How to limit external sharing by domain in SharePoint Online

Recent improvements to external sharing made it super simple for users to share content from SharePoint and OneDrive externally. Users can share sites, files, and folders literally with a click of a button. But what if you want to control who your users can share with? In other words, limit external sharing by domain, like yahoo.com or gmail.com? There is a feature available now in the SharePoint Admin Center that allows you to control just that. Let me explain how you can limit external sharing by domain in SharePoint Online.

How does “limit external sharing by domain” feature work?

The way it works, you identify trusted domains or domains you want to block and list them in the SharePoint Admin Center. That means that any domains that are not in the list won’t be allowed for external sharing. For example, say, I add gmail.com to the list of blocked domains. When the user tries to share externally to any gmail.com account, he/she will receive an error message.

You can block certain domains at the global (tenant) level or site level.

How to block domains at a Tenant Level

1. Navigate to the Office 365 Admin Center
2. Click on SharePoint Admin Center under Admin Centers
3. Under Policies, click on Sharing
4. In the middle of the screen, expand “More external sharing settings” drop-down
5. Check the box Limit external sharing by domain, click Add domains button, on the pop-up screen on the right, check Block specific domains radio button, type in the domain you want to block, click Save
6. Click Save at the bottom of the screen to save the changes you made

How to block domains at a Site Level

If you want to limit external sharing by domain in SharePoint Online for a specific site and not the whole tenant, you can do this too.

1. While in the SharePoint Admin Center, navigate to Active Sites, check the box next to a site, click Sharing, then Limit sharing by domain under Advanced settings for External sharing
2. At this point, a familiar pop-up will appear where you can specify domains to block

What happens when the user tries to share content externally with the blocked domain?

Using the above example, let me demonstrate the user experience of someone trying to share with a domain that has been blocked.

When the user attempts to share a site

When the user attempts to share a file or folder

To learn more about blocked domains feature, please reference this article from Microsoft.

Should I limit external sharing by domain in SharePoint Online?

In my opinion, domain restrictions, just like that infamous wall – are not that effective. When users encounter barriers in terms of information sharing, they get creative and just email the documents instead or use the other cloud solutions to share externally, like Google Drive or Dropbox. I even wrote an article about this a while back on why you should not try to prevent external sharing. While restricting external sharing by domain is less aggressive than the total disablement of external sharing, it still puts up unnecessary barriers within the organization.