This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 13%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
I have been reviewing Exchange online permissions that prevent sharing work resources with objects outside of ones 365 tenant.
Let's say I have a user mailbox which has a calendar and I want to share it with my personal gmail account so I can use it in a third party app (I wouldn't do it this way it's just a hypothetical).
If the user mailbox is allowed to share this calendar with an external address this could leak sensitive company information so I found you can disable this for all users by going to the admin center > org settings > services > calendar and unticking share with external.
When testing this in a developer tenant before I change this setting it doesn't work regardless so I'm wondering if there is another setting/policy i.e DLP that could be restricting this?
For anyone going down this rabbit hole in future:
Further testing shows this is the setting that does it and would enable it tenant wide. I ticked the box to allow it but it was getting unticked by our partner tool CIPP that manages these settings for each tenant we manage. Disabling this ensured the setting would stay either on or off.
Allowing this for only one user where there is a business case can be done through a "sharing policy" in exchange.