Why you should stop disabling external sharing in SharePoint and OneDrive

OK, this is yet another one of those “I told you so” blog posts. I see this happening all the time when I work with my clients: IT or Management completely disabling external sharing in SharePoint and OneDrive for Business. Just to be clear what I mean by external sharing here – the ability to share sites, files and folders stored from SharePoint or user’s OneDrive with users who are not employees – vendors, clients, etc. If you already disabled external sharing or are thinking about doing it– please don’t. Let me explain.

Look, this is not 1990’s anymore. We live in a world where collaboration and information rule. We live in a very mobile world, where location does not matter much and users want info, right now, in real-time (boy, this sounds like I am delivering a commencement speech at graduation).

So if you decide to put restrictions on my ability to collaborate with my clients or vendors – you know what I am going to do? I am going to find a way to cheat the system. It is basic human psychology. I will start using my own Dropbox, I will email those files as attachments, whatever it takes.

If you impede users’ collaboration in any way, they will find ways to cheat the system

Enable, but control External Sharing

Set up proper Information Architecture

Now, with that being said, I am not saying that you should just let your governance loose and turn your Intranet into Wild West. I blogged numerous times previously, that you should separate your Intranet from Extranet and lock down certain portions at a site collection level. For example, the Human Resources site should not be allowed to be shared externally, while a Project Site or Office 365 Group site might.

Site Collection External sharing settings as they appear in Modern SharePoint Admin Center

Monitor

You have plenty of tools at your disposal to track users’ activities, External Sharing is one of them. Reference this post for some of the techniques. I encourage that you regularly check out Security and Compliance Center reports as well as Site Usage report.

Site Usage Report on External Sharing

Example of Audit Log report from Security & Compliance Center

Training

This was never a bad idea. Use training to educate your users not only on technical features of SharePoint, but also on internal governance and business processes.

Fire people you don’t trust

If you hire employees and you trust them with the company’s Intellectual Property, you should not be concerned with their actions. And if you are, they don’t belong in your company.