OneDrive is a cloud storage service primarily intended for personal use within the Microsoft 365 suite. The choice to permit or restrict OneDrive content from being shared with external users is ultimately up to each organization. However, misconfigurations can expose your data to potential risks. Therefore, it’s essential to clearly understand each external sharing setting available in Microsoft OneDrive.
Let’s explore the available options and determine what works best for your organization.
External Sharing in Microsoft OneDrive
External sharing settings in OneDrive control how users can share their OneDrive content with external collaborators. These settings can be configured at both the tenant level and the individual OneDrive site level.
Tenant-Level External Sharing Settings for Microsoft OneDrive:
Below are the four options available in the SPO admin center for effectively managing external sharing settings.
- Anyone: Content can be shared with anyone inside or outside the organization without requiring authentication or a Microsoft 365 account. This is the default setting for external sharing.
- New and Existing Guests: People who receive an invitation need to sign in with their work, school, or Microsoft account or use a verification code to access the shared content. They will be added as guest users in the directory.
- Existing Guests: Content can be shared only with people already added to the organization’s directory.
- Only People in Your Organization: Content can only be shared internally, with no external sharing allowed.
External Sharing Settings Available for Individual OneDrive Sites:
The OneDrive site-level settings offer the same functionality as the above options but are labeled differently.
- Allow sharing with authenticated guest users with invitations (Share with New and Existing Guests).
- Allow sharing with anonymous guest links and unauthenticated users (Share with Anyone).
- Only allow sharing with existing guest users in the directory (Share with Only Existing Guests).
You can configure any of these options based on your needs, but it’s essential to understand the dependencies.
Dependencies and Restrictions in Configuring External Sharing for OneDrive
- OneDrive’s external sharing settings cannot be more permissive than SharePoint’s external sharing settings. For instance, to allow all users to share OneDrive content externally, SharePoint’s setting must also be “Anyone.” If SharePoint is set to “New and Existing Guests,” OneDrive can only be configured to “Existing Guests,” “New and Existing Guests,” or “Only People in Your Organization.” It cannot be set to “Anyone.”
- You can configure different external sharing settings for individual OneDrive accounts. However, if external sharing is blocked at the tenant level, these settings cannot be enabled or adjusted at the OneDrive level.
How to Configure External Sharing Settings in OneDrive ?
To manage external sharing for OneDrive users, you can use both the SPO admin center and PowerShell. Let’s see all the methods here.
Method 1: Manage external sharing for OneDrive using the admin center.
- A) Set external sharing for all OneDrive users.
- B) Enable external sharing for specific OneDrive users.
Roles needed: Global or SharePoint administrator.
Method 2: Configure external sharing for OneDrive users using PowerShell.
- C) Configure organization-level OneDrive external sharing settings.
- D) Allow a single OneDrive user to share links outside the organization.
Roles Needed: SharePoint Online administrator and site collection administrator.
A) Set External Sharing for All OneDrive Users in SharePoint Admin Center
Follow the below navigation to configure external sharing for all Microsoft OneDrive users in an organization.
- Open the Sharing option in the SharePoint admin center and sign in with your admin account.
- You can adjust the indicator by placing it on the external sharing option you need.
B) Configure OneDrive-Level External Sharing Setting
Admins can follow the below steps to manage external sharing for specific user’s OneDrive.
- Sign in to the Microsoft 365 admin center.
- Navigate to the Users section and click on “Active users”.
- Select the respective user and click on the “OneDrive” tab.
- Now, click the “Manage external sharing” link under the Sharing section.
- Choose the ‘Let people outside your organization access your site’ option and configure the other external sharing settings as needed. You can uncheck the above option to restrict external sharing for the selected user.
- Finally, click “Save”.
C) Enable External Sharing for All Users’ OneDrive Using PowerShell
Open Microsoft Windows PowerShell and connect to the SharePoint Online PowerShell module.
Use the below PowerShell cmdlet to manage external sharing for all Microsoft OneDrive users.
1 |
Set-SPOSite -Identity <OneDriveHostSiteURL> -SharingCapability ExternalUserAndGuestSharing |
You can configure the other options for the Sharing capability parameter,
such as, Disabled, ExistingUserSharingOnly, or ExistingExternalUserSharingOnly.
Also, you need to replace the Identity parameter with the OneDrive host site URL. The format of OneDrive host site URL: https://<Domain>-my.sharepoint.com.
D) Manage External Sharing Settings for a Specific OneDrive Site Using PowerShell
Use the below SharePoint PowerShell cmdlet to change the external sharing setting for a user’s OneDrive.
1 |
Set-SPOSite -Identity <OneDriveSiteURL> -SharingCapability ExternalUserAndGuestSharing |
For the Sharing Capability parameter, you can use options like Disabled, ExistingUserSharingOnly, or ExistingExternalUserSharingOnly.
Also, you need to replace the Identity parameter with the respective user’s OneDrive site URL. You can find a user’s OneDrive for Business site URL using the Microsoft 365 admin center.
When to Choose What?
- If your organization does not collaborate with external users: You can set sharing to “Only people in the organization” without hesitation to restrict external sharing for OneDrive users.
- If your organization frequently collaborates with external users: It is advised to set tenant-wide settings to “Existing guests,” as this option is safer than “Anyone.” However, as an admin, you also need to monitor external file sharing in OneDrive to avoid external threats.
- If you need specific users to collaborate with external users: Configure Microsoft OneDrive external sharing individually. But make sure to audit external users’ file access frequently.
Now, it’s up to you! Decide and configure the right external sharing setting for OneDrive. Not only OneDrive, but it’s also equally important to configure and restrict sharing settings for SharePoint sites to ensure both security and collaboration. Furthermore, you can reach us for queries at any time via the comments section. We are glad to help!