Collaborate with guests in a SharePoint site

  • 4 minutes

Organizations can use a SharePoint site if they need to collaborate with guests across documents, data, and lists. Modern SharePoint sites are connected to Microsoft 365 Groups and can manage the site membership and provide various collaboration tools such as a shared mailbox and a calendar.

The following sections describe the steps that must be completed to enable guest collaboration with SharePoint sites.

Step 1 - Configure the Microsoft Entra ID external collaboration settings

Sharing in Microsoft 365 is governed at its highest level by the B2B external collaboration settings in Microsoft Entra ID. If guest sharing is disabled or restricted in Microsoft Entra ID, this setting overrides any sharing settings that you configure in Microsoft 365.

To collaborate with guests using SharePoint sites, you must first verify the B2B external collaboration settings to ensure that sharing with guests isn't blocked. Perform the following steps to set external collaboration settings:

  1. Sign in to Microsoft Entra ID at https://entra.microsoft.com/.
  2. In the left navigation pane, expand External identities.
  3. Select External collaboration settings.
  4. Ensure that either of the following two settings is selected:
    • Member users and users assigned to specific admin roles can invite guest users including guests with member permissions
    • Anyone in the organization can invite guest users including guests and non-admins is selected
  5. If you made changes, select Save.

You should pay particular attention to the settings in the Collaboration restrictions section. Verify that the domains of the guests that you want to collaborate with aren't blocked.

If you work with guests from multiple organizations, you might want to restrict their ability to access directory data. Doing so prevents them from seeing who else is a guest in the directory. To restrict a guest's ability to access directory data, select either of the following settings under Guest user access restrictions:

  • Guest users have limited access to properties and membership of directory objects settings
  • Guest user access is restricted to properties and memberships of their own directory objects

Step 2 - Configure the Microsoft 365 Groups guest settings

Modern SharePoint sites use Microsoft 365 Groups to control site access. The Microsoft 365 Groups guest settings must be turned on in order for guest access in SharePoint sites to work.

Perform the following steps to set Microsoft 365 Groups guest settings:

  1. In the Microsoft 365 admin center, in the left navigation pane, expand Settings.
  2. Select Org settings.
  3. In the list of organizations settings, select Microsoft 365 Groups.
  4. Ensure that BOTH of the following check boxes are selected:
    • Let group owners add people outside your organization to Microsoft 365 Groups as guests
    • Let guest group members access group content
  5. If you made changes, select Save changes.

Step 3 - Configure the SharePoint organization-level sharing settings

In order for guests to have access to SharePoint sites, the SharePoint organization-level sharing settings must allow for sharing with guests. The organization-level settings determine the settings that are available for individual sites. Site settings can't be more permissive than the organization-level settings.

  • If you want to allow unauthenticated file and folder sharing, select Anyone.
  • If you want to ensure that all people outside your organization have to authenticate, select New and existing guests.

Choose the most permissive setting that's needed by any site in your organization.

Perform the following steps to set SharePoint organization-level sharing settings:

  1. In the SharePoint admin center, in the left navigation pane, under Policies, select Sharing.
  2. In the External sharing window, you can set the sharing settings for both SharePoint and OneDrive. Ensure that the external sharing option for SharePoint is set to Anyone or New and existing guests.
  3. If you made changes, select Save.

Step 4 - Create a site

The next step in the process is to create the site that you plan to use for collaborating with guests. Perform the following steps to create a site:

  1. In the SharePoint admin center, under Sites, select Active sites.
  2. Select Create.
  3. Select Team site.
  4. Type a site name and enter a name for the Group owner (site owner).
  5. Under Advanced settings, choose whether you want this site to be a public or private one.
  6. Select Next.
  7. Select Finish.

Users can be invited later. Next, it's important to check the site-level sharing settings for this site.

Step 5 - Configure the SharePoint site-level sharing settings

Check the site-level sharing settings to ensure they allow the type of access that you want for this site. For example, if you set the organization-level settings to Anyone, but you want all guests to authenticate for this site, then make sure the site-level sharing settings are set to New and existing guests.

Note

The site can't be shared with unauthenticated people (Anyone setting), but individual files and folders can. You can also use sensitivity labels to control external sharing settings for SharePoint sites.

Perform the following steps to set site-level sharing settings:

  1. In the SharePoint admin center, in the left navigation pane, expand Sites and then select Active sites.
  2. Select the site for the team that you created.
  3. On the Settings tab, select More sharing settings.
  4. Ensure that sharing is set to Anyone or New and existing guests.
  5. If you made changes, select Save.

Step 6 - Invite users

Guest sharing settings are now configured, so you can start adding internal users and guests to your site. Site access is controlled through the associated Microsoft 365 group, so you should add users there. Guests can't be added to the Microsoft 365 group from the site. Perform the following steps to invite internal users to a group:

  1. Navigate to the site where you want to add users.
  2. Select Members link in the upper-right portion of the window, which denotes the member count.
  3. Select Add members.
  4. Type the names or email addresses of the users that you want to invite to the site, and then select Save.

Important

When sharing files and folders with people outside your organization, there are various options to reduce the chances of accidentally sharing sensitive information. To determine which options best meet the needs of your organization, see Limit accidental exposure to files when sharing with people outside your organization.