Turn external sharing on or off
If you're working with vendors, clients, or customers outside of your organization, you might want to give them access to specific sites, folders, or files. This article describes how to set your organization-level sharing settings for SharePoint and OneDrive. You must be a global or SharePoint admin in Office 365 to do this.
External sharing is controlled at both the organization level and the site level (previously referred to as the site collection level). The organization-level settings determine what options are available at the site level. The external sharing settings for individual sites (site collections) can be more restrictive than whatever is allowed at the organization level, but these settings can't be more permissive.
For info about changing the external sharing setting for a site, see Change the external sharing setting for a site. To learn how to change the external sharing setting for a user's OneDrive, see Change the external sharing setting for a user's OneDrive.
Change the organization-level external sharing setting
Sign in to https://admin.microsoft.com as a global or SharePoint admin. (If you see a message that you don't have permission to access the page, you don't have Office 365 administrator permissions in your organization.)
In the left pane, under Admin centers, select SharePoint. (You might need to select Show all to see the list of admin centers.)
If the classic SharePoint admin center appears, select Try it now to open the new SharePoint admin center.
In the left pane of the new SharePoint admin center, under Policies, select Sharing.
Under External sharing, specify your sharing level for SharePoint and OneDrive. The default level for both is "Anyone."
The SharePoint setting applies to all site types, including those connected to Office 365 groups.
The OneDrive setting can be more restrictive than the SharePoint setting, but not more permissive.
The SharePoint external sharing setting on this page is the same as the one in the Microsoft 365 admin center, under Settings > Services & add-ins > Sites. These settings are also the same as those in the OneDrive admin center.
Which option to select...
|Select this option:||If you want to:|
||Allow users to share files and folders by using links that let anyone who has the link access the files or folders anonymously. This setting also allows users to share sites with new and existing guests who authenticate. If you select this setting, you can restrict the Anyone links so that they must expire within a specific number of days, or so that they can give only View permission.
|New and existing guests
||Require people who have received invitations to sign in with a their work or school account (if their organization uses Office 365) or a Microsoft account, or to provide a code to verify their identity. Users can share with guests already in your organization's directory, and they can send invitations to people who will be added to the directory if they sign in. For more info about verification codes, see Secure external sharing in SharePoint Online
Invitations to view content can be redeemed only once. After an invitation has been accepted, it cannot be shared or used by others to gain access.
|Only existing guests
||Allow sharing only with guests who are already in your directory. These guests may exist in your directory because they previously accepted sharing invitations or because they were manually added, such as through Azure B2B collaboration. (To see the guests in your organization, go to the Guests page in the Microsoft 365 admin center).
|Only people in your organization
||Turn off external sharing.|
If you turn off external sharing for your organization and later turn it back on, guests who previously had access will regain it. If you know that external sharing was previously turned on and in use for specific sites and you don't want guests to be able to regain access, first turn off external sharing for those specific sites.
If you restrict or turn off external sharing, guests will typically lose access within one hour of the change.
Advanced settings for external sharing
Limit external sharing by domain
This is useful if you want to limit sharing with particular partners, or help prevent sharing with people at certain organizations. The organization-level setting on this page affects all SharePoint sites and each user's OneDrive. To use this setting, list the domains (maximum of 1000) in the box, using the format domain.com. To list multiple domains, press Enter after adding each domain.
You can also limit external sharing by domain by using the Set-SPOTenant Microsoft PowerShell cmdlet with -SharingDomainRestrictionMode and either -SharingAllowedDomainList or -SharingBlockedDomainList. For info about limiting external sharing by domain at the site level, see Restricted domains sharing.
Guests must accept sharing invitations using the same account that the invitations were sent to
By default, guests can receive an invitation at one account but sign in with a different account. After they redeem the invitation, it can't be used with any other account.
Allow guests to share items they don't own
By default, guests must have full control permission to share items externally.
File and folder sharing links
Choose the option you want to show by default when a user gets a link.
This setting specifies the default for your organization, but site owners can choose a different default link type for a site.
- Specific people - This option allows users to enter external email addresses, but it's best for very targeted sharing because forwarded links won't work.
- Only people in your organization - If links are forwarded, they'll work for anyone in the organization. This option is best if your organization shares broadly internally and rarely shares externally.
- Anyone with the link - This option is available only if your external sharing setting is set to "Anyone." Forwarded links will work internally or externally, but you won't be able to track who has access to shared items or who has accessed shared items. This is best for friction-free sharing if most files and folders in SharePoint and OneDrive aren't sensitive.
If you select "Anyone with the link," but the site or OneDrive is set to allow sharing only with guests who sign in or provide a verification code, the default link will be "Only people in your organization." Users will need to change the link type to "Specific people" to share files and folders in the site or OneDrive externally.
Advanced settings for "Anyone" links
Link expiration - You can require all "Anyone" links to expire, and specify the maximum number of days allowed
Link permissions - You can restrict "Anyone" links so that they can only provide view permission for files or folders.
Display to owners the names of people who viewed their files
This setting lets you control whether the owner of a shared file can see the people who only view (and don't edit) the file in OneDrive file access statistics. File access statistics appear on a card when users hover over a file name or thumbnail in OneDrive. The statistics include the number of views on the file, the number of people who viewed it, and the list of people who viewed it.
This setting is selected by default. If you clear it, file viewer info is still recorded and available to you to audit as an admin. OneDrive owners will also still be able to see people viewing their shared Office files by using Office Online or the Office desktop apps.
On the classic sharing page, you can choose whether you want the default link permission to be view or edit.
You can also allow only users in specific security groups to share externally. To see the security groups in your organization, go to the Groups page in the Microsoft 365 admin center.
We'd love to hear your thoughts. Choose the type you'd like to provide:
Our feedback system is built on GitHub Issues. Read more on our blog.