SharePoint Online External Sharing Demystified (Part 1): Don't allow sharing outside your organization
Hi everyone, a lot of customers have questions about SharePoint Online external sharing of sites. What happens when I check this box? I've enabled external sharing but I still can't share externally. I've gone through the current four scenarios with screenshots in the hopes that it will demystify some of these settings. This is the first of 4 blogs on this subject, each to do with each of the admin settings below.
Here is a mini table of contents
- Scenario 1: Don't Allow Sharing Outside You Organization
- Scenario 2: Allow sharing only with the external users that already exist in your organization's directory
- Scenario 3: Allow users to invite and share with authenticated external users
- Scenario 4: Allow sharing to authenticated external users and using anonymous access links
- External Sharing Matrix
Scenario 1: Don't allow sharing outside your organization
Note: The settings in the screenshot below are accessible via a Global admin OR a SharePoint Admin (meaning someone who has been granted access to the SharePoint Admin center BY a Global Admin). The location is as follows: O365 Portal>>SharePoint admin>>Sharing'
The owner of a site tries to share with a Hotmail account and as expected is prevented from doing hence the red warning text below.
I went a step further and, as the Global Admin, added the Hotmail account to Azure AD just to see what would happen
I then logged into the Hotmail account as the test External user and made sure to accept the email invitation
After the external user accepts the invite they are automatically added to the O365 portal as a Guest account as you can see here from this screenshot
Just as before, when the site owner tries to share with the Hotmail account they are prevented from doing so. So my point was, even if the external user was added to AD the setting of Don't Allow Sharing Outside your Organization still prevented the site from being shared.