This article describes how global and SharePoint admins in Microsoft 365 can change their organization-level sharing settings for Microsoft SharePoint and Microsoft OneDrive. (If you want to share a file or folder, read Share SharePoint files or folders or Share OneDrive files and folders.)
For end-to-end guidance around how to configure guest sharing in Microsoft 365, see:
- Collaborate with guests on a document
- Collaborate with guests in a site
- Collaborate with guests in a team
To change the sharing settings for a site after you've set the organization-level sharing settings, see Turn external sharing on or off for for a site. To learn how to change the external sharing setting for a user's OneDrive, see Change the external sharing setting for a user's OneDrive.
Change the organization-level external sharing setting
Under External sharing, specify your sharing level for SharePoint and OneDrive. The default level for both is "Anyone."
This setting is for your organization overall. Each site has its own sharing setting which you can set independently, though it must be at the same or more restrictive setting as the organization. See Change the external sharing setting for a site for more information.
Which option to select...
More external sharing settings
Limit external sharing by domain
This is useful if you want to limit sharing with particular partners, or help prevent sharing with people at certain organizations. The organization-level setting on this page affects all SharePoint sites and each user's OneDrive. To use this setting, list the domains (maximum of 3000) in the box, using the format domain.com. To list multiple domains, press Enter after adding each domain.
You can also limit external sharing by domain by using the Set-SPOTenant Microsoft PowerShell cmdlet with -SharingDomainRestrictionMode and either -SharingAllowedDomainList or -SharingBlockedDomainList. For info about limiting external sharing by domain at the site level, see Restricted domains sharing.
Allow only users in specific security groups to share externally
For info about this setting, see Manage security groups.
Guests must sign in using the same account to which sharing invitations are sent
By default, guests can receive an invitation at one account but sign in with a different account. After they redeem the invitation, it can't be used with any other account.
Allow guests to share items they don't own
By default, guests must have full control permission to share items externally.
People who use a verification code must reauthenticate after this many days
If people who use a verification code have selected to "stay signed in" in the browser, they must prove they can still access the account they used to redeem the sharing invitation.
File and folder links
Choose the option you want to show by default when a user gets a link.
Specific people - This option is most restrictive and impedes broad internal sharing. If you allow external sharing, this option lets users share with specific people outside the organization.
Only people in your organization - If links are forwarded, they'll work for anyone in the organization. This option is best if your organization shares broadly internally and rarely shares externally.
Anyone with the link - This option is available only if your external sharing setting is set to "Anyone." Forwarded links work internally or externally, but you can't track who has access to shared items or who has accessed shared items. This is best for friction-free sharing if most files and folders in SharePoint and OneDrive aren't sensitive.
Advanced settings for "Anyone" links
Link expiration - You can require all "Anyone" links to expire, and specify the maximum number of days allowed
Link permissions - You can restrict "Anyone" links so that they can only provide view permission for files or folders.
If you are using file requests, the link permissions must be set for View and edit for files and View, edit, and upload for folders.
Display to owners the names of people who viewed their files
This setting lets you control whether the owner of a shared file can see on the file card the people who only view (and don't edit) the file in OneDrive. The file card appears when users hover over a file name or thumbnail in OneDrive. The info includes the number of views on the file, the number of people who viewed it, and the list of people who viewed it. To learn more about the file card, see See files you shared in OneDrive.
Let site owners choose to display the names of people who viewed files or pages in SharePoint
This setting lets you specify whether site owners can allow users who have access to a file, page, or news post to see on the file card who has viewed the item.
This setting is turned on by default at the organization level and off at the site level for existing sites. Viewer information is shown only when the setting is on at both the organization and site level. We recommend that site owners turn on this feature only on team sites that don't have sensitive information. Learn how site owners can turn on this feature.