How to Enable External Sharing in SharePoint Online?
Requirement: Enable external sharing in SharePoint Online using PowerShell.
How to Enable External Sharing in SharePoint Online?
SharePoint Online allows you to collaboratively share your content with external users such as vendors, clients, customers, consultants, etc. To enable external sharing, you should turn on external sharing both on the tenant level and at the site collection level, either from the Admin center or with PowerShell. In this article, we’ll show you how to enable external sharing in SharePoint Online so that you can share your documents and files with people outside your organization:
External Sharing settings in SharePoint Online offer the below options:
- Only people in your organization – Disable external sharing!
- Existing guests – Allow sharing only with the external users who already exist in your organization’s directory.
- New and existing guests – Allow external users who accept sharing invitations and sign in as authenticated users (Microsoft account or school account/work account to access shared item).
- Anyone – Allow sharing with all external users, including anonymous access links.
Step 1: Enable External Sharing at the Tenant
To turn on external sharing in SharePoint Online tenant, follow these steps:
- Log in as a Global Administrator or SharePoint Administrator and Open SharePoint Online Admin Center (Typically at: https://<tenant>
-admin.sharepoint.com ) - Click on Policies >> Sharing in the left navigation
- Under “External sharing” settings, set the sharing option to “New and existing guests” for better security. You can select any appropriate organization-level sharing settings for SharePoint and Microsoft OneDrive.
- Click on the “OK” button at the bottom to save your changes.
That’s all! External Sharing is now turned on. There are additional settings on the Sharing page under “More external sharing settings,” such as, Limit external sharing using domains, External users must accept sharing invitations using the same account that the invitations were sent to, etc., We also have “File and Folder links” self-explanatory settings. E.g., Sharing links settings default to “Specific People”, Expiration time for “Anyone” links, default link type, etc.
We can allow external sharing in SharePoint Online using PowerShell as well. Here is how to configure sharing capabilities in SharePoint Online using PowerShell:
SharePoint Online: How to Enable External Sharing using PowerShell?
For collaboration with people outside your organization, you need to share your documents and contents externally. How do I enable external sharing in SharePoint Online with PowerShell? To enable external sharing in SharePoint Online, use the below PowerShell script:
#Set Admin Center URL
$AdminCenterURL = "https://crescent-admin.sharepoint.com/"
#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)
#sharepoint online enable external sharing powershell
Set-SPOTenant -SharingCapability ExternalUserSharingOnly # Disabled, ExistingExternalUserSharingOnly, ExternalUserSharingOnly, ExternalUserAndGuestSharing (Anonymous sharing)
The PnP PowerShell version of the above script would be:
#Parameters
$TenantAdminURL = "https://crescent-admin.sharepoint.com"
#Connect to Tenant Admin Site
Connect-PnPOnline -url $TenantAdminURL -Interactive
#Enable External Sharing for the Tenant to - Anyone - Anonymous users
Set-PnPTenant -SharingCapability ExternalUserAndGuestSharing
Allow External Sharing in SharePoint Online using PowerShell
You can also enable external sharing settings at the tenant level. Here is how to turn ON external sharing in SharePoint Online using PowerShell:
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.Runtime.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"
#Variables for processing
$AdminCenterURL="https://crescent-admin.sharepoint.com"
$SharingCapability="ExternalUserSharingOnly" # Disabled, ExistingExternalUserSharingOnly, ExternalUserSharingOnly, ExternalUserAndGuestSharing
#Get Credentials to connect
$Cred = Get-Credential
#Setup the Context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($AdminSiteURL)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
#Get the tenant object
$Tenant = New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
#Set Sharing capability of the tenant
$Tenant.SharingCapability= [Microsoft.Online.SharePoint.TenantManagement.SharingCapabilities]::$SharingCapability
$Ctx.ExecuteQuery()
Write-host "Sharing Settings updated!"
Let us set External Sharing to allow guest users and anonymous links:
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.Runtime.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"
#Parameters
$AdminSiteURL="https://crescent-admin.sharepoint.com"
$SharingCapability="ExternalUserAndGuestSharing" #File and folder links
$DaysToExpire = 7 #Expiration number of days for shared files
$LinkType="View" #Edit, View or None
$FolderLinkType="Edit" # View or Edit or None
#Get Credentials to connect
$Cred= Get-Credential
Try {
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($AdminSiteURL)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
#Get the Tenant
$Tenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$Ctx.Load($Tenant)
$Ctx.ExecuteQuery()
#Set Tenant Sharing Settings
$Tenant.SharingCapability= [Microsoft.Online.SharePoint.TenantManagement.SharingCapabilities]::$SharingCapability
$Tenant.RequireAnonymousLinksExpireInDays= $DaysToExpire
$Tenant.FileAnonymousLinkType=[Microsoft.SharePoint.Client.AnonymousLinkType]::$LinkType
$Tenant.FolderAnonymousLinkType=[Microsoft.SharePoint.Client.AnonymousLinkType]$FolderLinkType
$Ctx.ExecuteQuery()
Write-host "Tenant Sharing Settings Updated Successfully!'" -f Green
}
Catch {
write-host -f Red "Error:" $_.Exception.Message
}
This results following settings in the SharePoint Online tenant.
