Administration, SharePoint

SharePoint Online Communication site – How to share with external users

I had an issue where when I tried to share my SharePoint Online Communication Site with an external user, I received an error:

Your organization’s policies don’t allow you to share with these users. Go to External Sharing in the Office 365 admin center to enable it.

But when I went to my O365 tenant, sharing was enabled:

Allow users to invite and share with authenticated external users
Allow sharing to authenticated external users and using anonymous access links

The issue is that sharing is disabled on the site, so we need to use PowerShell to fix this.

Solution

As a SPO tenant admin, open PowerShell and do Connect-SPOService, then enter your tenant-admin.sharepoint.com URL. Supply your global admin credentials.

Then run get-sposite with your site.sharepoint.com URL, but pipe (|) the results to format-list (fl) with the property attribute looking for shar (for sharing)

 

Connect-SPOService

Url: https://tenant-admin.sharepoint.com

Get-SPOSite https://tenant.sharepoint.com/sites/Extranet | fl -prop *shar*

DisableSharingForNonOwnersStatus :

SharingCapability : Disabled

SiteDefinedSharingCapability : Disabled

DisableCompanyWideSharingLinks : NotDisabled

SharingDomainRestrictionMode : None

SharingAllowedDomainList :

SharingBlockedDomainList :

 

So set the sharing to 1 (ExtenlaUserSharingOnly)

set-SPOSite https://tenant.sharepoint.com/sites/ExtranetSharingCapability 1

Refresh the page you want to share and now the external user invite is allowed.

Done! Now you are able to share a modern SharePoint Online site with guest users. A better approach I use is to create a group and share with external users, that way security and content are isolated from employee content.

3 thoughts on “SharePoint Online Communication site – How to share with external users”

  1. I’ve found when doing this with a Modern Communications site it prompts you for authentication in the browser when it first loads the site. This is using an Azure B2B guest access that I’ve shared a Modern Communications Site with. Any ideas why?

    1. Hi Paul, are you referring to the SharePoint Online sign in prompt? If you are familiar with the SAML Claims authentication (similar to AD FS), you know about the browser session cookie that stores the users authentication. If you clear your cookies/cache or use another browser or private browsing, this cookie is discarded and the user is prompted again to sign in. To enable SSO to Office 365, there really is no “Never prompt me again” since technically any account can have access to any tenant so an automatic link is not pre-determined by the OS/domain/website.
      Let me know if I missed what you are saying and I can help out! Thanks for reading.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s