How to Fix SharePoint Error External Sharing Error

Encountering an External Sharing Error in SharePoint occurs when a user attempts to share a document, folder, or site with someone outside of the organization, but the action is blocked by administrative policies. The user may see errors like “Your organization’s policy doesn’t allow you to share with these users” or “Sharing is disabled for this site.”

This guide provides instructions to audit tenant policies, update site-level sharing settings, and manage Entra ID guest configurations.

Understand the Root Causes of External Sharing Errors

External sharing blocks are typically caused by:

1. Tenant-Level Restrictions: Global sharing is restricted to internal users only in the SharePoint Admin Center.
2. Site-Specific Restrictions: The individual site collection has a more restrictive policy than the global organization settings.
3. Domain Blocklists: An administrator has restricted sharing to specific allowed email domains, blocking others.
4. Entra ID Guest Restrictions: Guest user invitations are restricted in Microsoft Entra ID (formerly Azure Active Directory), preventing new external profiles from being provisioned.

Resolving SharePoint External Sharing Errors

Administrators can use the following steps to configure and enable external sharing:

Step 1: Check Tenant-Level Sharing Configurations

First, verify that the global sharing settings permit sharing with external users.

1. Go to the SharePoint Admin Center (https://[tenant]-admin.sharepoint.com).
2. In the left navigation pane, select Policies > Sharing.
3. Under External sharing, adjust the slider for SharePoint to the desired level:
   • Anyone: Users can share links that don’t require sign-in.
   • New and existing guests: External users must sign in or provide a verification code.
   • Existing guests: Only guests already in your directory can access shared items.
4. Click Save.

Step 2: Configure Site Collection External Sharing

If global settings are configured correctly but a specific site is blocked, verify the site’s individual sharing policy using PowerShell.

# Install SharePoint Online module if not present
Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Force -AllowClobber

# Connect to SharePoint Admin Center
Connect-SPOService -Url "https://yourcompany-admin.sharepoint.com"

# Set the sharing capability to allow external guests
Set-SPOSite -Identity "https://yourcompany.sharepoint.com/sites/targetsite" -SharingCapability "ExternalUserAndGuestSharing"

Step 3: Verify Microsoft Entra ID Guest Settings

External sharing in SharePoint relies on Microsoft Entra ID guest settings.

1. Log in to the Microsoft Entra Admin Center (admin.entra.microsoft.com).
2. Go to Identity > Users > User settings.
3. Under External users, click Manage external collaboration settings.
4. Check the Guest invite restrictions:
   • Ensure that Anyone in the organization can invite guest users (or Member users and users assigned to specific admin roles can invite guest users) is checked.
5. Review Collaboration restrictions to ensure the recipient’s domain is not blocked under the domain list.
6. Click Save if changes were made.

Step 4: Troubleshoot B2B Guest Account Invites

If a specific guest is unable to access a share, their guest state in Entra ID might be corrupted or pending.

# Example script to remove a stuck guest account using Azure CLI in terminal
az login
az ad user delete --id "guest_user_domain.com#EXT#@yourcompany.onmicrosoft.com"

Summary Checklist

• Verify global sharing controls in the SharePoint Admin Center are set to “New and existing guests”.
• Run Set-SPOSite in PowerShell to ensure the specific site is not set to Disabled.
• Audit the Entra ID Collaboration Settings for domain blocklists.
• Clear any broken guest accounts (#EXT# profiles) in Entra ID before re-inviting the external user.
• Instruct the guest to open the invite link in an Incognito window to avoid Microsoft account conflicts.