You have an employee who cannot share OneDrive files or folders with external recipients, while everyone else in the organization can. The share button shows a message like “External sharing is blocked” or the option to share with anyone outside the company is grayed out. This problem usually happens because of a user-level sharing policy that overrides the tenant-wide settings. This article explains how to identify the exact policy causing the block and how to fix it using the Microsoft 365 admin center.
Key Takeaways: Fix External Sharing Blocked for One User
- Microsoft 365 admin center > SharePoint > Policies > Sharing: Check the default sharing link type and external sharing level for the entire tenant.
- Microsoft 365 admin center > SharePoint > Active sites > OneDrive site URL: Verify the per-site sharing setting for the affected user’s OneDrive site.
- Microsoft 365 admin center > Users > Active users > Manage product licenses: Ensure the user has a license that includes SharePoint Online, which is required for external sharing.
Why External Sharing Is Blocked for One User Only
OneDrive for Business external sharing is controlled at three levels: tenant-wide, per-site, and per-user. When only one user cannot share externally, the tenant-level setting is usually correct. The problem is almost always at the per-site or per-user level.
Each OneDrive site has its own sharing setting that can be more restrictive than the tenant default. If an administrator changed the sharing setting on the user’s OneDrive site, external sharing is blocked even if the tenant allows it. Another cause is a missing or expired SharePoint Online license on the user’s account. Without a valid license, the user cannot use external sharing features.
The Microsoft 365 admin center provides separate controls for tenant-wide sharing and per-site sharing. The SharePoint admin center also shows the effective sharing status for each site. Understanding these two layers is essential before making any changes.
Steps to Restore External Sharing for a Single User
Follow these steps in the order shown. Check the tenant sharing setting first, then the per-site setting, then the user license.
- Check the tenant-level external sharing setting
Sign in to the Microsoft 365 admin center at admin.microsoft.com. Go to Show all > SharePoint. In the SharePoint admin center, select Policies > Sharing. Under External sharing, verify that the slider is not set to Only people in your organization. If it is set to Anyone or New and existing guests, the tenant allows external sharing. If the tenant is set to Only people in your organization, change it to a less restrictive option to allow external sharing for all users. - Find the affected user’s OneDrive site URL
In the same SharePoint admin center, go to Active sites. In the search box, type the user’s name or email address. The site URL usually follows the patternhttps://yourtenant-my.sharepoint.com/personal/user_domain_com. Click the site name to open the details panel. - Check the per-site sharing setting
In the site details panel, select the Settings tab. Scroll to External sharing. If the value is Only people in your organization, change it to match the tenant setting. Click Save. Wait a few minutes for the change to apply. - Verify the user’s SharePoint license
In the Microsoft 365 admin center, go to Users > Active users. Select the affected user. Go to the Licenses and apps tab. Make sure the SharePoint Online checkbox is selected. If it is not, select it and click Save changes. If the user does not have an available license, you must assign one from your license pool. - Test external sharing from the user’s OneDrive
Ask the user to sign in to OneDrive, select a file, and click Share. Choose Specific people or Anyone with the link depending on your tenant policy. Enter an external email address and click Send. If the share succeeds, the issue is resolved.
If OneDrive Still Blocks External Sharing After the Fix
“External sharing is blocked” message appears after changing site settings
The SharePoint admin center may show a delay of up to 24 hours before per-site sharing changes take effect. To force an immediate refresh, the user can sign out of all Microsoft 365 apps and sign back in. Alternatively, an administrator can run the following PowerShell command to update the site sharing setting instantly:
Set-SPOSite -Identity-SharingCapability ExternalUserAndGuestSharing
Replace <OneDrive-site-URL> with the actual site URL from step 2. This command requires the SharePoint Online Management Shell module.
User cannot share with “Anyone” links even though tenant allows it
The tenant setting may allow Anyone links, but the per-site setting might be set to New and existing guests. In the site details panel, change the external sharing level to Anyone if your organization supports anonymous sharing. Note that Anyone links do not require the recipient to sign in, which poses a security risk.
External sharing works for some users but not for one specific user
If the user’s OneDrive site shows the correct sharing level and the license is active, check if the user belongs to a conditional access policy in Azure Active Directory. Go to Azure AD admin center > Security > Conditional Access. Look for policies that target the user and block external collaboration. If such a policy exists, either exclude the user from the policy or modify the policy to allow external sharing for that user.
Tenant Sharing vs Per-Site Sharing: What Each Setting Controls
| Item | Tenant-Level Sharing | Per-Site Sharing |
|---|---|---|
| Control location | SharePoint admin center > Policies > Sharing | SharePoint admin center > Active sites > Site details > Settings |
| Scope | All OneDrive and SharePoint sites in the tenant | Only the specific OneDrive site for one user |
| Available options | Anyone, New and existing guests, Existing guests, Only people in your organization | Same four options, but cannot exceed the tenant setting |
| Default value | New and existing guests (for most tenants) | Same as tenant setting |
| Why it blocks one user | Not the cause if other users can share externally | Most common cause when only one user is blocked |
| Propagation time | Up to 24 hours | Up to 24 hours, but PowerShell can force immediate update |
The tenant-level setting defines the maximum allowed external sharing for the entire organization. The per-site setting can only be equal to or more restrictive than the tenant setting. If the tenant setting is New and existing guests, a per-site setting of Anyone is not allowed and will revert to the tenant default.
Conclusion
You can now identify and fix the cause of external sharing being blocked for one OneDrive user by checking the per-site sharing setting in the SharePoint admin center, verifying the user’s SharePoint Online license, and reviewing conditional access policies if needed. After applying the fix, ask the user to sign out and sign back in to clear any cached policies. As an advanced tip, use the Set-SPOSite -SharingCapability PowerShell command to apply the change immediately without waiting for propagation.