Requirement: Restrict External Sharing in SharePoint Online with in a specific Security Group.
How to Restrict External Sharing within a Security Group in SharePoint Online?
We wanted to restrict external sharing in our tenant to available only to specific users while preventing all others from sharing with external users. Here is how to limit external sharing to a specific security group in SharePoint Online:
- Login to SharePoint Online Admin Center >> Expand “Policies” and then click on the “Sharing” link in the left navigation.
- On the Sharing page, Expand “More external sharing settings” and Enable “Allow only users in specific security groups to share externally” checkbox and then click on the “Manage security groups” button.
- This will open a pane to enter the security group to allow users in those groups to share with external users.
- You can add the pre-created security group in the “Add a security group”. You’ll also get sharing with “Anyone” or “Authenticated guests only” options under “Can share with” when the external sharing settings is “Anyone”. Otherwise, you’ll get only “Authenticated guests only”.
Limit External Sharing to Specific Group from Classic Sharing Page
In classic external sharing settings page (https://<tenant>-admin.sharepoint.com/_layouts/15/online/ExternalSharing.aspx), we’ve same options that lets us to control who can share anonymous links outside your organization (when you enable anonymous access by setting: “Allow sharing to authenticated external users and using anonymous access links”) and who can share with external authenticated users.
- Let only users in selected security groups share with authenticated external users
- Let only users in selected security groups share with authenticated external users and using anonymous links