I'm in the testing phase of moving a large chunk of our files into SharePoint. I currently have Sharing set at the org level to "Organizational Sharing Only". During testing, I created a 365 Group and set it to Owners only (myself and another user) - no members or visitors. Uploaded a document into the library and shared it with a test user within the organization. They can still open and do whatever (based on the share permissions).
Is there a way to set permissions to prevent this? For instance, stop someone in an Accounting Site Document Library from sharing a file with a user in another department within the organization?