0365 External Sharing Tips to Keep Your Content Secure

At some point, most organizations run into scenarios that require sharing content with users outside the organization. Perhaps you need to share a PowerPoint presentation with a vendor, co-collaborate on an excel document with a partner, or share a pdf with a client. In the past—and in many unfortunate cases, today—we would share these files as attachments via email, or transfer the file to some external, unsupported sharing service. 

While there are limited cases where these options may be the right choice, more often than not, it causes many issues. Once you email a file or use a one-off file sharing service, you’ve lost control. You can no longer control the version, you cannot grant granular permissions access (i.e., view only, edit, etc.), and you can often run into file size issues thwarting your email’s delivery.  

How should we securely, confidently, and easily externally share files? SharePoint has you covered. 

External sharing in SharePoint allows you to securely share content with people outside your organization at a very granular level, ensuring your private data stays private while allowing you to share when necessary. SharePoint allows for very sophisticated external sharing; let’s break down some of the high-level options.  

External sharing at its core is controlled at the site level, and the organization can control whether that specific site collection, site, or team is allowed to offer external sharing.  

Once you have enabled external sharing, you can then granularly control what kind of sharing is allowed for that particular item. SharePoint offers 4 different options: 


  1. Anyone with this link (if your organization has not enabled external sharing this option will not be available) 
      • This link grants access anonymously to anyone with the link. This means you cannot verify the identity of those using this link. However, Microsoft does record their IP address, and this is recorded in audit logs.  
  2. People in your organization with the link
      • As the title suggests, anyone with access to the same Office365 tenant with this link is granted access.  
  3. People with existing access 
      • This link provides access to those who already have access to that file, folder, document, etc. This is the option we use most when sharing internally as we’ve already vetted who has access at that level, reducing the margin of error. 
  4. Specific people 
      • Here is where external sharing is best suited. Selecting this allows you to share with specific users’ emails, including guest users.  

You can also individually control whether the users have editing permissions or view only, set an expiration date for your link, and/or block downloads.  

Okay, I’ve shared a folder or a file, some time has passed, and I can’t remember who I granted access! What do I do now?  Have no fear, SharePoint makes it very easy to see who currently has access to your content. Simply click on ‘manage access’ to see which specific links are granting access, as well as who has direct access to your item.  

Recommendations from our experience:  

Note: External sharing is turned on by default for your entire SharePoint Online environment and the sites in it. You may want to turn it off globally until you know exactly how you want to use the feature and have proper plans in place. We highly recommend setting clear governance so your users understand what external sharing options are available to them. Next, ensure your team is properly trained and understands what sharing means and when to use which option. Be sure to set up regularly scheduled audits to review what is being shared. Finally, as an end-user we highly recommend two things: 

  1. Opt for sharing with “Specific people” over “Anyone with this link” (AKA anonymous link)  whenever possible. This requires they authenticate and verify who they are before being granted access. 
  2. Set an expiration date on all external shareable links. By default SharePoint expires links after 30 days, but you can set a custom date.  

Want to learn more? Check out more from Microsoft on external sharing.  

Would you like to enable external sharing or update your governance, but need assistance? A PixelMill Office365 expert would love to chat with you today!  

Leave a Comment

Your email address will not be published. Required fields are marked *

Enter Code *

Filed Under


In this session:

- #OKR fundamentals, including how to write an effective #OKR
- How to champion an #OKR program
- What #VivaGoals is & how it can help your #OKR program thrive
- How to install & get #VivaGoals running in your workspace today!


"True cybersecurity is preparing for what's next, not what was last." -Neil Rerup, Cybersecurity Expert. Start your cybersecurity journey today by ensuring multifactor authentication is enabled.


Subscribe to PixelMill's

* indicates required

Let's Talk Digital
Workspaces Today

Get In Touch