What I am going to cover in this article has been somewhat of a challenge in SharePoint Online for many years. I am, of course, talking about the external sharing of a site. Unlike file and folder sharing, site sharing has a bit different authentication mechanism, and I will admit it – is confusing for everyone.
So in this post, I would like to explain how external sharing works and how to successfully share a site in SharePoint externally without frustration.
Site Sharing vs. File/Folder External Sharing
File and Folder external sharing relies on different types of links you can generate to the content. The user can share either:
- To specific external emails they type in (Specific People link type), in which case the recipient would need to enter a temporary 8-digit passcode to validate their identity
Sharing dialog showing "Specific People" option with passcode requirement
- Anonymously (Anyone with the link link type), if enabled, in which case, the recipient does not need to type in any passcodes at all and just needs to click on a link to access shared files or folders.
"Anyone with the link" option for anonymous sharing
No matter which option you choose from the ones above, the process is pretty painless and straightforward for both the originator and the recipient.
Which brings me to SharePoint Site External Sharing. Unlike the file and folder sharing, when you share a site externally in SharePoint Online, you can't do so anonymously. In other words, the recipient has to prove their identity in all cases. Moreover, instead of temporary 8-digit codes sent to the users, they have to authenticate with a Microsoft ID/email address. And once they do and accept the invitation, they end up in the User Directory in Office 365/Azure, clearly identified as a guest.
So I would like to explain to you the process of how to properly share a SharePoint Site externally and what actually happens behind the scenes.
SharePoint Admin Center External Sharing Settings
Before we dive into the end user experience, make sure external sharing is enabled in the SharePoint Admin Center. I explained how to check and set this up in a related post. So check it out first.
SharePoint Admin Center external sharing configuration
Site External Sharing vs. Group External Sharing
Now, I want to be clear first, that in this article, I describe how to share just the SharePoint site. The reason I mention this is that most of the sites provisioned these days in SharePoint Online are not just the standalone SharePoint sites. They are Team Sites that are part of the Microsoft 365 Group membership.
Team Site connected to Microsoft 365 Group
In this article, I only focus on how to share just to the site itself! If you would like to find out how to invite external users to the whole group, please check out the related post on sharing Microsoft 365 Groups.
Experience for the Originator
With the above being said, the experience for the originator will depend on whether the site being shared is a standalone SharePoint site (i.e., a Team Site without a Microsoft 365 Group or a Communication Site). By the way, since it is super important to understand what you are sharing, check out the related post to learn about all those types of sites.
External Sharing of a Standalone SharePoint Site
1Gear Icon > Site Permissions
Accessing Site Permissions from the Gear Icon
2Type in the external email address of a user you are inviting, assign proper permissions level (Read, Edit, Full Control), type in the personal message (optional), and click Add
Adding external user with permission level selection
External Sharing of a Team Site Connected to a Microsoft 365 Group
1Gear Icon > Site Permissions
Site Permissions for Group-connected Team Site
2Invite people > Share site only
Important: Select "Share site only" option
3Type the email address of an external user, set proper permission level, click Add
Adding external user email and permission level
What Happens Once the Invitation is Sent
Once you share a SharePoint Site externally and the invitation is sent, the recipient has 90 days to accept the invite. You can see the status and whether or not the user accepted your invite by following the instructions below. You will not see their email appearing under the Members Group or whatever group you added them to until they accept the invitation and authenticated in your environment.
1Gear Icon > Site Information
Navigate to Site Information
2Click on View all site settings
View all site settings link
3Click on Access requests and invitations
Access requests and invitations option
4You will now see the invitation status
Pending invitation status display
Experience for the Recipient
1The external recipient receives an email just like this (sometimes might go to the Spam/Junk folder, so please advise your guests to check in there as well)
External user invitation email
2Upon clicking the link from within the email, they get this screen
Authentication options screen for external user
3After this, the experience for the recipient varies, depending on how they choose to authenticate. There are three choices available to them; instructions for all are described below.
Option 1: The Recipient Has an Existing Microsoft 365 Account from Their Organization
This refers to a scenario where the recipient is part of an organization that also happens to have an Office 365 (Microsoft 365) subscription. For example, if you decide to share your SharePoint site with me, I could use my work User ID to log in to your site since I have an Office 365 (Microsoft 365) in my company.
So at this point, the external user will just click on the Organizational account, type in the Microsoft 365 credentials, and that's it!
Login with organizational Microsoft 365 account
Option 2: The Recipient Has Any Existing Microsoft Account
In case the recipient does not have an Office 365 account, he/she can use any Microsoft email or account. Maybe the user is an avid gamer and created an xbox.com or Outlook.com account at some point. Or maybe the user created a Hotmail.com account years ago. Any of those examples count towards an existing Microsoft account and can be used for authentication.
