Collaborate with guests in a site
If you need to collaborate with guests across documents, data, and lists, you can use a SharePoint site. Modern SharePoint sites are connected to Microsoft 365 Groups and can manage the site membership and provide additional collaboration tools such as a shared mailbox and a calendar.
In this article, we'll walk through the Microsoft 365 configuration steps necessary to set up a SharePoint site for collaboration with guests.
This video shows the configuration steps described in this document.
Azure external collaboration settings
Sharing in Microsoft 365 is governed at its highest level by the B2B external collaboration settings in Azure Active Directory. If guest sharing is disabled or restricted in Azure AD, this setting overrides any sharing settings that you configure in Microsoft 365.
Check the B2B external collaboration settings to ensure that sharing with guests is not blocked.
To set external collaboration settings
- Log in to Azure Active Directory at https://aad.portal.azure.com.
- In the left navigation pane, click Azure Active Directory.
- Click External identities.
- On the Get started screen, in the left navigation pane, click External collaboration settings.
- Ensure that either Member users and users assigned to specific admin roles can invite guest users including guests with member permissions or Anyone in the organization can invite guest users including guests and non-admins is selected.
- If you made changes, click Save.
Note the settings in the Collaboration restrictions section. Make sure that the domains of the guests that you want to collaborate with aren't blocked.
If you work with guests from multiple organizations, you may want to restrict their ability to access directory data. This will prevent them from seeing who else is a guest in the directory. To do this, under Guest user access restrictions, select Guest users have limited access to properties and membership of directory objects settings or Guest user access is restricted to properties and memberships of their own directory objects.
Microsoft 365 Groups guest settings
Modern SharePoint sites use Microsoft 365 Groups to control site access. The Microsoft 365 Groups guest settings must be turned on in order for guest access in SharePoint sites to work.
To set Microsoft 365 Groups guest settings
- In the Microsoft 365 admin center, in the left navigation pane, expand Settings.
- Click Org settings.
- In the list, click Microsoft 365 Groups.
- Ensure that the Let group owners add people outside your organization to Microsoft 365 Groups as guests and Let guest group members access group content check boxes are both checked.
- If you made changes, click Save changes.
SharePoint organization-level sharing settings
In order for guests to have access to SharePoint sites, the SharePoint organization-level sharing settings must allow for sharing with guests.
The organization-level settings determine the settings that will be available for individual sites. Site settings cannot be more permissive than the organization-level settings.
If you want to allow unauthenticated file and folder sharing, choose Anyone. If you want to ensure that all people outside your organization have to authenticate, choose New and existing guests. Choose the most permissive setting that will be needed by any site in your organization.
To set SharePoint organization-level sharing settings
- In the Microsoft 365 admin center, in the left navigation pane, under Admin centers, select SharePoint.
- In the SharePoint admin center, in the left navigation pane, under Policies, select Sharing.
- Ensure that external sharing for SharePoint is set to Anyone or New and existing guests.
- If you made changes, select Save.
Create a site
The next step is to create the site that you plan to use for collaborating with guests.
To create a site
- In the SharePoint admin center, under Sites, select Active sites.
- Select Create.
- Select Team site.
- Type a site name and enter a name for the Group owner (site owner).
- Under Advanced settings, choose if you want this site to be a public or private one.
- Select Next.
- Select Finish.
We'll invite users later. Next, it's important to check the site-level sharing settings for this site.
SharePoint site-level sharing settings
Check the site-level sharing settings to make sure that they allow the type of access that you want for this site. For example, if you set the organization-level settings to Anyone, but you want all guests to authenticate for this site, then make sure the site-level sharing settings are set to New and existing guests.
Note that the site cannot be shared with unauthenticated people (Anyone setting), but individual files and folders can.
To set site-level sharing settings
- In the SharePoint admin center, in the left navigation, expand Sites and select Active sites.
- Select the site that you want to share.
- Select ..., and select Sharing.
- Ensure that sharing is set to Anyone or New and existing guests.
- If you made changes, select Save.
Guest sharing settings are now configured, so you can start adding internal users and guests to your site. Site access is controlled through the associated Microsoft 365 group, so we'll be adding users there.
To invite internal users to a group
- Navigate to the site where you want to add users.
- Select Members link in the upper right which denotes the member count.
- Select Add members.
- Type the names or email addresses of the users that you want to invite to the site, and then select Save.
Guests can't be added to the Microsoft 365 group from the site. For information about how to add guest to a group, see Adding guests to Microsoft 365 Groups.