SharePoint guest (B2B) sharing without oversharing
B2B guests and SharePoint: reduce oversharing via link policies, safer defaults, and short owner training.
Oversharing risk
B2B guests in Entra ID can reach SharePoint sites and Teams per invitations. The most common operational mistake is sharing with an Anyone link—or an overly broad “people in your organization” scope—when the intent was a single vendor relationship.
Hard tenant settings
- In SharePoint admin, restrict or disable anonymous links on production; keep narrow exceptions with extra oversight.
- Set default link types to “people in your organization” or “specific people” based on collaboration culture.
- Enforce guest sign-in with MFA aligned to Entra guest security policies.
Labels and training
Sensitivity labels (Microsoft Purview) help separate “internal public” libraries from customer-confidential areas. A short owner training—how to create the right link and how to revoke access—reduces incidents more than policy alone.
Operational playbook
Define audit response: who removes guest membership, who archives content, and how long B2B accounts linger after a project ends. Repeatable process reduces “zombie guests” with active access long after contracts expire.