External Sharing in SharePoint Online

Episodes in the Microsoft 365 External Sharing Series

  1. External Sharing in Microsoft 365
  2. External Sharing in SharePoint Online
  3. External Sharing in Microsoft Teams
  4. External Sharing in Microsoft 365: The Rest

Team Site vs Communication Site External Sharing

For Team Sites, the external sharing is on by default when you set up your tenant. This is usually where people are doing most of their external sharing and collaboration on documents.

With Communication Sites you can share externally, however, you can’t do it from the site itself until you turn on the external sharing in the Admin Center. There are 3 different options for sharing: anyone, new and existing guests, and existing guests only.

You can sync hub permissions from a communication site. This will not turn on that external sharing for you. Again, this can be done in the Admin Center.

Common External Sharing Questions

Sharing Option is Unavailable

“Your organization is preventing you from selecting this option.”

What causes this? Under the Admin Center in Sharing, there is an option to choose “Only people in your organization. No external sharing allowed.”

“That didn’t work”

Users see this message all the time, especially when you work in more than one tenant. Users might be logged in with one tenant and try to go to another tenant which results in this message. A solution for this may be to use profiles in your browserso that you are sure you are connected to the right tenant with the right account. This is often a user error.

Using the Sharing Dialogue

The sharing dialogue allows people to easily share links to documents. It is important to pay attention to the link settings as many people are unintentionally breaking inheritance. The link settings can be set to ‘Anyone with link’, ‘People in tenant with the link’, ‘People with existing access’, or ‘Specific people’. These settings will be restricted depending on the sharing settings on the tenant-level. You can choose which link setting is the default on the tenant-level for all choices except ‘People with existing access’ which much be set at the site collection level.

People with existing access is the safest permissions since you don’t have to change anything. We recommend this to ensure you are not breaking inheritance accidentally in your document libraries.

At Sympraxis, we find we do not often use the sharing dialogue box to share content. When sharing links, context is extremely important. Instead of just sharing a link, give context as to what the link is and what action needs to be taken. The sharing dialogue is also known to be victim to phishing scams.

From an administrative standpoint, you should always think about the fact that people will most likely take whatever default option you’ve given them. In your organization, think about how you feel about sharing, what the default should be, and how you should educate the people in your organization.

Great news - your external users cannot see navigation items where they do not have access. And they will not have access to the SharePoint app bar. If you share a document or a page with an external user and they don’t have access to other items in the communications site, teams site or hub nav, they won’t see those other options.

If you have internal users and you share just a document or page, they’re not going to see those different libraries or other items in the nav they don’t have access to either. However, if you are linking to other items in the hub nav or SharePoint app bar, you do have to audience target.

Controlling Who Has Access to Share

In the SharePoint Admin Setting, under Policies you’ll find Sharing. SharePoint and OneDrive have separate sharing levels. You are able to control which domains you can share with. You can also limit specific people that share externally, for example, with managed security groups. These settings would all be at the tenant level.

App Catalog & SharePoint Framework Solutions

In general, this is related to any SharePoint Framework solution. A common issue is that guest users will be invited into a site and they will not be able to see the customizations that were added to that site via SPFx app customizers, web parts, etc. The recommended way to solve this issue is to turn on the public CDN. This takes the document library where the manifest for the SPFx components are stored and exposes it on a public URL. When the guest comes to the site collection, their ability to get the code for the SPFx solution comes from a publicly available URL. They can then load the code from the tenant app catalog where they don’t technically have access.

If you are not open to turning the public CDN on, you can add the “everyone” group to the app catalog site collection - Visitors group, but to do so you have to enable the “everyone” group with PowerShell or it’s not available.

How are you externally sharing content? Continue the conversation on Twitter with the hashtag #AskSympraxis and mention @SympraxisC.