Limit External Sharing by Domain in SharePoint [2024]

Written By Shubrato

External sharing in SharePoint includes excellent functionality as well as security risks. It allows others to access your files without even signing in. It can be a huge threat to your organization.

limit-external-sharing-by-domain-in-sharepoint

In such a situation, you can limit external sharing in SharePoint to avoid security risks. In this article, I will guide you through the procedures of limiting external sharing by domains.

Tag Along!

Quick Navigation show

What is Limit External Sharing by Domain & How Does It Work?

The limit external sharing by domain is a unique feature of SharePoint that assists in controlling share permissions for external sharing. Admin can block certain domains to prevent sharing SharePoint contents using those domains. Or, can add specific domains to whitelist for sharing.

The limit external sharing feature’s primary purpose is to control sharing by SharePoint users.

For instance, if you want to restrict users from sharing the contents via Gmail, simply add the Gmail domain address to the list of blocked domains. It will prevent users from sharing anything using the Gmail domain and show an error message.

When the users want to share a site, and the site is blocked from external sharing, they will see the following error message.error-message-for-site

Contrarily, when the users want to share a file or folder that has blocked external sharing enabled, they will get the following message.error-message-for-file-or-folder

How to Limit External Sharing by Domain at Tenant Level

You must have admin access if you want to restrict or block some domains from external sharing at the tenant level. Under Sharepoint Admin Centers, open Sharing, check the Limit external sharing by domain checkbox, select Add domains, and create a block list.

Check out another post about external sharing in SharePoint online to learn more about external sharing.

Consider the following procedures to block external sharing by domain at the SharePoint tenant level.

Here are the steps to restrict external sharing at the tenant level:

  • Open your browser and go to Office 365 Admin Center.ms-admin-center
  • Select Show all to see all options.show-all
  • Click on SharePoint under Admin Centers.sharepoint-admin
  • Select Policies to expand it and click on Sharing.sharing-settings
  • Expand the More external sharing settings.more-sharing-settings
  • Tick the Limit external sharing by domain checkbox and select Add domains.limit-sharing
  • Check the Block specific domains‘ radio button, add the domains you want to block, and click Save.add-domains
  • Scroll to the bottom of the page and click Save to keep the changes.save-changes

Using the Allow only specific domains radio button under Add domains, you can create a list of domains to whitelist only a few.

Caution: Microsoft allows users to add a maximum of 3000 domains to the block list. Remember to add each domain in a new line.

Restricts External Sharing Using PowerShell at Tenant Level

Are you more comfortable managing SharePoint using PowerShell? Well, then you can quickly whitelist or blocklist domains using Set-SPOSite PowerShell cmdlet.

Use the following code to whitelist specific domains at the tenant level.

$TenantAdminURL = “your admin URL”
Connect-SPOService -Url $TenantAdminURL -Credential (Get-Credential)
Set-SPOTenant -SharingDomainRestrictionMode “AllowList” -SharingAllowedDomainList “add whitelist domains here.”

Contrarily, you can also use PowerShell to block specific domains. Use the subsequent code to block specific domains.

Set-SPOTenant -SharingDomainRestrictionMode “BlockList” -SharingBlockedDomainList “add blocklist domains here.”

How to Limit External Sharing by Domain at Site Level

To restrict external sharing by domain at the SharePoint site level, go to the SharePoint Admin Centers. Navigate to Sites > Active Sites, select the site, and click on Sharing from the top menu. Tick the Limit sharing by domain checkbox, select Add domains and create a block list.

Remember, without SharePoint admin access, you won’t be able to modify site settings. Go through the following process to block specific domains from sharing at the SharePoint site level.

Here’s how to restrict external sharing by domain at the SharePoint site level:

  • Go to SharePoint Admin Center.admin-panel
  • Expand Sites and select Active Sites.active-sites
  • Select a Site by checking the radio button, click on More (three horizontal dots), and select Sharing.sharing-option
  • Expand Advanced settings for external sharing, check the Limit sharing by domain checkbox, and select Add domains.advanced-settings
  • Tick the Block specific domain checkbox, add the domains you want to block, and click Save to update the changes.block-domains

Choose Allow only specific domains if you want to allow only a few domains, and then create a list of whitelist domains. Users can add a maximum of 500 domains to the block list at the SharePoint site level.

Limit External Sharing Using PowerShell at the Site Level

Using PowerShell, you can whitelist or blocklist specific domains from external sharing at the site level. Use the following code to whitelist specific domains.

$TenantAdminURL = “your admin URL”
$SiteURL = “your site URL”
Connect-SPOService -Url $TenantAdminURL -Credential (Get-Credential)
Set-SPOSite -Identity $SiteURL -SharingDomainRestrictionMode “AllowList” –
SharingAllowedDomainList “add whitelist domains here.”

On the other hand, use the following code to blocklist specific domains from external sharing.

Set-SPOSite -Identity $SiteURL -SharingDomainRestrictionMode “BlockList” –
SharingBlockedDomainList “add blocklist domains here.”

Quick Note: If the SharePoint Tenant and SharePoint Site settings override each other, Microsoft prioritizes the Tenant settings over Site settings.

Frequently Asked Questions

Should I limit external sharing by domain?

Limiting external sharing is not an appropriate step to restrict sharing of SharePoint content. Because when users face errors during external sharing, they will find another way to share the files.

Can I share files in SharePoint with external users?

Yes, you can share your SharePoint files with external users to collaborate with others. Sharing important files with clients, business partners, or customers outside your organization is essential.

How to share a SharePoint site with everyone except external users?

To share a site with everyone except external users, go to your site, and click the Share button. Under the Add users popup, select Everyone Except External Users, choose group or permission for the group, and then click Share.

Concluding Words

External sharing allows users to share data throughout the web with anyone. It can be a thread for your sensitive files. By limiting external sharing, you can overcome this situation.

Depending on your need, you can limit the sharing capabilities at the SharePoint Tenant or Site level. Using PowerShell, you can also do the same.

Did this article assist you in blocking external sharing by domain? Leave a comment below.

About The Author
Shubrato is passionate about technology. From his core, he is a tech geek and can fix any tech-related issues through intensive research. He has an undergrad degree in Computer Science and Engineering. Besides being a tech enthusiast, Shubrato is passionate about capturing time in a frame and loves cycling.
Related Posts
power-bi-date-table-relationship-not-working
Microsoft
[Solved] Power BI Date Table Relationship Not Working
add-members-to-sharepoint-site
Microsoft
Add Members to Sharepoint Site [Invite External Users]
how-to-set-tab-stops-in-word
Microsoft
How to Set Tab Stops in Word [Step-By-Step Guide 2024]
how-to-enable-dark-mode-in-microsoft-teams
Microsoft
How To Enable Dark Mode in Microsoft Teams [Modify the Look]

Leave a Comment