Share Files Externally in Microsoft Teams: Admin Setup, Governance and Best Practices
Why IT admins need a strategy for external file sharing
External collaboration is essential for most organizations today. Projects with customers, partners, and suppliers depend on external approvals, and thus on fast file sharing and real-time teamwork.
But once a file leaves your Microsoft 365 environment, the data and control are out of your hands. Without clear governance, external users can keep access to sensitive data indefinitely, and compliance or audit requirements become difficult to meet.
M365 offers you very fine-tuned controls for setting up approvals, e.g. sharing folders with external users. However, these controls are distributed across multiple Admin Centers. Therefore, setting up external shares can be a little complicated.
This guide explains how to enable external file sharing in Microsoft Teams while still keeping control over the process, step by step for IT admins. I will also show you how to use the External User Manager governance tool to automate guest management and protect your organization.
What controls external file sharing in Microsoft Teams?
In Microsoft Teams, file sharing is tightly connected to SharePoint and OneDrive. When users share a file or folder in a Team, they actually share it from the connected SharePoint site.
That means that file sharing settings in Teams depend on:
- Microsoft 365 tenant-wide external sharing settings
- SharePoint / OneDrive external sharing configuration
- Microsoft Teams admin settings for guest and external access
To manage external file sharing securely, all three layers must be set up correctly. Otherwise, users will face restrictions or, worse, share data that is not meant to leave the company’s environment.
Juggling multiple Admin Centers? There’s an easier way:
There are controls at the highest level that affect everything below. But the closer you get to each group, team, and site, the finer the controls are, and you may not have been aware of them before.
It’s very likely that your users will need to collaborate with someone outside the company at some point. If you don’t have an existing system for external sharing, let your users decide when and how to share files externally in Microsoft Teams. The risk may not be obvious yet, but once data leaves your system, you lose all control over where it goes. Do you really know what happens to your data once it is in the hands of external users?
Worried about data security when files leave your system? We can help:
External Access vs. Guest Access: What’s The Difference?
Understanding the difference between External Access and Guest Access is a key part of Microsoft Teams governance. It is important to know exactly where and how to configure these functions in Entra (Azure AD), Microsoft Teams, SharePoint Online and OneDrive for Business. In the user interface of your Team Admin Center you may notice the term “External Access”. This term makes the subtle but important difference between external access and guest access:
- External access (federated) grants access to an entire domain, with the participant only getting access to the federated chat with one other user at a time. Allows communication with users in other Microsoft 365 organizations (federation). Users can chat or join meetings but cannot access Teams, resources, channels, or files of the inviting company.
- Guest access gives a user the ability to access resources such as channel conversations and files. It adds external users as guests directly to a Team or Microsoft 365 Group. Guests can access channels and shared files, upload and edit documents as well as participate in conversations and meetings.
- As a third method, you can use OneDrive to send files outside your organization. No external access or guest access is required in this case.
Since we are dealing with external approvals here, our focus is on granting guest access. For file access, you need to enable Guest Access in the Teams Admin Center. External Access alone is insufficient.
As an administrator, you should have the permission rights to access the Azure Active Directory Portal (Entra) directly via a link in your Admin Center. There you can view your guest users, create new ones and manage the approval settings for your B2B guest users.
Step-by-step: How to enable external file sharing in Microsoft Teams
In Microsoft Teams, share files externally by granting guest access. Here’s what you need to do to set everything up in a safe way for your users.
In your organizational relationship (i.e. B2B) settings, you can set these controls more precisely. Should guest users be able to search the directory? Do you want to allow members or owners to invite guests? You’ll also find settings that allow you to set up one-time access codes via email for guests and collaboration restrictions in domains.
To share files externally in Microsoft Teams, the first step is to enable this feature for M365.
1. Enable external sharing in Microsoft 365 (tenant level)
- Open the Microsoft 365 Admin Center, go to Settings → Org Settings → Security & privacy.
- Under External sharing, enable sharing with external users.
- Set a default sharing level for your organization (recommended: Specific people).
2. Allow external sharing for Microsoft 365 Groups / Teams
- In the Microsoft 365 Admin Center, open Groups and select Sharing.
- Allow external sharing for Groups. This enables sharing for Teams that use those groups.
- Optionally, restrict sharing to approved domains for better control.
3. Configure SharePoint / OneDrive external sharing
Since Teams files are stored in SharePoint, you need to enable external sharing there as well.
- Go to the SharePoint Admin Center, then select Policies and Sharing.
- Choose Specific people as the default sharing link type for tight security.
- Enable expiration dates for shared links.
- Create domain allow / deny lists to restrict sharing to trusted partner organizations.
4. Transfer settings from SharePoint to Azure B2B
If you want SharePoint to transfer your settings for external shares to Azure B2B, proceed as follows:
- In the Microsoft 365 Admin Center Settings, access services and add-ins → SharePoint
- Set the “Users can share with:” option to “Only existing guests”.
If, on the other hand, you want SharePoint to function independently of Azure B2B and have its own list of external shares, proceed as follows:
- In the Microsoft 365 Admin Center Einstellungen → call up services and add-ins → SharePoint
- Set the “Users can share with:” option to “Everyone”
This allows all users, even anonymous users, to use SharePoint.
Further fine tuning can be done via the guest access settings for each site.
5. Configure Teams guest and external access
- In the Teams Admin Center under Users, go to Guest Access to enable the guest feature in Teams and define permissions (e.g. file editing, calling, deleting messages). Allow a few hours for the setting to take effect.
- In the Teams Admin Center under External Access, allow or block domains for cross-tenant communication.
