☕ SharePoint Tip #8 — External Sharing and Guest Access explained
Good morning! Here is your 15-minute SharePoint tip for today.
Day 8 | Week 2 — Administration & Security
External Sharing and Guest Access
External sharing is one of the most powerful — and most sensitive — features in SharePoint Online. Done right, it replaces emailing attachments forever. Done wrong, it creates security and compliance risks.
The four sharing levels
Microsoft provides four tenant-level sharing settings (most permissive to most restrictive):
| Level | Who can access |
|---|---|
| Anyone | Anyone with the link — no sign-in required |
| New and existing guests | External users who sign in with a Microsoft or work account |
| Existing guests only | Only people already in your Azure AD guest directory |
| Only people in your organisation | No external sharing at all |
Most organisations land on New and existing guests — external users must authenticate, but you can still share with partners and clients.
Sharing link types
When a user shares a file, they choose a link type:
- Anyone link — works for anyone, no sign-in (if tenant allows)
- People in your organisation — internal only
- Specific people — named individuals only, must sign in
- People with existing access — just copies the URL for people who already have access
Best practice: set the default sharing link to "Specific people" in the Admin Center so users must be intentional about who they share with.
Guest access controls
External guests are added to Azure Active Directory as guest accounts. You can:
- Set expiry on guest access (e.g. auto-expire after 90 days)
- Require guests to re-authenticate periodically
- Restrict guests from seeing the user directory
- Block guests from specific sites using site-level sharing settings
Try it today (5 minutes)
Open the SharePoint Admin Center → Policies → Sharing. Look at the tenant-level sharing setting. Then scroll down to see the default link type. Are these settings appropriate for your organisation’s risk appetite? Note down what you’d recommend changing and why — this is a real Product Owner exercise.
As a Product Owner
External sharing policy is a business decision, not just a technical one. You need to work with Legal, Compliance, and IT to define the right policy. Overly restrictive sharing frustrates users and pushes them to shadow IT (WhatsApp, personal Dropbox). Too permissive creates data leakage risk. Find the balance.
See you tomorrow at 6:00 AM with Tip #9 — Sensitivity Labels and Data Loss Prevention!