Step 2: Enable External Sharing in SharePoint Online Site Collection
Turning ON External sharing at the tenant level doesn’t automatically turn ON Sharing capabilities at all underlying site collections! We need to enable sharing at each SharePoint Online site collection. You can set the sharing settings for any site collection from the SharePoint Admin Center. To allow external sharing at the site collection level using the new SharePoint Online admin center, follow these steps:
- Go to SharePoint Online Admin Center >> Click on Sites >> Active sites >> Select the desired Site collection from the list.
- Click on the “Sharing” button >> Set the sharing settings appropriately, such as “New and existing external users”. Click on “Save” to commit your changes.
Please note that the site collection’s sharing level must be equivalent to or less permissive than your organization-level settings! E.g., If you set the tenant level settings as “Existing external users”, then the SharePoint setting can be applied to “Existing external users” or below.
Allow External Sharing in SharePoint Online Site Collection using PowerShell
To activate external sharing for the SharePoint Online site level, use this PowerShell script.
#Variables for Admin Center & Site Collection URL
$AdminCenterURL = "https://crescent-admin.sharepoint.com/"
$SiteCollURL="https://crescent.sharepoint.com/Sites/Sales"
#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)
#Enable external sharing for the site collection
Set-SPOSite -Identity $SiteCollURL -SharingCapability ExternalUserSharingOnly
#Other Options: Disabled, ExistingExternalUserSharingOnly, ExternalUserSharingOnly, ExternalUserAndGuestSharing
Enable External Users in SharePoint Online using PnP PowerShell
To enable external sharing specific site collection in SharePoint Online, use this PnP PowerShell:
#Parameters
$TenantAdminURL = "https://crescent-admin.sharepoint.com"
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
#Connect to Tenant Admin Site
Connect-PnPOnline -url $TenantAdminURL -Interactive
#Enable External Sharing for Existing AD Users (Including Guest users!)
Set-PnPTenantSite -Url $SiteURL -SharingCapability ExistingExternalUserSharingOnly
This script turns on external sharing in SharePoint Online and sets the sharing option as the same as the above screenshot! Running this command will enable external user and guest sharing in an SPO site collection, and you can verify that in the Admin center.
Set External Sharing Settings for All sites in the Tenant
How about applying a specific external sharing setting on all site collections in the SharePoint Online tenant?
#Parameters
$AdminCenterURL="https://crescent-admin.sharepoint.com"
$ExternalSharingSetting = "ExternalUserAndGuestSharing" #Anyone
Try {
#Connect to Admin center
Connect-PnPOnline -URL $AdminCenterURL -Interactive
#Get all sites where the setting is different from the given parameter - Exclude Seach Center, Redirect sites, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bots
$SiteCollections = Get-PnPTenantSite | Where { $_.URL -like '*/sites*' -and $_.SharingCapability -ne $ExternalSharingSetting -and $_.Template -NotIn `
("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")}
#Loop through each site and enable external sharing
ForEach ($Site in $SiteCollections)
{
#Apply External sharing setting for the site
Set-PnPTenantSite -Url $Site.Url -SharingCapability $ExternalSharingSetting
Write-host "External sharing Setting updated for:" $Site.URL -f Green
}
}
Catch {
Write-host -f Red "Error:" $_.Exception.Message
}
To get the list of all SharePoint Online Sites where sharing capability has been enabled:
Get-SPOSite | Where {$_.SharingCapability -ne "Disabled"}
Here is another post to disable external sharing: SharePoint Online: PowerShell to Disable External Sharing
Enable the “Everyone except external users” claim, and then you can add everyone except external users to SharePoint Online.
More info: Grant Access to everyone except external users Group in SharePoint Online
You can remove external users from the SharePoint Online site using the PowerShell cmdlet Remove-SPOExternalUser.
More info: Remove external user from SharePoint Online
Assuming external sharing is enabled, follow these steps to provide access to an external user on a SharePoint site: Login to your SharePoint Online site >> Click on the “Share” button from the top-right section of the page. Enter the Emails of External users, make sure the “Send Email” checkbox is ticked, and click on the “Share” button at the bottom.
More info: Grant access to external users in SharePoint Online
To enable external sharing for OneDrive: On the SharePoint Admin center, expand “Policies” and then click on the “Sharing” link in the left navigation. Under the “External sharing”, set the configuration to anything other than “Only people in your organization”.
More info: Enable external sharing in OneDrive for Business using PowerShell
