This new feature – which hits first release tenants in June 2017 – will give extra control over who and how information can be shared with external/third party users in SharePoint Online and OneDrive for Business.
This control allows to limit the share with external users based on an specific AD security group, providing the ability to configure more than 1 security group to that control.
In order to configure this feature, we have to take into account that provides 2 options:
- Users in selected security groups share with authenticated external users: Only users in the assigned security groups will be able to share with external users. If you are not included in these groups you cannot share with an external user who is not in your organization.
- Users in selected security groups share with authenticated external users and using anonymous links: Users will be able to share with external users and also create anonymous links.
An important thing to note about this new sharing control is that the site collection policy will always take precedence. So, If the anonymous sharing is disabled at site colletion level (wether it is SPO or OneDrive personal site), users in the security group that will not be able to do so in that site collection.