Collaborating with Guests in a SharePoint Site
Cloud and systems engineer with a strong foundation in networking, automation, and infrastructure design. I write about real-world challenges, best practices, and evolving trends in cloud computing, system administration, and network architecture.
π Why This Matters
SharePoint is often used for collaboration with external partners, vendors, or contractors.
Guest access is controlled at multiple levels:
Entra ID (Azure AD) β Controls if external users are allowed at all.
Microsoft 365 Groups β Controls whether groups can include guests.
SharePoint org-level β Sets the maximum sharing level allowed in the tenant.
Site-level β Controls sharing on each site.
π If guest collaboration doesnβt work β check all four levels.
π οΈ Step 1 β Configure Microsoft Entra ID External Collaboration
- This is the highest-level control. If blocked here β no guests can be invited.
β Steps:
Sign in to Entra admin center β https://entra.microsoft.com/
Go to External identities β External collaboration settings.
Choose:
Member users and admins can invite guests OR
Anyone in the org can invite guests.
Check Collaboration restrictions β make sure guest domains arenβt blocked.
Optional: Restrict guest access to directory info (so guests canβt see all users).
π οΈ Step 2 β Configure Microsoft 365 Groups Guest Settings
SharePoint modern team sites are tied to a Microsoft 365 Group.
If Groups donβt allow guests β SharePoint site wonβt either.
β Steps:
In Microsoft 365 admin center β go to Settings β Org settings β Microsoft 365 Groups.
Ensure both are checked:
βοΈ Group owners can add guests.
βοΈ Guests can access group content.
π οΈ Step 3 β Configure SharePoint Organization-Level Sharing
This sets the maximum level of external sharing across SharePoint & OneDrive.
Sites cannot be more permissive than the org setting.
β Options:
Anyone β allows unauthenticated links (anyone with link can access).
New and existing guests β requires authentication (preferred for security).
β Steps:
In SharePoint admin center β Policies β Sharing.
Choose sharing level: Anyone OR New and existing guests.
Save changes.
π οΈ Step 4 β Create the SharePoint Site
- Must create the site where collaboration will happen.
β Steps:
In SharePoint admin center β Sites β Active sites β Create.
Select Team site.
Enter site name + group owner.
Choose public or private.
Finish setup.
π οΈ Step 5 β Configure Site-Level Sharing
- Even if the org allows βAnyone,β the site can still restrict to βNew and existing guests.β
β Steps:
In SharePoint admin center β Active sites β Select your site.
Go to Settings β More sharing settings.
Choose: Anyone OR New and existing guests.
Save changes.
β οΈ Note: Entire site cannot be shared with βAnyone,β but individual files/folders can.
π οΈ Step 6 β Invite Guests
Now that settings are ready, you can add internal & external users.
Guest access is controlled through the Microsoft 365 Group linked to the site.
β Steps:
Open your SharePoint site.
Click Members β Add members.
Enter email addresses of users/guests β Save.
β οΈ Security Notes
Removing guest licenses or revoking access removes their ability to sign in.
Use sensitivity labels to enforce stricter external sharing policies.
Use conditional access policies (MFA, device compliance) for guest security.
β Quick Recap for Exams / Practice:
Entra ID β allow guest collaboration.
M365 Groups β allow guests in groups.
SharePoint org-level β set maximum sharing (Anyone vs Guests only).
Site-level β fine-tune sharing.
Invite users β via Microsoft 365 Group / site members.
