Share via


Office365 OneDrive: Prevent and restrict External Sharing

By default, all Office365 users are allowed to share documents with external users.  Firstly, we are going to see how the user shares a document with external users. 

Login to your Office365 portal, and click on "One Drive" icon to create a document and share with external users.

 

 

Create a document, such as Word, Excel, etc. Click the document, and click Share.

Type the name of the external users you would like to share, you can separate them with a comma, (,) if it is more than one user.

By the way, when you type an external user's email, you must tap spacebar on your keyboard after typing his email  address so that it will be validated. 

The external users will receive the link through their emails. If you check "Get a link", you will see .

that you can share the document link with others by giving them the link as shown. 

Notice that both "View and Edit" are available regardless of the your selecting "Sign-in required or not" - this is showing you that your organization allows you to share documents with external users. That is a default setting.

Now we are going to restrict and prevent the users from sharing the document with external users. As an Office365 administrator, go to Admin > SharePoint Online as shown here.

A most important concept here is all users using SharePoint Online or OneDrive by default fall under** "your-sign-up-account-my.sharepoint.com" SITE.**

So, if you want to restrict and prevent external sharing, you must configure it at "your-sign-up-account-my.sharepoint.com".

**Site Collections > select https://kingmez-my.sharepoint.com  > click on "Sharing" icon. **

Choose "Don't allow sharing outside your organization" button as follow.

Go to your OneDrive and try to share. You can no longer validate external user's email address. (Office365 doesn't allow you validate) as shown.

If you click on "Get a link", notice that whoever gets the link needs to be a user from your organization's unlike above scenario where anyone can "view or edit" without needing to be a user from your organization.