Tutorial / Cram Notes
OneDrive for Business allows users to share files and folders with people outside the organization. External sharing is either based on an anonymous access link, which doesn't require sign-in, or on a secure link that requires the recipient to sign in with a Microsoft account or a work or school account associated with Office 365 or Azure Active Directory.
There are several external sharing options:
- Anyone: Users can share items with anyone by sending a link that allows access without needing to sign in.
- New and existing guests: Users can share with guests who have already signed in before or will sign in as a part of the sharing process.
- Existing guests only: Limits sharing to guests who have previously signed in.
- Only people in your organization: External sharing is disabled.
Managing External File Sharing Settings
SharePoint Admin Center
As OneDrive for Business is closely integrated with SharePoint Online, the primary place to manage external sharing settings is the SharePoint admin center. To modify these settings for OneDrive users:
- Navigate to the SharePoint admin center.
- Click on ‘Policies’, then select ‘Sharing’.
- Under the ‘File and folder links’ section, choose the type of link that can be used for sharing.
- Under the ‘External sharing’ section, select the level of external sharing you want to allow.
- Click ‘Save’ to apply changes.
PowerShell
Alternatively, administrators can use PowerShell to manage external sharing settings by using the SharePoint Online Management Shell.
To view current OneDrive sharing settings:
Get-SPOTenant | Select SharingCapability, OneDriveForGuestSharingCapability
To set OneDrive sharing settings:
Set-SPOTenant -SharingCapability [SharingOption]
Set-SPOTenant -OneDriveForGuestSharingCapability [SharingOption]
Replace [SharingOption] with the appropriate sharing level (Disabled, ExistingExternalUserSharingOnly, ExternalUserSharingOnly, or ExternalUserAndGuestSharing).
Examples of Configuring External Sharing
Example 1: Enabling Sharing with New and Existing Guests
In the SharePoint admin center:
- Under 'External sharing', select ‘New and existing guests’.
- Make sure ‘Allow guests to share items they don’t own’ is checked, if that is required by your organization’s policy.
Example 2: Disabling Any Anonymous Access
Using PowerShell:
Set-SPOTenant -SharingCapability Disabled
Security Considerations
When external sharing is enabled:
- Audit logging: Ensure that audit logging is enabled to track sharing activities.
- Limit sharing by domain: You can restrict sharing to certain domains by allowing or blocking specific domains.
- Secure default links: Configure default sharing links to ‘Specific people’ to ensure that files are not shared more widely than necessary.
- Access reviews: Periodically review external sharing permissions and validate that external access is still required for shared content.
Conclusion
Controlling external file sharing in OneDrive is essential for any organization using Microsoft Teams to ensure sensitive information remains secure while also facilitating collaboration. By using the SharePoint admin center and PowerShell commands effectively, administrators can set appropriate sharing levels and monitor external access to the organization's data. It is a key competency for those preparing for the MS-700 exam and an important skill for Microsoft Teams administrators.
Practice Test with Explanation
T/F: OneDrive external sharing cannot be restricted on a user-by-user basis.
False
External sharing in OneDrive can be controlled on a user-by-user basis using the OneDrive admin center or PowerShell.
T/F: By default, OneDrive users can share files with people outside their organization.
True
By default, OneDrive is configured to allow users to share files with external users, but administrators can change this setting.
Which external sharing option in OneDrive allows sharing with anyone who has the link to the file?
- A) Only people in your organization
- B) Specific people
- C) Anyone with the link
- D) New and existing guests
C) Anyone with the link
The “Anyone with the link” option in OneDrive allows files to be shared with anyone, whether or not they have a Microsoft account.
When managing external sharing in OneDrive, which PowerShell cmdlet can be used to view the current sharing settings?
- A) Get-SPOSite
- B) Get-ODExternalSharing
- C) Get-SPOTenant
- D) Get-OneDriveUser
C) Get-SPOTenant
The Get-SPOTenant PowerShell cmdlet is used to view properties of the tenant, including external sharing settings for SharePoint and OneDrive.
T/F: Users can share files externally from OneDrive even if the global SharePoint external sharing setting is set to “Only people in your organization.”
