fbpx

Set organization-level external sharing setting

Introduction

This setting allows you to configure the organization-level sharing settings for SharePoint and OneDrive for Business.

By default, users can share files and folders with external users through both authenticated and non-authenticated sharing. For many organisations, restricting the ability to share with external users is necessary whether it be to protect intellectual property leakage or due to compliance reasons.

Use this setting to adjust the sharing level permitted in both SharePoint and OneDrive for Business, as required.

Tip – If Anyone links are enabled it is recommended to enforce expiry after a period of days. Configure this using Turn On Expiration Period for Anyone Links setting.

Important note – This setting can be overridden at each SharePoint site and therefore does not guarantee all SharePoint sites will be consistent with the sharing permission set at the organisation-level.

For more information on sharing settings, refer to this article.

User Impact

Low – Adjusting external sharing settings may impact users’ ability to share documents with external users when using restrictive settings.

Parameters

SharePoint Sharing Permission – Anyone | New and existing guests | Existing guests | Only people in your organization

OneDrive for Business Sharing Permission – Anyone | New and existing guests | Existing guests | Only people in your organization

Important – OneDrive for Business Sharing Permission must be at least as restrictive as the SharePoint Sharing Permission. MSPMagic does not validate this on the settings page so take care when configuring this setting.

Admin Portal Reference

Organization-level external sharing settings are managed in the SharePoint Admin Center.

SharePoint Admin Center -> Policies -> Sharing

External sharing settings

PowerShell Reference

# Set organizational sharing permission for SharePoint
Set-SPOTenant -SharingCapability <sharingcapability>

# Set organizational sharing permission for OneDrive for Business
Set-SPOSite -Identity https://<domain>-my.sharepoint.com/ -SharingCapability <sharingcapability>

Additional Notes

For best practices and guidance on managing sharing and security in SharePoint refer to Microsoft’s guide.

Compliance Reporting

If Action is set to Notify

We report the setting as compliant if the SharePoint and OneDrive for Business organizational settings match their respective parameter values.

We report the setting as non-compliant if one or both of the SharePoint and OneDrive for Business organizational settings do not match their respective parameter values.

If Action is set to Enforce

We report the setting as compliant if the SharePoint and OneDrive for Business organizational settings match their respective parameter values.

We report the setting as compliant-fixed if one or both of the SharePoint and OneDrive for Business organizational settings do not match their respective parameter values and we adjust to match.

Special condition

We report the setting as non-compliant if the OneDrive for Business sharing permission is less restrictive than the SharePoint sharing permission. OneDrive for Business sharing permission must be at least as restrictive as the SharePoint sharing permission.

Get Started!

The first three tenants are free! No credit card required.

Sign Up