SharePoint Online: Restrict External Sharing to a Security Group
Requirement: Restrict External Sharing in SharePoint Online within a specific Security Group.
How to Restrict External Sharing within a Security Group in SharePoint Online?
We wanted to restrict external sharing in our tenant to be available only to specific users, while preventing all others from sharing with external users. Here is how to limit external sharing to a specific security group in SharePoint Online:
- Login to SharePoint Online Admin Center >> Expand “Policies” and then click on the “Sharing” link in the left navigation.
- On the Sharing page, expand “More external sharing settings” and Enable the “Allow only users in specific security groups to share externally” checkbox, and then click on the “Manage security groups” button.
- This will open a pane to enter the security group to allow users in those groups to share with external users.
- You can add the pre-created security group in the “Add a security group”. You’ll also get sharing with “Anyone” or “Authenticated guests only” options under “Can share with” when the external sharing settings is “Anyone”. Otherwise, you’ll get only “Authenticated guests only”.
Limit External Sharing to Specific Group from Classic Sharing Page
In the classic external sharing settings page (https://<tenant>-admin.sharepoint.com/_layouts/15/online/ExternalSharing.aspx), we have the same options that let us control who can share anonymous links outside your organization (when you enable anonymous access by setting: “Allow sharing to authenticated external users and using anonymous access links”) and who can share with externally authenticated users.
- Let only users in selected security groups share with authenticated external users
- Let only users in selected security groups share with authenticated external users and using anonymous links
In case, you want to turn off external sharing altogether, use: How to Disable External Sharing in Sharepoint Online?
One thought on “SharePoint Online: Restrict External Sharing to a Security Group”
Only a mail-enabled security group can be used for this feature.