1The user clicks on Microsoft account
Select Microsoft account option
2The user types in the email address associated with Microsoft.
Enter Microsoft account email address
Clicks Next.
3The user types in the password, click Sign in
Enter Microsoft account password
4And the user will now have access to the site!
Option 3: The Recipient Does Not Have Any Existing Accounts
Lastly, if the user does not have any of the existing accounts described above, one can be created on the fly.
1The user clicks Don't have either account? Create a Microsoft account, it's quick and easy!
Create new Microsoft account option
2The user supplies an email address for the account (any email address can be used, probably would make sense to use the one invitation was sent to, to avoid the confusion). Clicks Next.
Enter email address for new Microsoft account
3The recipient chooses a password. Clicks Next.
Create password for new account
4Some additional verification info needs to be supplied. Click Next.
Provide additional verification information
5After that, Microsoft will send the recipient a temporary verification code. The user types it in, then click Next.
Enter email verification code
6And one more step to making sure this is a real person. Click Next.
CAPTCHA verification step
7And access is finally granted!
Successfully accessed the SharePoint site
What Happens After the Recipient Accepts the Invitation
1You will see the user accepting the invitation in the Access Requests described above
Invitation status changed to "Accepted"
2The user will appear in the proper security group you added them to (when you sent out an invitation)
External user appears in the appropriate permission group
3The user will formally end up in your directory in Microsoft 365 and identified as a guest user
Guest user listed in Microsoft 365 directory
4Lastly, as the user is already in your directory, he/she will get invites that look like this when sharing additional sites in your environment (since the user is already in your database and no longer needs to create IDs, etc.)
Future invitations are simplified for existing guest users
5If you navigate to the Active Users list in Microsoft 365, you will see which email users used to accept the invitation
Email addresses shown in Active Users list
Common Mistakes and Best Practices
Common Mistakes to Avoid
- Not checking spam folders: Invitation emails frequently end up in spam. Always advise external users to check their junk mail folder.
- Sharing the group instead of the site: On Group-connected sites, forgetting to select "Share site only" can give unintended access to Teams and other resources.
- Ignoring permission levels: Granting "Full Control" when "Edit" or "Read" would suffice creates unnecessary security risks.
- Not tracking invitations: Forgetting to monitor invitation status can lead to confusion about who has access.
- Letting invitations expire: Not following up with external users within the 90-day window means you'll need to resend invitations.
Best Practices for External Site Sharing
- Use descriptive personal messages: When sending invitations, include context about why you're sharing and what the user should do.
- Document external users: Keep a record of who has access to your sites and review it regularly.
- Apply the principle of least privilege: Only grant the minimum permission level needed for the user to accomplish their tasks.
- Set reminders to review access: Quarterly reviews of external user access help maintain security.
- Educate external users: Provide clear instructions and be available for questions, especially for users new to SharePoint.
- Monitor access requests: Regularly check the "Access requests and invitations" page to stay on top of who's accessing your site.
Frequently Asked Questions
A: External users have 90 days to accept a site invitation. After 90 days, the invitation expires and you'll need to send a new one.
A: No, unlike files and folders, SharePoint sites cannot be shared anonymously. External users must always authenticate with a Microsoft account to access sites.
A: Sharing just the site gives access only to SharePoint content. Sharing the entire Microsoft 365 Group gives access to the site plus Teams, Planner, group email, and other connected resources. Always use "Share site only" unless you specifically want to grant full group access.
A: Users don't appear in permission groups until they've accepted the invitation and completed authentication. Check the Access Requests and Invitations page to see if the invitation is still pending.
A: Yes, you can remove external users at any time by going to Site Permissions, finding the user in the appropriate permission group, and removing them. They'll immediately lose access to the site.
A: No, guest users (external users) don't consume paid licenses in your Microsoft 365 subscription. However, there are tenant-wide limits on the total number of guest users you can have.
Conclusion
Sharing SharePoint sites externally doesn't have to be confusing anymore. While the process is different from file sharing and requires authentication, understanding the steps makes it manageable and secure.
In this guide, we covered:
- The key differences between site sharing and file/folder sharing
- How to properly configure external sharing settings
- Step-by-step instructions for sharing standalone sites and Group-connected sites
- The complete external user experience with all three authentication options
- What happens after invitations are accepted
- Common mistakes to avoid and best practices to follow
Remember, site sharing always requires authentication, external users become guest users in your directory, and proper permission management is crucial for maintaining security.
Now that you understand the external site sharing process completely with all the visual steps, you're ready to collaborate confidently with partners, clients, and consultants outside your organization.
Have questions or experiences to share about external SharePoint sharing? Feel free to leave a comment below. I'd love to hear from you and help with any challenges you're facing!
0 Comments
Thanks!