How to Share a SharePoint Site Externally: A Complete Step-by-Step Guide

What I am going to cover in this article has been somewhat of a challenge in SharePoint Online for many years. I am, of course, talking about the external sharing of a site. Unlike file and folder sharing, site sharing has a bit different authentication mechanism, and I will admit it – is confusing for everyone.

So in this post, I would like to explain how external sharing works and how to successfully share a site in SharePoint externally without frustration.

Site Sharing vs. File/Folder External Sharing

File and Folder external sharing relies on different types of links you can generate to the content. The user can share either:

• To specific external emails they type in (Specific People link type), in which case the recipient would need to enter a temporary 8-digit passcode to validate their identity

Sharing dialog showing "Specific People" option with passcode requirement

• Anonymously (Anyone with the link link type), if enabled, in which case, the recipient does not need to type in any passcodes at all and just needs to click on a link to access shared files or folders.

"Anyone with the link" option for anonymous sharing

No matter which option you choose from the ones above, the process is pretty painless and straightforward for both the originator and the recipient.

Which brings me to SharePoint Site External Sharing. Unlike the file and folder sharing, when you share a site externally in SharePoint Online, you can't do so anonymously. In other words, the recipient has to prove their identity in all cases. Moreover, instead of temporary 8-digit codes sent to the users, they have to authenticate with a Microsoft ID/email address. And once they do and accept the invitation, they end up in the User Directory in Office 365/Azure, clearly identified as a guest.

So I would like to explain to you the process of how to properly share a SharePoint Site externally and what actually happens behind the scenes.

SharePoint Admin Center External Sharing Settings

Before we dive into the end user experience, make sure external sharing is enabled in the SharePoint Admin Center. I explained how to check and set this up in a related post. So check it out first.

SharePoint Admin Center external sharing configuration

Site External Sharing vs. Group External Sharing

Now, I want to be clear first, that in this article, I describe how to share just the SharePoint site. The reason I mention this is that most of the sites provisioned these days in SharePoint Online are not just the standalone SharePoint sites. They are Team Sites that are part of the Microsoft 365 Group membership.

Team Site connected to Microsoft 365 Group

In this article, I only focus on how to share just to the site itself! If you would like to find out how to invite external users to the whole group, please check out the related post on sharing Microsoft 365 Groups.

Experience for the Originator

With the above being said, the experience for the originator will depend on whether the site being shared is a standalone SharePoint site (i.e., a Team Site without a Microsoft 365 Group or a Communication Site). By the way, since it is super important to understand what you are sharing, check out the related post to learn about all those types of sites.

External Sharing of a Standalone SharePoint Site

1Gear Icon > Site Permissions

Accessing Site Permissions from the Gear Icon

2Type in the external email address of a user you are inviting, assign proper permissions level (Read, Edit, Full Control), type in the personal message (optional), and click Add

Adding external user with permission level selection

External Sharing of a Team Site Connected to a Microsoft 365 Group

1Gear Icon > Site Permissions

Site Permissions for Group-connected Team Site

2Invite people > Share site only

Important: Select "Share site only" option

3Type the email address of an external user, set proper permission level, click Add

Adding external user email and permission level

What Happens Once the Invitation is Sent

Once you share a SharePoint Site externally and the invitation is sent, the recipient has 90 days to accept the invite. You can see the status and whether or not the user accepted your invite by following the instructions below. You will not see their email appearing under the Members Group or whatever group you added them to until they accept the invitation and authenticated in your environment.

1Gear Icon > Site Information

Navigate to Site Information

2Click on View all site settings

View all site settings link

3Click on Access requests and invitations

Access requests and invitations option

4You will now see the invitation status

Pending invitation status display

Experience for the Recipient

1The external recipient receives an email just like this (sometimes might go to the Spam/Junk folder, so please advise your guests to check in there as well)

External user invitation email

2Upon clicking the link from within the email, they get this screen

Authentication options screen for external user

3After this, the experience for the recipient varies, depending on how they choose to authenticate. There are three choices available to them; instructions for all are described below.

Option 1: The Recipient Has an Existing Microsoft 365 Account from Their Organization

This refers to a scenario where the recipient is part of an organization that also happens to have an Office 365 (Microsoft 365) subscription. For example, if you decide to share your SharePoint site with me, I could use my work User ID to log in to your site since I have an Office 365 (Microsoft 365) in my company.

So at this point, the external user will just click on the Organizational account, type in the Microsoft 365 credentials, and that's it!

Login with organizational Microsoft 365 account

Option 2: The Recipient Has Any Existing Microsoft Account

In case the recipient does not have an Office 365 account, he/she can use any Microsoft email or account. Maybe the user is an avid gamer and created an xbox.com or Outlook.com account at some point. Or maybe the user created a Hotmail.com account years ago. Any of those examples count towards an existing Microsoft account and can be used for authentication.

1The user clicks on Microsoft account

Select Microsoft account option

2The user types in the email address associated with Microsoft.