False
If the global SharePoint external sharing setting is set to “Only people in your organization,” this will also affect OneDrive, as its settings are inherited from SharePoint.
To manage external file sharing for OneDrive users, administrators can change settings in:
- A) Azure Active Directory
- B) Microsoft 365 admin center
- C) OneDrive admin center
- D) Exchange admin center
C) OneDrive admin center
The OneDrive admin center allows administrators to manage external sharing settings for OneDrive users.
T/F: Administrators need to manually update external sharing settings in OneDrive for each user individually.
False
Administrators can set external sharing settings for all OneDrive users at once through the OneDrive admin center or PowerShell, rather than individually.
Which of the following can be set to expire in OneDrive’s external sharing settings?
- A) User passwords
- B) Sharing links
- C) Files within OneDrive
- D) OneDrive accounts
B) Sharing links
OneDrive allows the creation of sharing links that can be set to expire after a certain amount of time to enhance security.
T/F: OneDrive users can always see the full list of external users they have shared files with.
True
Users can see external users with whom they’ve shared content by looking at the “Shared with” information on any given file or folder.
Which of the following settings determines the type of external sharing link that OneDrive users can create by default?
- A) Default link type
- B) Shareable link type
- C) Link permission level
- D) External link creation mode
A) Default link type
The Default link type setting in OneDrive determines what kind of link (e.g., view, edit) is selected by default when a user shares a file or folder.
T/F: Guests invited to collaborate on OneDrive contents must always have a Microsoft account.
False
Guests can be invited to collaborate on OneDrive contents using any email address, not necessarily a Microsoft account. They will receive a one-time passcode (OTP) to access the content if they don’t have a Microsoft account.
What must be enabled to allow external sharing in OneDrive for users from specific domains only?
- A) Domain whitelisting
- B) Limited link sharing
- C) Restricted domain sharing
- D) External domain filtering
A) Domain whitelisting
Domain whitelisting, often known as “Allow/Block listing” in the OneDrive admin center, allows organizations to restrict external sharing to specific domains.
Interview Questions
What is external file sharing in OneDrive?
External file sharing in OneDrive allows you to share files and folders with people outside of your organization.
How can you manage external file sharing for OneDrive users?
You can manage external file sharing for OneDrive users by adjusting the external sharing settings in the SharePoint admin center.
How do you access the external sharing settings in the SharePoint admin center?
To access the external sharing settings, go to the SharePoint admin center, select the Policies tab, and then select Sharing.
What options are available for external sharing in OneDrive?
The available options for external sharing in OneDrive are Anyone , New and existing guests , Existing guests ,
What does the “Anyone” option mean for external sharing in OneDrive?
The “Anyone” option means that anyone who has the link can access the file or folder, regardless of whether they have a Microsoft account or not.
What does the “New and existing guests” option mean for external sharing in OneDrive?
The “New and existing guests” option means that only people who are invited and added to your organization’s directory as guests can access the file or folder.
What does the “Existing guests” option mean for external sharing in OneDrive?
The “Existing guests” option means that only people who have previously been added to your organization’s directory as guests can access the file or folder.
How can you restrict external sharing for OneDrive users?
You can restrict external sharing for OneDrive users by selecting the “Only people in your organization” option in the external sharing settings.
Can you customize the external sharing settings for individual OneDrive users?
Yes, you can customize the external sharing settings for individual OneDrive users by going to the OneDrive admin center and selecting the user you want to modify.
How can you monitor external sharing in OneDrive?
You can monitor external sharing in OneDrive by using the auditing and activity reports in the Microsoft 365 admin center. These reports provide information about who accessed shared files and when, as well as any changes to sharing settings.
Great post! Really helped me understand external file sharing settings in OneDrive.
Can someone explain the difference between ‘Anyone with the link’ and ‘Specific people’ sharing options?
How do I restrict OneDrive sharing to specific domains?
Appreciate the detailed post!
I followed the steps but still my users can share files externally without restrictions. Any tips?
Is there a way to audit external sharing activities in OneDrive?
Awesome blog, thanks for sharing!
External sharing settings seem overly complicated. Any simplified guide?