Picture this: a crucial document gets sent to the wrong person outside your organization. Or worse, a sensitive file is shared publicly with an anonymous link, and it spreads before you even notice. Oversharing is more than a minor misstep—it can put your organization’s reputation, finances, and legal standing at risk.

In today’s digital world, Microsoft 365 offers robust tools for secure file sharing. Yet, many organizations still grapple with how to set up these tools effectively. Whether you’re a CEO worrying about data leaks or an IT admin tasked with preventing them, this guide will show you how to safely share files outside your organization using Microsoft 365’s built-in features and best practices from Microsoft.

The Risks of Oversharing

File sharing is integral to remote collaboration, but it also creates potential entry points for cyber threats. A link forwarded to the wrong inbox or posted in a public forum could expose trade secrets, client data, or personal information. Such incidents can lead to:

• Damaged Reputation: Clients and stakeholders lose trust if private data is leaked.

• Financial Loss: Regulatory fines, lawsuits, or remediation costs add up quickly.

• Operational Disruption: Precious time and resources must be diverted to damage control instead of business growth.

Although cloud storage and remote collaboration are the new normal, a thoughtful strategy can keep your data safe and your business running smoothly.

Microsoft 365: Key Security Features to Know

Microsoft 365 gives you various external sharing options with different security levels. Three primary ways to share files or folders are:

1. Specific people: Restricts access to named individuals by email address.

2. Anyone with a link: Anonymously accessible link for those who have it (carries a higher risk if forwarded).

3. Internal sharing: Allows only members of your organization to view or edit content.

Used in combination, these methods enable collaboration without sacrificing data security.

Best Practices for Sharing Files Outside Your Organization

If your team must share files without requiring recipients to sign in, opt for “Anyone” links. However, to lessen risks:

✔️Implement Expiration Dates for Anyone links: Configure an end date for each link, so it becomes invalid after a certain period.

To set an expiration date for Anyone links across the organization

1. Open the SharePoint admin center, expand Policies, and then select Sharing.

2. Under Choose expiration and permissions options for Anyone links, select the These links must expire within this many days check box.

3. Type a number of days in the box, and then select Save.

To set an expiration date for Anyone links on a specific site

1. Open the SharePoint admin center, expand Sites, and then select Active sites.

2. Select the site you want to change, and then select Sharing at the top.

3. Under Advanced settings for Anyone links, under Expiration of Anyone links, clear the Same as organization-level setting check box.

4. Select the These links must expire within this many days option, and type a number of days in the box.

5. Select Save.

✔️Set link permissions: If feasible, set these links to view-only.

To set permissions for Anyone links across the organization

1. Open the SharePoint admin center, and select Sharing.

2. Under Choose expiration and permissions options for Anyone links, select the file and folder permissions that you want to use.

✔️Set a Stricter Default Link Type: If you allow “Anyone” links, users can easily create publicly accessible URLs—even for sensitive files—without realizing it. Changing the default to “People in your organization” forces them to make a deliberate choice if they truly need to share content beyond your organization, reducing the risk of accidental public access.

To set the default file and folder sharing link for the organization:

1. Open the SharePoint admin center, and select Sharing.

2. Under File and folder links, select Only people in your organization.

3. Select Save

To set the default file and folder sharing link for a specific site:

1. Open the SharePoint admin center, expand Sites, and then select Active sites.

2. Select the site you want to change, and then select Sharing.

3. Under Default sharing link type, clear the Same as organization-level setting check box.

4. Select the Only people in your organization option, and then select Save.

✔️Use Microsoft Purview Data Loss Prevention (DLP): DLP identifies and restricts sensitive items—like files containing financial details or personal data—so they aren’t shared with unauthorized persons. You can apply policies to detect sensitive content and block or warn users before oversharing.

📌How to set up DLP

✔️Protect Against Malicious Files: When anonymous users can upload files, there’s a higher chance of malware slipping through. Microsoft Defender for Office 365 offers Safe Attachments to scan and quarantine suspicious files before they reach their destination.

📌Safe Attachments in Microsoft Defender for Office 365

✔️Restrict Sharing to New and Existing Guests: In situations where “Anyone” links pose too high a risk, consider limiting external sharing to authenticated guests—individuals who sign in or use verified emails before accessing your organization’s content. This approach maintains collaboration without the unchecked exposure that comes with anonymous sharing.

To turn off Anyone links for your organization

1. In the SharePoint admin center, under Policies, select Sharing.

2. Set the SharePoint and OneDrive external sharing settings to New and existing guests.

3. Select Save.

To turn off Anyone links for a site

1. In the SharePoint admin center, under Sites, select Active sites.

2. Select the site that you want to configure.

3. In the ribbon, select Sharing.

4. Ensure that sharing is set to New and existing guests.

5. If you made changes, select Save.

✔️Employ Domain Filtering: Domain allow lists or deny lists can dictate which external domains your users can share content with. This helps you limit sharing to trusted partners or exclude known risky domains.

To set up a domain allow or deny list

1. In the SharePoint admin center, under Policies, select Sharing

2. Under More external sharing settings, select the Limit external sharing by domain check box.

3. Select Add domains.

   

4. Select whether you want to block domains, type the domains, and select Save.

   

5. Select Save on the Sharing page.

✔️Restrict Sharing to Specific Security Groups: You can limit who can share externally by granting sharing privileges to members of particular security groups. This approach ensures that only those who complete specific training or follow certain protocols can share beyond the organization.

To limit external sharing to members of a security group

1. In the SharePoint admin center, under Policies, select Sharing.

2. Under More external sharing settings, select Allow only users in specific security groups to share externally.

3. Select Manage security groups.

   

4. In the Add a security group box, search for and select the security group you want.

5. Next to the security group name, from the Can share with dropdown, select either:

   • Authenticated guests only (default)

   • Anyone

6. Select Save.

Note that this affects files, folders, and sites, but not Microsoft 365 groups or Teams. When members invite guests to a private Microsoft 365 group or a private team in Microsoft Teams, the invitation is sent to the group or team owner for approval.

Oversharing isn’t just an administrative hassle—it’s a significant risk that can compromise your organization’s entire security posture. By leveraging Microsoft 365’s built-in sharing settings and adopting a few strategic measures, you’ll preserve collaboration while keeping sensitive data locked down.

Key Takeaways:

• Start with more restrictive defaults and then broaden sharing only as necessary.

• Educate users to handle “Anyone” links with caution, especially for files that pose substantial risk if leaked.

• Employ data protection features like DLP and Safe Attachments for stronger defense against leaks and malicious content.

Need Help Securing Microsoft 365?

Proper setup and management of Microsoft 365 file-sharing settings can be complex, especially for organizations dealing with strict compliance demands. PlexHosted offers tailored security solutions to prevent accidental leaks and targeted cyber threats. Let us help your team collaborate confidently—without oversharing.

Ready to safeguard your files? Contact PlexHosted today to learn how we can optimize your Microsoft 365 security strategy.