How do I set appropriate sharing settings in my Microsoft 365 tenant?

Documents in MetaShare can be shared with users that do not have access to the workspace they are residing in. As a global admin or SharePoint admin you can however control what type of sharing you want to allow within your organization and also within different workspaces. Beneath you see what options you have and instructions on how to set these settings.

How to change sharing setting for your tenant

Depending on your business needs and the sensitivity of your data, you can:

  1. Disallow sharing with people outside your organization
  2. Require people outside your organization to authenticate
  3. Restrict sharing to specified domains

This section describes how you control the sharing capabilities at the organization level in SharePoint and OneDrive.

Azure Organizational relationships settings

Sharing in Microsoft 365 is governed at its highest level by the organizational relationships settings in Azure Active Directory. If guest sharing is disabled or restricted in Azure AD, this will override any sharing settings that you configure in Microsoft 365. If you want to be able to share documents with external users, check the organizational relationships settings to ensure that sharing with guests is not blocked by:

  1. Log in to the Azure portal.
  2. Open “Azure Active Directory“.
  3. In the left navigation, click on “Organizational relationships“:
    Click on "Organizational relationships"
  4. In the left navigation, click on “Settings“:
    Click on "Settings"
  5. Ensure that both “Admins and users in the guest inviter role can invite” and “Members can invite” are set to “Yes”:
    Ensure that both "Admins and users in the guest inviter role can invite" and "Members can invite" are set to "Yes"
  6. Note the settings in the “Collaboration restrictions section”. Make sure that the domains of the guests that you want to collaborate with aren’t blocked:
    Make sure that the domains of the guests that you want to collaborate with aren't blocked
  7. If you made changes, click “Save”.

SharePoint organization level sharing settings

In order for people outside your organization to have access to a document in SharePoint or OneDrive, the SharePoint and OneDrive organization-level sharing settings must allow for sharing with people outside your organization.

The organization-level settings for SharePoint determine what settings are available for individual SharePoint sites. Site settings cannot be more permissive than the organization-level settings. The organization-level setting for OneDrive determines what level of sharing is available in users’ OneDrive libraries.

For SharePoint and OneDrive, if you want to allow unauthenticated document sharing, choose “Anyone”. If you want to ensure that people outside your organization have to authenticate, choose “New and existing guests”. “Anyone” links are the easiest way to share: people outside your organization can open the link without authentication and are free to pass it on to others.

For SharePoint, choose the most permissive setting that will be needed by any site in your organization. To set SharePoint organization level sharing settings:

  1. Open SharePoint’s sharing settings:
    1. Login to Microsoft 365 and open the “Admin” app:
      Open the Office 365 "Admin" app
    2. Open the SharePoint admin center:
      Open the SharePoint admin center
    3. Under the “Policies” section, open the “Sharing” page:
      Open the "Sharing" page
  2. Ensure that external sharing for SharePoint or OneDrive is set to “Anyone” or “New and existing guests”. Note that the OneDrive setting cannot be more permissive than the SharePoint setting:
    Ensure that external sharing for SharePoint or OneDrive is set to "Anyone" or "New and existing guests"
  3. The default file and folder links settings determine which link option is shown to the user by default when they share a document. Users can change the link type to one of the other options before sharing if desired. Keep in mind that this setting affects SharePoint sites in your organization, as well as OneDrive.
    Choose the type of link that’s selected by default when users share documents. A recommended option to choose is “Only people in your organization”:
    Choose the type of link that's selected by default
    1. Anyone with the link: choose this option if you expect to do a lot of unauthenticated document sharing. If you want to allow “Anyone” links but are concerned about accidental unauthenticated sharing, consider one of the other options as the default. This link type is only available if you’ve enabled “Anyone” sharing.
    2. Only people in your organization: choose this option if you expect most document sharing to be with people inside your organization.
    3. Specific people: consider this option if you expect to do a lot of document sharing with guests. This type of link works with guests and requires them to authenticate.
  4. If you want to restrict the maximum period that “Anyone” links are valid, set it here:
    Choose permissions and expiration options for Anyone links
    If you set a restriction, the maximum allowed is 730 days.
    Note that once an “Anyone” link expires, the document can be re-shared with a new “Anyone” link.
  5. If you want to set a permission for “Anyone” links, you can define if the anonymous user only can view or as well edit documents:
    You can define if the anonymous user only can view or as well edit documents
  6. If you made changes, click “Save”.

How to change sharing settings for a site/workspace

If you’re sharing files that are in a SharePoint site/workspace, you also need to check the site-level sharing settings for that site.

The settings available are dependent on your organization-level setting. If you enable external sharing for a site and it is later turned off for your organization, external sharing will become unavailable at the site level and any shared links will stop working. If it is turned back on for the organization, the site sharing setting will return to what it was before and the shared links will resume working.

To set site-level sharing settings do the following:

  1. Open SharePoint’s “Active sites”:
    1. Login to Microsoft 365 and open the “Admin” app:
      Open the Office 365 "Admin" app
    2. Open the SharePoint admin center:
      Open the SharePoint admin center
    3. Under the “Sites” section, open the “Active sites” page:
      Open the "Active sites" page
  2. Select the site that you want to change sharing for and In the ribbon, click on the Sharing function:
    Select the site that you want to change sharing for and click on the Sharing function
  3. Set the desired sharing level for the site:
    Set the desired sharing level for the site
  4. If you want to have another default sharing link type in the site than is set on the tenant level, clear the “Same as organization-level setting” check box and set the value that you want to use for this site:
    Select default sharing link type
  5. If you have selected “Anyone” sharing and want to have another expiration time for “Anyone” links in the site than is set on the tenant level, clear the “Same as organization-level setting” check box and set the value that you want to use for this site:
    Define the expiration time for "Anyone" links
  6. If you want to have another link permission in the site than is set on the tenant level, clear the “Same as organization-level setting” check box and set the value that you want to use for this site:
    Define the default link permission
  7. If you made changes, click Save.