6. Review your settings
Use test accounts to verify:
- whether guests can join Teams and access files only where allowed
- whether sharing files to “Anyone with the link” is disabled for sensitive sites
- whether expiration and review policies are applied consistently
Cut down on manual admin work:
Typical risks without external sharing governance
- No centralized overview: Users share files directly; admins lose control.
- Inactive guest accounts: Old external accounts remain active and have access long after projects end.
- Compliance risks: Sensitive files might stay accessible externally for months.
- Audit complexity: It’s unclear who shared what and when.
These problems scale quickly, especially in enterprises with hundreds of Teams and external users.
That’s why many organizations implement a Microsoft Teams external sharing governance tool like External User Manager.
Microsoft Teams: share files externally – in a controlled way
How does External User Manager automate external sharing governance?
External User Manager extends Microsoft 365 by adding automated guest lifecycle management and external access governance features.
With the External User Manager app, IT admins can:
- Detect all external and guest users across Teams, SharePoint, and Azure AD
- Implement approval workflows before granting access
- Apply expiration dates and auto-removal for inactive guests
- Send periodic access review requests to team owners
- Generate reports for audits and compliance
This automation ensures that external collaboration stays secure while reducing manual admin work.
Use Case: How the largest organic farming association in Germany regained control
Bioland e.V., the largest organic farming association in Germany, recognized the risk of users inviting external guests without oversight, many inactive for more than a year.
After deploying External User Manager, Bioland implemented easy automated administration of guests with regular reviews, introduced expiration rules for external accounts, and set up required approval for new guests.
Result:
- Full control and overview of external guest users
- Reduced manual admin work
- Hundreds of guests managed centrally
Read the customer success story here!
Best practices for secure external file sharing
- Use “Specific people” links instead of “Anyone with the link”.
- Restrict domains to trusted partner organizations.
- Enforce link expiration and regular reviews.
- Monitor guest access lifecycle automatically.
- Use External User Manager to combine governance and automation.
FAQ – Common admin questions on file sharing
Why do I need to grant access for external users at all?
External sharing mostly comes up in projects with partners or collaborations with another company. As an alternative, you could just send the files by email – however that invites issues with different versions, insecurities about which file is the latest and correct version etc. With external sharing, everyone has access to the same file, which is always up-to-date.
Is sharing files in Microsoft Teams dangerous?
It can be, which is why you need to think about security settings and governance regulations in advance. Without any guidelines, your users are able to share files and data however they like. They may not intend anything bad to come from it, but once the files are out of their hands, controlling what happens afterwards is impossible. Thankfully, Microsoft offers a lot of settings and options for deciding what can be shared and with whom.
Do I need both SharePoint and Teams settings to enable external sharing?
Yes. Teams uses SharePoint storage, so SharePoint/OneDrive settings must allow sharing before it works in Teams.
What is the difference between guest access and external access?
In short, external access is the little brother of guest access, with less rights. For more detailed information, please reference the blog article above.
How do I enable external sharing for Microsoft 365 / Microsoft Teams?
To start, go to the Microsoft 365 Admin Center and select Settings and then Security and Privacy.
As a second step, external sharing has to be enabled for M365 Groups, too. In order to do so, select the Microsoft 365 Group Settings and then “Services and Add-ins”.
This topic is easy to implement but complex to explain, so please read the full blog post before going ahead.
Can I prevent certain departments from sharing externally?
Yes. You can configure site-specific sharing policies in the SharePoint Admin Center.
Is there a way to manually curate who is granted access?
In the Microsoft 365 Group Settings, you can select “Guests should be granted access to groups” and not “Owners are allowed to add these guests”.
This means new guest users have to be added manually to Entra / Azure Directory as well as the M365 group.
If you like this additional level of security, but are averse to the additional manual effort, you might want to check out our External User Manager for a request and approval workflow for inviting guest users.
Where are more options for finetuning the guest access settings?
In the Microsoft Teams Admin Center, there are further options to drill down the settings for guest access. You can find these in the “org-wide settings” under “guest access”.
Is there a way to handle SharePoint guest access separately?
Yes, you can set up SharePoint’s external sharing to work independently from Azure B2B! Even if you have restricted guest access and external sharing for Azure B2B, you can make it widely available for SharePoint. For this, go to Microsoft Teams Admin Center settings, then “call up services and add-ins” and select “SharePoint”. Here, select “Everyone” for “Users can share with” – allowing even anonymous users to have access to SharePoint. This can, again be finetuned in the settings for each individual SharePoint site.
Can I automate guest account reviews and cleanup?
Absolutely! External User Manager can detect inactive users and remove them automatically.
Why Solutions2Share?
Solutions2Share develops governance apps for Microsoft 365 used by over 1 million users worldwide.
Our solutions External User Manager and Teams Manager help organizations set up governance, ensure compliance, and reduce manual admin work.
As a trusted Microsoft Partner, we provide deep expertise and real-world governance experience for enterprises and mid-market IT teams.
Automate external file sharing governance today
For IT admins, enabling external collaboration securely is a balancing act between productivity and usability on the one hand and control and security on the other.
With External User Manager, you gain full visibility into guest access, automate cleanup processes, and ensure compliance across Microsoft Teams, SharePoint, and Microsoft 365.
Book a free demo to see how automated external file governance can help your organization stay secure, without adding admin overhead.
Chief Commercial Officer and Governance Specialist at Solutions2Share
Florian Pflanz has more than 8 years of experience with Microsoft 365 and has supported over 250 workshops on Teams governance.
His focus lies on lifecycle management, provisioning, and compliance requirements in regulated industries.
He shares best practices with IT admins and decision-makers to reduce complexity and strengthen secure collaboration in Teams.
