Configure Tenant-Level Sharing Settings for SharePoint and OneDrive

Properly configuring tenant-level sharing settings in Microsoft 365 ensures a secure and seamless collaboration experience in SharePoint and OneDrive. This guide walks you through the steps to configure these settings while maintaining security and compliance.

Prerequisites

Before proceeding, ensure you have the following:

• A Microsoft 365 subscription with Global Administrator or SharePoint Administrator privileges
• Access to the SharePoint Admin Center

Step 1: Access the Sharing Settings in Microsoft 365

1. Sign in to Microsoft 365 Admin Center
   • Go to Microsoft 365 Admin Center
   • Sign in with your Global Admin or SharePoint Admin credentials
2. Open the SharePoint Admin Center
   • In the left-hand menu, click on Admin Centers > SharePoint
   • This will take you to the SharePoint Admin Center
3. Navigate to Sharing Settings
   • In the left navigation pane, select Policies > Sharing

Step 2: Configure SharePoint and OneDrive Sharing Settings

Microsoft 365 allows you to control external sharing at both tenant and site levels. Here’s how to configure the settings:

1. Adjust External Sharing Settings

Under the External Sharing section, configure the sharing options for SharePoint and OneDrive:

• Most Restrictive: Only users in your organization can access content (best for internal use only).
• New and Existing Guests: Allows sharing with known external users (recommended for controlled external collaboration).
• Anyone: Allows anonymous sharing (not recommended unless necessary for public documents).
• Customize by Site: Configure external sharing settings at the individual site level.

2. Configure Guest Access Permissions

• Enable or disable sharing with guests who need to sign in.
• Define guest expiration policies to restrict access after a certain period.
• Prevent guests from sharing files they don’t own.

3. Manage Anonymous Link Sharing

For organizations that allow anonymous sharing:

• Configure View, Edit, or Expiration Policies for anonymous links.
• Restrict users from sharing files that require sign-in.
• Set expiration dates for anonymous access links.

4. Restrict External Domains

• Add allowed or blocked domains to restrict sharing with specific organizations.
• Prevent employees from sharing content with unauthorized email domains.

Step 3: Configure OneDrive-Specific Sharing Settings

1. Navigate to the OneDrive Admin Center within Microsoft 365.
2. Under Sharing, apply the same sharing restrictions configured for SharePoint.
3. Configure Sync Settings to control which devices can sync OneDrive files.

Step 4: Apply Sensitivity Labels and Compliance Policies

1. Use Sensitivity Labels: Apply labels to classify and restrict files from external sharing.
2. Apply Data Loss Prevention (DLP) Policies: Prevent the accidental sharing of sensitive data.
3. Enable Conditional Access Policies: Restrict access based on device compliance and user location.

Step 5: Test and Monitor Sharing Activities

1. Test External Sharing: Share files and check access permissions.
2. Use Microsoft 365 Audit Logs: Monitor sharing activities through the Security & Compliance Center.
3. Review Sharing Reports: Regularly analyze reports to adjust policies if needed.