Manage sharing settings

This article describes how Global Administrators and SharePoint Administrators in Microsoft 365 can change their organization-level sharing settings for Microsoft SharePoint and Microsoft OneDrive. (If you want to share a file or folder, read Share SharePoint files or folders or Share OneDrive files and folders.)

For end-to-end guidance around how to configure guest sharing in Microsoft 365, see:

To change the sharing settings for a site after you've set the organization-level sharing settings, see Change sharing settings for a site. To learn how to change the external sharing setting for a user's OneDrive, see Change the external sharing setting for a user's OneDrive.

Video demonstration

This video shows how the settings on the Sharing page in the SharePoint admin center affect the sharing options available to users.

Change the organization-level external sharing setting

  1. Go to Sharing in the SharePoint admin center, and sign in with an account that has admin permissions for your organization.

  2. Under External sharing, specify your sharing level for SharePoint and OneDrive. The default level for both is "Anyone."


    The SharePoint setting applies to all site types, including those connected to Microsoft 365 groups.

    The OneDrive setting can be more restrictive than the SharePoint setting, but not more permissive.

    External sharing settings

    This setting is for your organization overall. Each site has its own sharing setting that you can set independently, though it must be at the same or more restrictive setting as the organization. See Change the external sharing setting for a site for more information.


Azure Active Directory external collaboration settings determine who can invite guests in your organization. Be sure to review Azure AD guest access settings as part of your SharePoint and OneDrive sharing setup.

Which option to select

Select this option: If you want to:
Allow users to share files and folders by using links that let anyone who has the link access the files or folders without authenticating. This setting also allows users to share sites with new and existing guests who authenticate. If you select this setting, you can restrict the Anyone links so that they must expire within a specific number of days, or so that they can give only View permission.

File requests requires that OneDrive be set to Anyone and edit permissions for Anyone links be enabled. OneDrive settings other than Anyone disable file requests.

See Best practices for sharing files and folders with unauthenticated users for more information.
New and existing guests
Require people who have received invitations to sign in with their work or school account (if their organization uses Microsoft 365) or a Microsoft account, or to provide a code to verify their identity. Users can share with guests already in your organization's directory, and they can send invitations to people who will be added to the directory if they sign in. For more info about verification codes, see Secure external sharing in SharePoint

Invitations to view content can be redeemed only once. After an invitation has been accepted, it can't be shared or used by others to gain access.
Existing guests
Allow sharing only with guests who are already in your directory. These guests may exist in your directory because they previously accepted sharing invitations or because they were manually added, such as through Azure B2B collaboration. (To see the guests in your organization, go to the Guests page in the Microsoft 365 admin center).
Only people in your organization
Turn off external sharing.


If you turn off external sharing for your organization and later turn it back on, guests who previously had access regain it. If you know that external sharing was previously turned on and in use for specific sites and you don't want guests to regain access, first turn off external sharing for those specific sites.

If you restrict or turn off external sharing, guests typically lose access within one hour of the change.

More external sharing settings

More external sharing settings

Limit external sharing by domain

This is useful if you want to limit sharing with particular partners, or help prevent sharing with people at certain organizations. The organization-level setting on this page affects all SharePoint sites and each user's OneDrive. To use this setting, list the domains (maximum of 3000) in the box, using the format To list multiple domains, press Enter after adding each domain.

You can also limit external sharing by domain by using the Set-SPOTenant Microsoft PowerShell cmdlet with -SharingDomainRestrictionMode and either -SharingAllowedDomainList or -SharingBlockedDomainList. For info about limiting external sharing by domain at the site level, see Restricted domains sharing.


Allowed or blocked domains in Azure AD also affect SharePoint and OneDrive. Be sure to review Azure AD collaboration restrictions as part of your SharePoint and OneDrive sharing setup.

Allow only users in specific security groups to share externally

For info about this setting, see Manage security groups.

Guests must sign in using the same account to which sharing invitations are sent

By default, guests can receive an invitation at one account but sign in with a different account. After they redeem the invitation, it can't be used with any other account.

Allow guests to share items they don't own

By default, guests must have full control permission to share items externally.

Guest access to a site or OneDrive will expire automatically after this many days

If your administrator has set an expiration time for guest access, each guest that you invite to the site or with whom you share individual files and folders will be given access for a certain number of days. For more information visit, Manage guest expiration for a site

People who use a verification code must reauthenticate after this many days

If people who use a verification code have selected to "stay signed in" in the browser, they must prove they can still access the account they used to redeem the sharing invitation.

Choose the option you want to show by default when a user gets a link.

Default links


This setting specifies the default for your organization, but site owners can choose a different default link type for a site.

  • Specific people - This option is most restrictive and impedes broad internal sharing. If you allow external sharing, this option lets users share with specific people outside the organization.

  • Only people in your organization - If links are forwarded, they'll work for anyone in the organization. This option is best if your organization shares broadly internally and rarely shares externally.

  • Anyone with the link - This option is available only if your external sharing setting is set to "Anyone." Forwarded links work internally or externally, but you can't track who has access to shared items or who has accessed shared items. This is best for friction-free sharing if most files and folders in SharePoint and OneDrive aren't sensitive.


    If you select "Anyone with the link," but the site or OneDrive is set to allow sharing only with guests who sign in or provide a verification code, the default link is "Only people in your organization." Users need to change the link type to "Specific people" to share files and folders in the site or OneDrive externally.

Settings in the new SharePoint admin center

Link expiration - You can require all "Anyone" links to expire, and specify the maximum number of days allowed. If you change the expiration time, existing links will keep their current expiration time if the new setting is longer, or be updated to the new setting if the new setting is shorter.

Link permissions - You can restrict "Anyone" links so that they can only provide view permission for files or folders.

If you are using file requests, the link permissions must be set for View and edit for files and View, edit, and upload for folders.


Other sharing settings

Display to owners the names of people who viewed their files

This setting lets you control whether the owner of a shared file can see on the file card the people who only view (and don't edit) the file in OneDrive. The file card appears when users hover over a file name or thumbnail in OneDrive. The info includes the number of views on the file, the number of people who viewed it, and the list of people who viewed it. To learn more about the file card, see See files you shared in OneDrive.


This setting is selected by default. If you clear it, file viewer info is still recorded and available to you to audit as an admin. OneDrive owners can also still see people who have viewed their shared Office files by opening the files from or from the Office desktop apps.

Let site owners choose to display the names of people who viewed files or pages in SharePoint

This setting lets you specify whether site owners can allow users who have access to a file, page, or news post to see on the file card who has viewed the item.

Viewer information on the file card for a document.

This setting is turned on by default at the organization level and off at the site level for existing sites. Viewer information is shown only when the setting is on at both the organization and site level. We recommend that site owners turn on this feature only on team sites that don't have sensitive information. Learn how site owners can turn on this feature.


Historical data is included when this setting is enabled. Likewise, if the setting is turned off and back on at the organization level or site level, the views during the off period are included in the history.

On the classic Sharing page, you can limit external sharing by security group and shorten sharing links or change their default permission.

Need more help?

Ask a question If you have technical questions about this topic, you may find it helpful to post them on the SharePoint discussion forum. It's a great resource for finding others who have worked with similar issues or who have encountered the same situation.

You can also find help on security and permissions in these YouTube videos from SharePoint community experts.

See also

Limit accidental exposure to files when sharing with guests

Create a secure guest sharing environment

Stop sharing files or folders or change permissions

External sharing & collaboration with OneDrive, SharePoint & Teams (Ignite 2020)