External Sharing
Control how content is shared with people outside your organization. Configure sharing policies at the tenant, site, and file level to balance collaboration needs with security requirements.
Note: External sharing increases data exposure risk. Review sharing settings regularly and implement least-privilege sharing policies.
Sharing Levels
- Only people in your organization (Most Restrictive) — No external sharing allowed. Content can only be accessed by internal users.
- Existing guests only — Share only with guests already in your directory. New guest invitations blocked.
- New and existing guests (Recommended) — Guests must sign in or verify their identity. Creates guest accounts in your directory.
- Anyone with the link (Most Permissive) — Anonymous access via shareable links. No authentication required. Use with caution.
Tenant-Level Settings
| Setting | Description | Options |
|---|---|---|
| SharePoint external sharing | Maximum sharing level allowed | New and existing guests, Existing guests only, Only people in your organization, Anyone |
| OneDrive external sharing | Can be equal or more restrictive than SharePoint | New and existing guests, Existing guests only, Only people in your organization |
Link Settings
Default Link Type
Link type selected by default when users share:
- People in your organization
- People with existing access
- Specific people
- Anyone (if enabled)
Default Permissions
Default permission level for shared links:
- View only (read)
- Edit (read/write)
- Review (limited editing)
Link Expiration
Configure automatic expiration for sharing links:
| Link Type | Description | Default |
|---|---|---|
| Anyone links expiration | Maximum lifetime for anonymous links | 30 days |
| Guest links expiration | Maximum lifetime for guest links | 90 days |
Domain Restrictions
Control which domains can receive shared content:
Allow List
Only allow sharing to specified domains. Block all others.
Examples: partner.com, vendor.org
Block List
Block sharing to specified domains. Allow all others.
Examples: competitor.com, gmail.com
Site-Level Overrides
Individual sites can have more restrictive sharing settings:
| Site | Sharing Level | Reason |
|---|---|---|
| HR Documents | Internal Only | Sensitive employee data |
| Finance | Existing Guests | Audit requirements |
| Marketing | New & Existing | Agency collaboration |
External Sharing Report
| Metric | Value |
|---|---|
| Active External Shares | 847 |
| Anonymous Links | 156 |
| Guest Users | 234 |
| Expiring Soon | 12 |
Best Practices
- Prefer authenticated sharing — Use “New and existing guests” over “Anyone” to maintain audit trails.
- Set link expiration — Configure automatic expiration to limit long-term exposure.
- Use domain restrictions — Limit sharing to known partner and vendor domains where possible.
- Review shares regularly — Periodically audit external shares and remove stale access.
API Reference
GET /api/sharepoint/external-sharing/settings— Get tenant sharing settingsPUT /api/sharepoint/external-sharing/settings— Update sharing settingsGET /api/sharepoint/external-sharing/report— Get external sharing reportGET /api/sharepoint/sites/:id/sharing— Get site sharing settings