SharePoint Online: How to Limit External Sharing by Domain?

Requirement: Limit SharePoint Online external sharing using domains.

How to limit external sharing by domain in SharePoint Online?
External Sharing in SharePoint Online allows you to share artifacts such as site, list or library, document with users outside your organization such as partners and consultants. How do we restrict external sharing only to specific partner's known domains? Well, External sharing can be limited with a list of domains in SharePoint Online. We can either allow sharing only to these domains or block sharing only to given domains.
  • Login to SharePoint Online Admin Center >> Expand "Policies" and then click on the "Sharing" link in the left navigation.
  • In the Sharing page, Under More external sharing settings, Enable "Limit external sharing by domain" checkbox and then click on the "Add domains" button.
    sharepoint online limit external sharing using domains
  • Now, in the Add domains panel, you can either allow specific domains or block specific domains. I've selected to "Allow only specific domains" and then entered list of allowed domains. sharepoint online external sharing by domain
  • Hit the save button once you are done. These settings affect all SharePoint Online and OneDrive for Business site collections.
Make sure the tenant sharing settings are not set to "Only people in your organization" - which means external sharing is disabled!
Please note, You can add up to 60 domains only!

Restrict SharePoint Online External Sharing by Domain using PowerShell:
We can use PowerShell to Allow or Block external sharing per domain.  Here is how to whitelist certain domains in external sharing.
$TenantAdminURL = ""

#Connect to Admin Center
Connect-SPOService -Url $TenantAdminURL -Credential (Get-Credential)

#Space delimited list of allowed Domains
Set-SPOTenant -SharingDomainRestrictionMode "AllowList" -SharingAllowedDomainList ""
Similarly, you can configure external sharing deny list to block specific domains to prevent sharing with people at certain organizations,
Set-SPOTenant -SharingDomainRestrictionMode "BlockList" -SharingBlockedDomainList ""
Next time, when a user tries to share content, Sharing with a domain not in the Allowed list won't not let them to continue!
Your organization doesn't allow sharing with users from this domain. Please contact your IT department for help

Limit External sharing by domains at Site Collection Level:
In addition to the tenant level external sharing settings that are configured in the SharePoint Admin center, you can also further restrict sharing settings on individual SharePoint sites. External sharing settings configured at site collection settings can override tenant-level settings (However, site collection settings can't be more permissive than tenant-level settings).
  • In the SharePoint Admin center, Click on "Active sites" from the left navigation
  • Select your site collection in question >> Click on "Sharing" button in the toolbar
  • In the Sharing panel, Enable "Limit sharing by domain" and then click on "Add Domains"
    sharepoint online external sharing whitelist

PowerShell to Limit External Sharing by Domain in SharePoint Online:
External sharing settings are controlled at both the tenant level and at site collection levels. We can set allowed domains at site collection level as well using Set-SPOSite PowerShell cmdlet. In fact, for OneDrive for Business site collections, only PowerShell can be used for these settings. Just specify the domains list space separated!
$TenantAdminURL = ""
$SiteURL = ""

#Connect to Admin Center
Connect-SPOService -Url $TenantAdminURL -Credential (Get-Credential)

#Space delimited list of allowed Domains
Set-SPOSite -Identity $SiteURL -SharingDomainRestrictionMode "AllowList" -SharingAllowedDomainList ""

Similarly, you can block certain domain at specific site collection using:
Set-SPOSite -Identity $SiteURL -SharingDomainRestrictionMode "BlockList" -SharingBlockedDomainList ""
Please note, These settings will not apply when users share files and folders using "Anyone" links (anonymous sharing scenarios)! Also, if there is a conflict between tenant and site collection, then tenant settings take precedence. Here is the Microsoft documentation:

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.