How to Enable External Sharing in SharePoint Online?
Requirement: Enable external sharing in SharePoint Online using PowerShell
How to Enable External Sharing in SharePoint Online?
SharePoint Online allows you to collaboratively share your content with external users such as vendors, clients, customers, etc. To enable external sharing, you should turn on external sharing both on the tenant level and at the site collection level. External Sharing settings in SharePoint Online offers the below options:
- Don’t allow sharing outside your organization – disable external sharing!
- Allow sharing only with the external users that already exist in your organization’s directory.
- Allow external users who accept sharing invitations and sign in as authenticated users.
- Allow sharing with all external users, and by using anonymous access links.
To turn on external sharing in SharePoint online, follow these steps:
- Open SharePoint Online Admin Center (Typically: https://<tenant>
-admin.sharepoint.com ) - Click on “Sharing” from left navigation.
- Under “Sharing outside your organization”, set the sharing option to “Allow users to invite and share with authenticated external users” for better security.
- Click on “OK” button in the bottom to save your changes.
That’s all! External Sharing is now turned on. There are additional settings in Sharing page such as: Default link type, Limit external sharing using domains, External users must accept sharing invitations using the same account that the invitations were sent to, etc which are self-explanatory. This configuration has been moved under Policies >> Sharing in modern admin center!
We can allow external sharing in SharePoint online using PowerShell as well. Here is how to configure sharing capabilities in SharePoint Online using PowerShell:
SharePoint Online: How to Enable External Sharing using PowerShell?
To enable external sharing in SharePoint Online using PowerShell, use the below script:
#Set Admin Center URL
$AdminCenterURL = "https://crescent-admin.sharepoint.com/"
#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)
#sharepoint online enable external sharing powershell
Set-SPOTenant -SharingCapability ExternalUserSharingOnly # Disabled, ExistingExternalUserSharingOnly, ExternalUserSharingOnly, ExternalUserAndGuestSharing
Allow External Sharing in SharePoint Online using PowerShell
You can also enable external sharing settings at the tenant level. Here is how to turn ON external sharing in SharePoint Online using PowerShell:
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.Runtime.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"
#Variables for processing
$AdminCenterURL="https://crescent-admin.sharepoint.com"
$SharingCapability="ExternalUserSharingOnly" # Disabled, ExistingExternalUserSharingOnly, ExternalUserSharingOnly, ExternalUserAndGuestSharing
#Get Credentials to connect
$Cred = Get-Credential
#Setup the Context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($AdminSiteURL)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
#Get the tenant object
$Tenant = New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
#Set Sharing capability of the tenant
$Tenant.SharingCapability= [Microsoft.Online.SharePoint.TenantManagement.SharingCapabilities]::$SharingCapability
$Ctx.ExecuteQuery()
Write-host "Sharing Settings updated!"
Lets set External Sharing to allow guest users and anonymous links:
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.Runtime.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"
#Parameters
$AdminSiteURL="https://crescent-admin.sharepoint.com"
$SharingCapability="ExternalUserAndGuestSharing"
$DaysToExpire = 7
$LinkType="View" #Edit, View or None
$FolderLinkType="Edit" # View or Edit or None
#Get Credentials to connect
$Cred= Get-Credential
Try {
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($AdminSiteURL)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
#Get the Tenant
$Tenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
$Ctx.Load($Tenant)
$Ctx.ExecuteQuery()
#Set Tenant Sharing Settings
$Tenant.SharingCapability= [Microsoft.Online.SharePoint.TenantManagement.SharingCapabilities]::$SharingCapability
$Tenant.RequireAnonymousLinksExpireInDays= $DaysToExpire
$Tenant.FileAnonymousLinkType=[Microsoft.SharePoint.Client.AnonymousLinkType]::$LinkType
$Tenant.FolderAnonymousLinkType=[Microsoft.SharePoint.Client.AnonymousLinkType]$FolderLinkType
$Ctx.ExecuteQuery()
Write-host "Tenant Sharing Settings Updated Successfully!'" -f Green
}
Catch {
write-host -f Red "Error:" $_.Exception.Message
}
This results following settings in SharePoint Online tenant.
Enable External Sharing in SharePoint Online Site Collection
Turning ON External sharing at the tenant level doesn’t automatically turns ON Sharing capabilities at all underlying site collections! We need to enable sharing at each individual SharePoint Online site collection. From the SharePoint Admin Center, You can set the sharing settings for any site collection. To enable external sharing at the site collection level using the new SharePoint Online admin center, follow these steps:
- Go to SharePoint Online Admin Center >> Select the desired Site collection from the list
- Click on “Sharing” button >> Set the sharing settings appropriately, such as “New and existing external users”. Click on “Save” to commit your changes.
Please note, the site collection’s sharing setting must be less permissive than your tenant settings!
Allow External Sharing in SharePoint Online Site Collection using PowerShell:
To activate external sharing for SharePoint Online site collection, use this PowerShell script.
#Variables for Admin Center & Site Collection URL
$AdminCenterURL = "https://crescent-admin.sharepoint.com/"
$SiteCollURL="https://crescent.sharepoint.com/Sites/Sales"
#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)
#Enable external sharing for the site collection
Set-SPOSite -Identity $SiteCollURL -SharingCapability ExternalUserSharingOnly
#Other Options: Disabled, ExistingExternalUserSharingOnly, ExternalUserSharingOnly, ExternalUserAndGuestSharing
Enable External Users in SharePoint Online using PnP PowerShell
To enable external sharing in SharePoint Online site collection, use this PnP PowerShell
#Parameters
$TenantAdminURL = "https://crescent-admin.sharepoint.com"
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
#Connect to Tenant Admin Site
Connect-PnPOnline -url $TenantAdminURL -UseWebLogin
#Enable External Sharing for Existing AD Users (Including Guest users!)
Set-PnPTenantSite -Url $SiteURL -Sharing ExistingExternalUserSharingOnly
This script turns on external sharing in SharePoint Online and sets the sharing option as same as the above screenshot! Running this command will enable external user and guest sharing in a SPO site collection and you can verify that in the 1st screenshot in this article. To get the list of all SharePoint Online Sites where sharing capability has been enabled:
Get-SPOSite | Where {$_.SharingCapability -ne "Disabled"}
Here is my another post to disable external sharing: SharePoint Online: PowerShell to Disable External Sharing
