In this post, we will see how to control External Sharing in SharePoint Online & OneDrive for Business Online. It is better to control external sharing to restrict who can share contents with whom and this ensures your organization data safe.
Default settings on OneDrive for Business Online or for SharePoint Online is to share the content with anyone in the world (not to aliens 😉 ). Below the shows the default settings. ‘
You can login to Admin.OneDrive.com to control the external sharing both the applications.
OneDrive for Business Online
In addition, you can login to SharePoint Online Admin center to see the default settings, which will be like Allows external sharing with Authentication users, which means share with anyone who can authenticate with Azure AD.
Below the settings available for external sharing and you can choose any option that best suits your requirement or policy.
- Only People in your organization – In other words, you are disabling the external sharing capabilities.
- Existing external users – External users account already created in your Azure AD. If you create an external user, user in your organization can share with that external user
- New and existing external users – You can share with anyone, if they authenticate with Azure AD using their organization account or using their live.com account then that account will be created in your organization’s Azure AD and users in your organization can share the content with them.
- Anyone – Default option, as it is says sharing can be done to anyone and there is no requirement to login using his or her account.
We can move the slider based on our requirement to set the external sharing options.
Advanced settings for External Sharing:
Organizations may want to set the external sharing only to the domains that they collaborate on daily basis, to achieve this; on the same OneDrive admin center we control the advanced external sharing options.
You can manage the Advanced settings for external sharing settings here. I have explained the available options below.
Let external users shared items they don’t own: By default, it allows the external users to share the content with other users.
Allow or block sharing with people on specific domains: You can add the domains to which your organization users can share the documents.
External users must accept sharing invitations using the same account that the invitations were sent to: It is the best options to validate only the intended recipient is opening the shared content.
If you ask me, I would recommend organization’s to go with the below settings to ensure your data is on control.
Hope this is informative. We will see the external sharing with other domain and external user experience on my next post.