Office 365 with SharePoint Online allows you to have granular level control of your data and how it’s shared internally and externally. In the previous post, Manage External Sharing at the Tenant Level – Office 365 (SharePoint Online), I showed you the tenant level options; the post below, I will highlight a how to do this at a site collection level.
Please keep in mind that you will need to do your own internal security assessment and fit these settings to your organization.
For more detailed information about all the external sharing scenarios in SharePoint Online, please use the Microsoft KB below.
Login to the Office Admin Center
On the left navigation menu, click Admin Centers
- You need the correct permissions to access SharePoint Admin center and make the changes
Click Site Collections
Select the Site Collection you want to change the sharing on
Set the Sharing Settings
Sharing Outside your organization – Select the option that meets your security requirements. If you have tenant level settings that are more restrictive than the default options, the lesser options will not be available.
- Don’t allow sharing outside your organization – Prevents all users for all sites from sharing with external users. This option is typically set when organizations cannot share any content externally.
- Allow sharing only with the external users that already exist in your organization’s directory – Allow sharing only for external users that are in the organizations directory. External users who do not already exist in your organization’s directory are prevented from accessing data. This is the most secure method to share data externally since the external users accessing the data must reside in the organizations directory. This gives the ability for checks and balances to be put in place because a typical user is not allowed to add external users to the organizations directory. Typically this goes through an approval work flow and is strictly governed.
- Allow users to invite and share with authenticated external users – External users who have received sharing invitations are required to sign-in with a Microsoft account to access the content. This method is a little less secure than the one above, but it’s more secure than the one below. This gives the ability for external sharing governed by the user sending the links.
- DEFAULT – Allow sharing to authenticated external users and using anonymous access – Allow site users to share sites with people who sign in as authenticated users, but you also want to allow site users to share documents through the use of anonymous guest links, which do not require invited recipients to sign in. You can also specify, in number of days, when the links will expire. This is the least secure and default option in SharePoint Online.
Additional Settings –
- Limit external sharing using domains – This option gives you granular level control to the domains you want or don’t want to allow sharing with.