Requirement: Limit SharePoint Online external sharing using domains.
How to limit external sharing by domain in SharePoint Online?
External Sharing in SharePoint Online allows you to share artifacts such as site, list or library, document with users outside your organization such as partners and consultants. How do we restrict external sharing only to specific partner’s known domains? Well, External sharing can be limited with a list of domains in SharePoint Online. We can either allow sharing only to these domains or block sharing only to given domains.
- Login to SharePoint Online Admin Center >> Expand “Policies” and then click on the “Sharing” link in the left navigation.
- In the Sharing page, Under More external sharing settings, enable the “Limit external sharing by domain” checkbox and then click on the “Add domains” button.
- Now, in the Add domains panel, you can either allow specific domains or block specific domains. I’ve selected “Allow only specific domains” and then entered the list of allowed domains.
- Hit the save button once you are done. These settings affect all SharePoint Online and OneDrive for Business site collections.
Please note, You can add up to 60 domains only!
Restrict SharePoint Online External Sharing by Domain using PowerShell:
We can use PowerShell to Allow or Block external sharing per domain. Here is how to whitelist certain domains in external sharing.
#Parameters $TenantAdminURL = "https://crescent-admin.sharepoint.com" #Connect to Admin Center Connect-SPOService -Url $TenantAdminURL -Credential (Get-Credential) #Space delimited list of allowed Domains Set-SPOTenant -SharingDomainRestrictionMode "AllowList" -SharingAllowedDomainList "crescent.com crescenttech.com"
Similarly, you can configure external sharing deny list to block specific domains to prevent sharing with people at certain organizations,
Set-SPOTenant -SharingDomainRestrictionMode "BlockList" -SharingBlockedDomainList "crescentpartner.com crescentextranet.com"
Next time, when a user tries to share content, Sharing with a domain not in the Allowed list won’t not let them to continue!
Limit External sharing by domains at Site Collection Level:
In addition to the tenant level external sharing settings that are configured in the SharePoint Admin center, you can also further restrict sharing settings on individual SharePoint sites. External sharing settings configured at site collection settings can override tenant-level settings (However, site collection settings can’t be more permissive than tenant-level settings).
- In the SharePoint Admin center, Click on “Active sites” from the left navigation
- Select your site collection in question >> Click on the “Sharing” button in the toolbar
- In the Sharing panel, Enable “Limit sharing by domain” and then click on “Add Domains”
PowerShell to Limit External Sharing by Domain in SharePoint Online:
External sharing settings are controlled at both the tenant level and at site collection levels. We can set allowed domains at site collection level as well using Set-SPOSite PowerShell cmdlet. In fact, for OneDrive for Business site collections, only PowerShell can be used for these settings. Just specify the domains list space separated!
#Parameters $TenantAdminURL = "https://crescent-admin.sharepoint.com" $SiteURL = "https://crescent.sharepoint.com/sites/hr" #Connect to Admin Center Connect-SPOService -Url $TenantAdminURL -Credential (Get-Credential) #Space delimited list of allowed Domains Set-SPOSite -Identity $SiteURL -SharingDomainRestrictionMode "AllowList" -SharingAllowedDomainList "crescent.com crescenttech.com"
Similarly, you can block certain domain at specific site collection using:
Set-SPOSite -Identity $SiteURL -SharingDomainRestrictionMode "BlockList" -SharingBlockedDomainList "crescentpartner.com crescentextranet.com"
Please note, These settings will not apply when users share files and folders using “Anyone” links (anonymous sharing scenarios)! Also, if there is a conflict between tenant and site collection, then tenant settings take precedence. Here is the Microsoft documentation: https://docs.microsoft.com/en-us/sharepoint/restricted-domains-sharing