Menu

.

Sharing content with external (non-domain users) is common in organizations. It allows you to collaborate, view, share, or get approval from individuals outside your organization. In Microsoft 365, you can share individual documents or entire channels, teams, or sites with others. While convenient, there is often concern about how to share certain pieces of content in Microsoft SharePoint without making everything available to external users. 

Here are a few considerations for sharing content externally in SharePoint:  

Can an entire SharePoint site be shared with an external user? 

Yes, it can via the Share command, which adds the user to the permissions group the owner selects. 

Can anonymous public access be granted to a SharePoint site? 

There is no permission level within a SharePoint site that will grant anonymous public access. However, access to Microsoft Teams can be set to public, allowing any user to add themselves to the team/group as a member. Doing so will, unfortunately, allow the user to access the SharePoint site associated with that team. 

If the SharePoint site is not attached to a group/team, there is no way to have open membership to the site, and users must be added explicitly via SharePoint permissions (which the Share command utilizes as well). 

When we share one specific SharePoint site with an external user, would that allow them to browse our other SharePoint sites set to “Public” mode? 

Unless the user also has access to Teams, then no, they would not be able to look for other “Public” teams and join them. 

What can prevent users from changing a Team to “Public” mode?  

In Teams Admin, you can configure policies to prevent users from changing Teams to public and even block Active Directory Groups from accessing a Team.  

Is there an alternative way to share documents, sites, etc., with an external source while staying safe? 

You could consider creating a subsite of your Team site with a unique set of permissions, allowing you to share the site with external users without accidentally giving access to additional sites or content.  

If you have a document with sensitive content, you could add a sign-in component. This feature would ensure that even if the document is shared with someone else, they wouldn’t be able to view the document without the proper sign-in credentials.  

If I decide to share with an external source, is there anything I can do to revoke access later? 

Yes, if the external source has yet to accept the invitation you sent, you can revoke access under Site Settings > Users and Permissions. If an external user has already accepted an invitation, you can remove their access in the Microsoft 365 Service Settings. You can also take away external access to a document by disabling the link. Under the Sharing settings of your document, if you click on the option “People with existing access,” you can stop sharing or change their access.  

It’s important to remember that you can limit sharing permissions within your organization and that there are even more in-depth areas within Azure Active Directory and other tools for further protection. Always know the identity of your external source before sharing and take the time to setup all necessary settings and permissions to protect yourself from a mishap down the line.

For a more in-depth look at external sharing settings in Microsoft 365, view the Microsoft 365 guest sharing settings reference.  

Thank you for reading this post! If you enjoyed it, check out some of the other articles on our blog or learn how we’ve helped other organizations in our case studies. Don’t forget to subscribe to our newsletter to stay updated with all of the latest industry news, trends, and insights.

Discover More