I found out today that all my internal SharePoint online sites that I made sure will have the least permission given to "Everyone except external users" still allow my internal users to share with external users.
The reason being that to allow users to share in their own OneDrive, the admin had to set "External sharing" to "Anyone" and "File and folder links" to "Specific people (only the people the user specifies)"
Why can't SharePoint have "Only people in your organization, No external sharing allowed."
And OneDrive "New and existing guests"? why is it the opposite?
Is there a way to allow sharing just on one library in each SharePoint site?