cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can't configure external sharing per site basis for SharePoint site that is connected to O365 Group

Monir
Iron Contributor

‎Mar 23 2021 03:40 PM - edited ‎Mar 26 2021 06:12 AM

‎Mar 23 2021 03:40 PM - edited ‎Mar 26 2021 06:12 AM

Can't configure external sharing per site basis for SharePoint site that is connected to O365 Group

 

Updates are given below the original post

 

Original post  ---

 

Security Concern - Not being able to configure external sharing per-site basis for any SharePoint Online site that is connected to an O365 Group. When you configure external sharing now at the SharePoint Admin Center at the tenant level, all O365 connected sites inherit the sharing settings from the Admin center, we can't configure a per-site basis for those O365 group connected sites.

 

Microsoft recently enabled guess access as the default behavior for Microsoft Teams. As a result, SharePoint online sites are configured for external sharing now. 

 

Because of this, any SharePoint Online site that's connected with an Office 365 group, that gets created is configured for external sharing. These sites could be the sites associated with Microsoft 365 services e.g. Teams, Yammer, etc., or just independent sites but connected with an O365 group. Their external sharing is inherited from the SharePoint Online external sharing settings at the Tenant Org level.

 

Noe:  If you create a SharePoint team site without an O365 connected group or a communication site then the Tenant level external sharing settings do not get inherited to them and that is ideal so we can decide if we need to enable external sharing to them case by case.

 

But for those O365 connected sites -  this is a huge security concern as organizations and we don't want all these sites by default to have the external sharing settings inherited to them from the tenant org level. We want to enable external sharing by request site by site by request. Now we can go in the SharePoint admin center after the fact and reconfigure those sites one by one for not to be allowed for external sharing or set that to your desired settings but that is very unproductive as users create sites left and right.

 

I understand for Teams guest access and collaboration purposes it is needed but that should not be applied to other SharePoint Online sites that are not associated with Teams.

 

So the question is, is it possible to set the O365 group connected sites' external sharing settings not to inherit from the tenant SharePoint org level external sharing settings?

 

Thanks 

 

-------------------------------------------------------------------

 

Updates:

 

I contacted Microsoft support for this issue. They acknowledge this is an issue but seems can't do anything on this now, which is really not acceptable. Support is limited to what they can do. Asked them to contact their development/engineering team to address this concern.

 

1,309 Views
0 Likes
2 Replies
Reply
2 Replies
Trevor Seward

‎Mar 27 2021 09:55 AM

‎Mar 27 2021 09:55 AM

Re: Can't configure external sharing per site basis for SharePoint site that is connected to O365 Gr

You ultimately received your answer from Microsoft, but ideally you'd place the most restrictive setting at the tenant level. You can then create a custom provisioning process that allows the end user to select their desired sharing setting and as part of the provisioning process, set the sharing setting at the site level appropriately.
0 Likes
Reply
Monir

‎Mar 27 2021 04:57 PM

‎Mar 27 2021 04:57 PM

Re: Can't configure external sharing per site basis for SharePoint site that is connected to O365 Gr

That was not an answer but just acknowledging the issue. The issue is - when you set the sharing setting for SharePoint at the tenant level, then those settings are inherited for any O365 Group connected SPO site and you can't apply users desired sharing settings per-site basis via custom provisioning. If the site is NOT an O365 Group connected SPO site then customer provisioning would work. Give it a try.
0 Likes
Reply