External Sharing Matrix

  • Article

This matrix was put together by my fellow PFE colleagues Kevin Kirkpatrick. You can view his blog here. 

This matrix provides the 4 different external sharing options as well as the PowerShell equivalent to set them.

Select this option: If you want to: Sharing Capability PowerShell Equivalent
Don’t allow sharing outside your organization Prevent all users on all sites from sharing sites or sharing content on sites with external users. Users will not be able to share sites or content with external users, even if those users are already in your directory. Disabled
Allow sharing only with the external users that already exist in your organization’s directory Allow sharing only for external users who are already in your directory. These users may exist in your directory because they previously accepted sharing invitations or because they were manually imported. (You can tell an external user because they have #EXT# in their user name.) ExistingExternalUserSharingOnly
Allow external users who accept sharing invitations and sign in as authenticated users Require external users who have received invitations to view sites or content to sign-in with a Microsoft account before they can access the content.
      • Site owners or others with full control permission can share sites with external users.
      • Site owners or others with full control permissions on a site can share documents with external users by requiring sign-in.
      • All external users will be required to sign in before they can view content.
      • Invitations to view content can be redeemed only once. After an invitation has been accepted, it cannot be shared or used by others to gain access.
 In addition this Sharing Setting will allow for "New Secure Sharing* experience, secure links.		 ExternalUserSharingOnly
Allow both external users who accept sharing invitations and guest links Allow site users to share sites with people who sign in as authenticated users, but you also want to allow site users to share documents through the use of anonymous guest links, which do not require invited recipients to sign in.
    • Site owners or others with full control permissions can share sites with external users.
    • All external users will be required to sign in before they can view content on a site that has been shared.
    • When sharing documents, site owners or others with full control permissions can opt to require sign-in or send an anonymous guest link.
    • When users share a document, they can grant external users either view or edit permissions to the doonecument.
    • External users who receive anonymous guest links can view or edit that content without signing in.
    • Anonymous guest links could potentially be forwarded or shared with other people, who might also be able to view or edit the content without signing in.
 ExternalUserAndGuestSharing