Enter Microsoft account email address

Clicks Next.

3The user types in the password, click Sign in

Enter Microsoft account password

4And the user will now have access to the site!

Option 3: The Recipient Does Not Have Any Existing Accounts

Lastly, if the user does not have any of the existing accounts described above, one can be created on the fly.

1The user clicks Don't have either account? Create a Microsoft account, it's quick and easy!

Create new Microsoft account option

2The user supplies an email address for the account (any email address can be used, probably would make sense to use the one invitation was sent to, to avoid the confusion). Clicks Next.

Enter email address for new Microsoft account

3The recipient chooses a password. Clicks Next.

Create password for new account

4Some additional verification info needs to be supplied. Click Next.

Provide additional verification information

5After that, Microsoft will send the recipient a temporary verification code. The user types it in, then click Next.

Enter email verification code

6And one more step to making sure this is a real person. Click Next.

CAPTCHA verification step

7And access is finally granted!

Successfully accessed the SharePoint site

What Happens After the Recipient Accepts the Invitation

1You will see the user accepting the invitation in the Access Requests described above

Invitation status changed to "Accepted"

2The user will appear in the proper security group you added them to (when you sent out an invitation)

External user appears in the appropriate permission group

3The user will formally end up in your directory in Microsoft 365 and identified as a guest user

Guest user listed in Microsoft 365 directory

4Lastly, as the user is already in your directory, he/she will get invites that look like this when sharing additional sites in your environment (since the user is already in your database and no longer needs to create IDs, etc.)

Future invitations are simplified for existing guest users

5If you navigate to the Active Users list in Microsoft 365, you will see which email users used to accept the invitation

Email addresses shown in Active Users list

Common Mistakes and Best Practices

Common Mistakes to Avoid

• Not checking spam folders: Invitation emails frequently end up in spam. Always advise external users to check their junk mail folder.
• Sharing the group instead of the site: On Group-connected sites, forgetting to select "Share site only" can give unintended access to Teams and other resources.
• Ignoring permission levels: Granting "Full Control" when "Edit" or "Read" would suffice creates unnecessary security risks.
• Not tracking invitations: Forgetting to monitor invitation status can lead to confusion about who has access.
• Letting invitations expire: Not following up with external users within the 90-day window means you'll need to resend invitations.

Best Practices for External Site Sharing

• Use descriptive personal messages: When sending invitations, include context about why you're sharing and what the user should do.
• Document external users: Keep a record of who has access to your sites and review it regularly.
• Apply the principle of least privilege: Only grant the minimum permission level needed for the user to accomplish their tasks.
• Set reminders to review access: Quarterly reviews of external user access help maintain security.
• Educate external users: Provide clear instructions and be available for questions, especially for users new to SharePoint.
• Monitor access requests: Regularly check the "Access requests and invitations" page to stay on top of who's accessing your site.

Frequently Asked Questions

Q: How long does an external user have to accept an invitation?

A: External users have 90 days to accept a site invitation. After 90 days, the invitation expires and you'll need to send a new one.

Q: Can I share a SharePoint site anonymously without requiring authentication?

A: No, unlike files and folders, SharePoint sites cannot be shared anonymously. External users must always authenticate with a Microsoft account to access sites.

Q: What's the difference between sharing a site and sharing the Microsoft 365 Group?

A: Sharing just the site gives access only to SharePoint content. Sharing the entire Microsoft 365 Group gives access to the site plus Teams, Planner, group email, and other connected resources. Always use "Share site only" unless you specifically want to grant full group access.

Q: Why isn't the external user showing up in my Members group even though I sent the invitation?

A: Users don't appear in permission groups until they've accepted the invitation and completed authentication. Check the Access Requests and Invitations page to see if the invitation is still pending.

Q: Can I remove an external user's access after they've accepted the invitation?

A: Yes, you can remove external users at any time by going to Site Permissions, finding the user in the appropriate permission group, and removing them. They'll immediately lose access to the site.

Q: Do external users count against my Microsoft 365 license limit?

A: No, guest users (external users) don't consume paid licenses in your Microsoft 365 subscription. However, there are tenant-wide limits on the total number of guest users you can have.

Conclusion

Sharing SharePoint sites externally doesn't have to be confusing anymore. While the process is different from file sharing and requires authentication, understanding the steps makes it manageable and secure.

In this guide, we covered:

• The key differences between site sharing and file/folder sharing
• How to properly configure external sharing settings
• Step-by-step instructions for sharing standalone sites and Group-connected sites
• The complete external user experience with all three authentication options
• What happens after invitations are accepted
• Common mistakes to avoid and best practices to follow

Remember, site sharing always requires authentication, external users become guest users in your directory, and proper permission management is crucial for maintaining security.

Now that you understand the external site sharing process completely with all the visual steps, you're ready to collaborate confidently with partners, clients, and consultants outside your organization.

Have questions or experiences to share about external SharePoint sharing? Feel free to leave a comment below. I'd love to hear from you and help with any challenges you're facing!