Collaborate with guests in a site (IT Admins)
If you need to collaborate with guests across documents, data, and lists, you can use a SharePoint site. Modern SharePoint sites are connected to Microsoft 365 Groups and can manage the site membership and provide additional collaboration tools such as a shared mailbox and a calendar.
In this article, we'll walk through the Microsoft 365 configuration steps necessary to set up a SharePoint site for collaboration with guests.
Video demonstration
This video shows the configuration steps described in this document.
Microsoft Entra External ID external collaboration settings
Sharing in Microsoft 365 is governed at its highest level by the external collaboration settings in Microsoft Entra External ID. If guest sharing is disabled or restricted in Microsoft Entra External ID, this setting overrides any sharing settings that you configure in Microsoft 365.
Check the external collaboration settings to ensure that sharing with guests isn't blocked.
To set external collaboration settings
- Sign in to Microsoft Entra External ID at https://entra.microsoft.com/.
- In the left navigation pane, expand External identities.
- Select External collaboration settings.
- Ensure that either Member users and users assigned to specific admin roles can invite guest users including guests with member permissions or Anyone in the organization can invite guest users including guests and non-admins is selected.
- If you made changes, select Save.
Note the settings in the Collaboration restrictions section. Make sure that the domains of the guests that you want to collaborate with aren't blocked.
If you work with guests from multiple organizations, you might want to restrict their ability to access directory data. This prevents them from seeing who else is a guest in the directory. To do this, under Guest user access restrictions, select Guest users have limited access to properties and membership of directory objects settings or Guest user access is restricted to properties and memberships of their own directory objects.
Microsoft 365 Groups guest settings
Modern SharePoint sites use Microsoft 365 Groups to control site access. The Microsoft 365 Groups guest settings must be turned on in order for guest access in SharePoint sites to work.
To set Microsoft 365 Groups guest settings
- In the Microsoft 365 admin center, in the left navigation pane, expand Settings.
- Select Org settings.
- In the list, select Microsoft 365 Groups.
- Ensure that the Let group owners add people outside your organization to Microsoft 365 Groups as guests and Let guest group members access group content check boxes are both checked.
- If you made changes, select Save changes.
SharePoint organization-level sharing settings
In order for guests to have access to SharePoint sites, the SharePoint organization-level sharing settings must allow for sharing with guests.
The organization-level settings determine the settings that are available for individual sites. Site settings can't be more permissive than the organization-level settings.
If you want to allow unauthenticated file and folder sharing, choose Anyone. If you want to ensure that all people outside your organization have to authenticate, choose New and existing guests. Choose the most permissive setting that's needed by any site in your organization.
To set SharePoint organization-level sharing settings
- In the SharePoint admin center, in the left navigation pane, under Policies, select Sharing.
- Ensure that external sharing for SharePoint is set to Anyone or New and existing guests.
- If you made changes, select Save.
Create a site
The next step is to create the site that you plan to use for collaborating with guests.
To create a site
- In the SharePoint admin center, under Sites, select Active sites.
- Select Create.
- Select Team site.
- Type a site name and enter a name for the Group owner (site owner).
- Under Advanced settings, choose if you want this site to be a public or private one.
- Select Next.
- Select Finish.
We'll invite users later. Next, it's important to check the site-level sharing settings for this site.
SharePoint site-level sharing settings
Check the site-level sharing settings to make sure that they allow the type of access that you want for this site. For example, if you set the organization-level settings to Anyone, but you want all guests to authenticate for this site, then make sure the site-level sharing settings are set to New and existing guests.
Note that the site can't be shared with unauthenticated people (Anyone setting), but individual files and folders can.
You can also use sensitivity labels to control external sharing settings for SharePoint sites.
To set site-level sharing settings
- In the SharePoint admin center, in the left navigation pane, expand Sites and select Active sites.
- Select the site for the team that you just created.
- On the Settings tab, select More sharing settings.
- Ensure that sharing is set to Anyone or New and existing guests.
- If you made changes, select Save.
Invite users
Guest sharing settings are now configured, so you can start adding internal users and guests to your site. Site access is controlled through the associated Microsoft 365 group, so we'll be adding users there.
To invite internal users to a group
- Navigate to the site where you want to add users.
- Select Members link in the upper right, which denotes the member count.
- Select Add members.
- Type the names or email addresses of the users that you want to invite to the site, and then select Save.
Guests can't be added to the Microsoft 365 group from the site. For information about how to add guest to a group, see Adding guests to Microsoft 365 Groups.
See also
Best practices for sharing files and folders with unauthenticated users
Limit accidental exposure to files when sharing with guests
Create a secure guest sharing environment
Create a B2B extranet with managed guests
SharePoint and OneDrive integration with Microsoft Entra External ID