All articles
SharePointMicrosoft TeamsMicrosoft 365Governance

Sharing Settings in Microsoft Teams and SharePoint Online

Regroove IT Consulting6 min read680 words

Sharing settings in Microsoft Teams and SharePoint Online are more interconnected than they appear. Changes made at one level affect behaviour elsewhere, and the defaults are not always appropriate for every organization. Understanding how the settings layer together helps you configure things correctly once rather than troubleshooting access problems repeatedly.

Tenancy-Wide Settings Control the Ceiling

The most permissive sharing that any site or team can allow is set at the tenancy level in the SharePoint admin center. This is the global ceiling. Individual sites and teams can be configured to be more restrictive, but they cannot be configured to allow sharing beyond what the tenancy-wide settings permit.

The options at the tenancy level range from "Anyone" (anonymous link sharing with no sign-in required) through "New and existing guests," "Existing guests only," and "Only people in your organization." Most organizations set this to "New and existing guests" or more restrictive, depending on their external collaboration needs and data sensitivity requirements.

How SharePoint Settings Affect Teams

Every Microsoft Teams channel stores its files in a connected SharePoint site. This means SharePoint sharing settings directly control what is possible inside Teams. If your tenancy-wide SharePoint settings block external sharing, guests cannot access files shared in Teams channels regardless of the Teams settings.

When you add a guest to a Team, a corresponding guest user is added to the underlying SharePoint site. If the SharePoint site's sharing settings are more restrictive than the Teams settings, the guest may be able to participate in Teams conversations but unable to access the Files tab. This mismatch is a common source of confusion.

Default Sharing Behaviour by Site Type

Different types of SharePoint sites have different default sharing behaviours:

  • Team sites (connected to Microsoft 365 Groups or Teams): Default to sharing with members of the group only. External sharing requires explicit configuration.
  • Communication sites: Typically used for broad internal audiences. Default permissions give broad read access within the organization but require careful configuration for external sharing.
  • Classic SharePoint sites: Inherit tenancy-wide defaults and do not have the same integration with Teams and Microsoft 365 Groups.

Link Sharing Settings

When a user shares a file or folder, the default link type that gets created is controlled by site-level settings. The options are "Anyone with the link," "People in your organization," "People with existing access," and "Specific people." Choosing a conservative default at the site level means users who share files without thinking about it will default to a safer link type rather than accidentally creating anonymous public links.

Setting the default to "People in your organization" is appropriate for most internal SharePoint sites. Switching to "Specific people" as the default for sites containing sensitive data adds a friction point that encourages deliberate sharing decisions.

Reviewing Your Current Configuration

The SharePoint admin center provides a view of sharing settings across all sites. Reviewing this periodically, especially after adding new teams or sites, helps catch configurations that drifted from your intended policy. Sites with overly permissive sharing settings are a common finding in Microsoft 365 security assessments.

Regroove IT Consulting

Microsoft Solutions Partner specializing in Managed IT Services and Modern Work, covering Microsoft 365, Teams, SharePoint, Power Platform, and Azure. Helping organizations everywhere get lasting value from their Microsoft investment since 1993.

About Regroove →

Need help with your Microsoft environment?

We work with organizations everywhere. Tell us where you are and what you're trying to solve.

Talk to Regroove