, it allows the external users to share the content with other users.

Allow or block sharing with people on specific domains: You can add the domains to which your organization users can share the documents.

External users must accept sharing invitations using the same account that the invitations were sent to: It is the best options to validate only the intended recipient is opening the shared content.

If you ask me, I would recommend organization’s to go with the below settings to ensure your data is on control.

Hope this is informative. We will see the external sharing with other domain and external user experience on my next post.

Generating report on SharePoint Online Site collection is easy, you can run the below command to export the report.

Connect to SharePoint Online Management PowerShell and run the below command

Get-SPOSite -Limit All | export-csv C:\Temp\SPOsite.csv -NoTypeInformation

Output will be like below and you can filter based on your requirement

All the information about the Site collections in your tenant will be available in the output.

We can quickly view the SharePoint online management shell version using below command

Get-Module *Sharepoint* | fl

In addition, we can see the version number of this file to know the SharePoint Online Management Shell

C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.PowerShell.dll

Why it is required?

Microsoft may say that few things will work only on a particular PowerShell version. So better to know which version of the SharePoint Online Management shell you are using.

To connect SharePoint Online, SharePoint Online Management PowerShell to be installed on the client machine and it can be downloaded from the below location.

https://www.microsoft.com/en-in/download/details.aspx?id=35588

Once the SharePoint Online Management Shell installed, you can launch the SharePoint Online Management Shell and connect the SPO service using below options

Option 1: Using User Name and Password

  1. Store the credential to a variable

$Cred = Get-Credential –UserName admin@superhybridcloud.onmicrosoft.com –Message “Type your Password”

  1. Connect SPO Service

Connect-SPOService –Url https://superhybridcloud-admin.sharepoint.com –Credential $Cred

Option 2: Using MFA

Note: Passing user name and password as mentioned on Option1 won’t show an option to pass the MFA challenge. So if MFA enabled, use this Option.

  1. Connect SPO Service

Connect-SPOService -Url https://superhybridcloud-admin.sharepoint.com

Browser will be launched and it will ask for credential. Once the authentication successful it will trigger MFA prompt, once the MFA challenge successful, you will be connected to SPO service.

Connecting SharePoint Online PowerShell is easy Right. J