This post is part of the Secure External Sharing Series.

In earlier posts, we have seen how you can block Azure Portal access for Guest Users aka External Users, use Azure Portal roles to allow users, including guest users to invite guest users from partner organisation and restrict non-administrators of the Azure Active Directory from accessing the Azure Active Directory Administration Portal.

Recap of this series:

  1. Block Azure Portal for External User
  2. Azure Portal Roles for External Sharing
  3. Restrict User Access to Azure AD Administration Portal
  4. Secure External Sharing in SPO (this post)

This post circles back to SharePoint Online and how you can secure external sharing (guest access) to SharePoint Online – at different service levels.

  1. Azure Active Directory Controls
  2. Office 365 Admin Center
  3. SharePoint Admin Center

Azure Active Directory (AAD) Controls

AAD is the top tier from where you can restrict Guest User access to Azure AD / Office 365.

Conditonal Access Policy – Block Guest Users from SharePoint Online

After setting up the Conditional Access Policy to Block Guest Users from SharePoint Online, this is the message a guest user gets after receiving the invite, completing the onboarding process and logging in to the shared SharePoint Online Site.

Office 365 Admin Center

AAD controls are only available if you have purchased the Enterpirse Mobility Suite (EMS) subscription. If you don’t have the EMS subscription, your top-tier by default will be the Office 365 Admin Center.

  • Once you have logged in to your tenancy with Global Administrator permissions, browse to
  • In the security and privacy page, you will see the Sharing option. If external sharing has not been enabled in your Office 365 Admin Center, then the configuration should show Off.


  • Click Edit and in the new dialog window
  • Select the slider to enable Sharing and Save



You will note in the window above another link to change the external sharing settings for SharePoint. This is covered in the post below.

SharePoint Admin Center

  • To start with, start with the 3rd option under Sharing outside your organisation


  • Click Save
  • Review the information that pops up in the dialog box and click OK




That’s it! With this post, we wrap up the series on External Sharing with SharePoint Online and Securing External Sharing SharePoint Online.