I wanted to setup external sharing in my Office 365 tenant for SharePoint & OneDrive so that only members of a specific group were allowed to share with external users.
This seems relatively straight forward in that the SharePoint Admin center -> sharing area had a setting called: “Who can share outside your organization” -> “Let only users in selected security groups share with authenticated external users” which seemed like exactly what I needed:
I used an existing Office 365 group that I have already created which I found from the address book/people picker. Yet, I still received the following message whenever I tried sharing as a user in that existing group:
“Your organization’s policies don’t allow you to share with these users. Go to External Sharing in the Office 365 admin center to enable it. “
I checked all the normal sharing settings that should be enabled and they were all fine:
1. The Office 365 Admin center -> Settings -> Services & add-ins -> Sites section:
2. The SharePoint Admin center -> sharing section:
3. The OneDrive Admin center -> sharing section:
4. The sharing settings for each of my site collections in the SharePoint Admin center:
These settings all seemed to be fine but I was still getting the same error.
Turns out that you can’t select any group (i.e. an existing Office 365 group) from the directory search/people picker to enable this “Who can share outside your organization” -> “Let only users in selected security groups share with authenticated external users” setting, it needs to be a Mail-enabled security group. These groups can be created/configured and members added under the Groups section of the Office 365 Admin center. I have already left feedback for Microsoft to update their user interface to make sure this is clear to users.