The Sharing controls page has a myriad of settings, and it can be used to set both the permissiveness of SharePoint sharing controls (whether you can invite new guests to share content) as well as finer-grained controls (such as who can do the inviting).

Figure 12.31 – Sharing policy controls

The sharing controls available are the following:

• External sharing sliders: This area features separate sliders for SharePoint and OneDrive, specifying what sharing recipients are allowed. You can choose from (ranging from most permissive to most restrictive) Anyone, New and existing guests, Existing guests, and Only people in your organization. As previously noted, the SharePoint and OneDrive sliders can be moved independently, but the OneDrive slider cannot be more permissive than the SharePoint slider.
• Limit external sharing by domain: This setting allows you to control what domains sharing requests can be sent to, as either a list of allowed domains or a list of blocked domains.
• Allow only users in specific security groups to share externally: This setting allows you to create one or more security groups that contain individuals that can share externally. Users outside of those groups will be unable to initiate sharing requests to external users, even if the SharePoint slider is set to Anyone.
• Guests must sign in using the same account to which sharing invitations are sent: This setting prevents external recipients from forwarding sharing invitations to another address. When signing in, the guest will be prompted to enter the email address that was originally allowed and then receive a code via email to complete authentication.
• Allow guests to share items they don’t own: Guests can initiate sharing invitations for items they are not the owners of.
• Guest access to a site or OneDrive will expire automatically after this many days: This setting allows you to choose an expiry date for links to shared sites, preventing stale access grants.
• People who use a verification code must reauthenticate after this many days: This setting forces guests to reauthenticate periodically.

In addition to the sharing restrictions, there are controls that manage the life cycle and capabilities for file and folder links:

• Choose the type of link that’s selected by default when users share files and folders in SharePoint and OneDrive: This selection has three options, including Specific people, Only people in your organization, and Anyone with the link. This doesn’t prevent the user from changing the audience scope. This setting works in conjunction with the SharePoint or OneDrive permissiveness control – for example, if the SharePoint and OneDrive permissiveness sliders are set to New and existing guests, the Anyone with a link option is unavailable.
• Choose the permission that’s selected by default for sharing links: This option allows you to specify the default selection to share links. The default can be either View or Edit. The person sharing can choose either permission – this just controls the default setting.
• Choose expiration and permissions options for Anyone links: You can select These links must expire within this many days to specify how long Anyone (previously referred to as Anonymous) links can live. You can also specify the permissions that can be granted for Anyone links. For Files, you can choose View and Edit or View, and for Folders, you can select View, edit, and upload or View.

Finally, there are some miscellaneous settings that round out the sharing controls:

• Show owners the names of people who viewed their files in OneDrive: This option allows you to see the names of people who have accessed and viewed a file by looking at the file card (the popup displayed when hovering over a file in OneDrive)
• Let site owners choose to display the names of people who viewed files or pages in SharePoint: Related to the previous setting, this also allows SharePoint site owners to make this information available on SharePoint sites
• Use short links for sharing files and folders: Configure SharePoint to use an abbreviated short link instead of the full path to a file in a sharing email request

Next, we’ll look at the network and device access control settings.