Get All External Users in SharePoint Online

Native Solution

Microsoft 365 Permission Required

High

Global Admin or SharePoint Admin.

Option 1 Using Microsoft 365 Admin Center

Login to the SharePoint Online admin center.
Navigate to Sites» Active Sites.
Choose the site for which you want to get the list of external users.
Click on Membership in the pop-up window. If the site has guest users, they will be mentioned as GUEST near their usernames.

Option 2 Using Windows PowerShell

Connect to SharePoint Online PowerShell using the below cmdlet.

Windows PowerShell

 Connect-SPOService -Url https://<yourtenantname>-admin.sharepoint.com

Run the following cmdlets get the SPO external users using PowerShell.

Windows PowerShell

 Get-SPOExternalUser –SiteUrl <Desired Site's URL> -Pagesize 50

The above cmdlet displays all the external users in the SharePoint Online site.

Option 3 Using PowerShell Script

Since it is difficult to get a complete list of external users’ details with a single cmdlet, we came up with a PowerShell script to retrieve detailed SharePoint Online external users report.
Download and run the following script in the Administrator PowerShell.

SPOExternalUsersReport.ps1

AdminDroid Solution

More than 150 reports are under the free edition.

AdminDroid Permission Required

Delegated

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid

Login to the AdminDroid Office 365 reporter.
Navigate to the Invites Accepted report under Audit»SharePoint»Sharing Invitation.
Click on Target User/Group Type easy filter at the top and select Guest.

If Guest is not selected in the target user filter, then the report shows all the users, including internal users.

Lists all the SPO external users with whom the site or its contents have been shared and their user ID, invite accepted time, tenant, site URL, machine IP, etc.,

Additionally, the report has in-built graphs, making it simpler to analyze and determine the SharePoint Online external users.

Explore a full range of reporting options

Streamline your SharePoint Online external sharing!

Safeguard your SharePoint Online environment by efficiently managing external users using AdminDroid.

Witness the report in action using the

Live Demo

Important Tips

Create a Conditional Access policy with the condition “Require multifactor authentication” to allow external users securely in your SharePoint online.

Configure external sharing settings to restrict content sharing to specific domains, ensuring a more secure SharePoint environment.

Monitor external users activities to prevent any unnecessary security conflicts that happen inside your Microsoft 365 environment.

SharePoint OnlineGet a List of SPO External Users to Prevent Unauthorized Access in Microsoft 365

Showing 1 of 9

Is it safe to share SharePoint sites with external users? How to invite external users to a SharePoint Online site? How to select a permission level for external users in SPO sites? Can a SharePoint file be shared with users without a Microsoft account? How to enable external sharing in SharePoint Online? How to monitor the external users in SharePoint Online? How to manage SharePoint Online external users? Does SharePoint Online have a guest expiration policy? How to get a SharePoint Online external sharing report?

Is it safe to share SharePoint sites with external users?

When you share a SharePoint site with external users, they can access the entire site to individual files or folders based on the permission level provided. However, there are some potential risks involved in adding external users to SharePoint Online.

Phishing Attacks: External users are highly susceptible to phishing attacks, which could potentially lead to the exposure of sensitive information in your SharePoint Online. Therefore, it is crucial to provide education and awareness to your external users regarding these phishing attacks.
Data Intrusion: Guest users may inadvertently access sensitive information from the SharePoint site shared with them. Thus, it is important to check any critical documents present in the site before sharing them with external users.
Lack of Control: Adding external users to SharePoint sites reduces organizations' control over their devices and networks, making it difficult to track the operations performed by these external users.

How to invite external users to a SharePoint Online site?

To collaborate with external users in Microsoft SharePoint, you must add them to your desired site. Follow the steps below to add external users to a SharePoint site.

Navigate to the SharePoint Online site you want to share with external users.
Select Site permissions from the Settings icon.
Click on "Add members" and select Share site only.
Enter the email ID of the external user and choose the necessary permission level.
Select the "Send email" checkbox and click on Add.

When the site owner sends an invitation, the end user receives it along with the site URL. Then they can click the link and access the site.

Stay alerted on the SharePoint Online site sharing invitations created to prevent unauthorized access!

Using AdminDroid, you can effortlessly monitor the SharePoint external sharing invitations created to ensure that external users have access only to the resources they are authorized to use.

Here you can get entire details of the created sharing invitation such as shared item, invited external user, who invited, and other details related to the invitation.
To view the sharing invitation created for a specific resource, apply easy filters for the Shared Item property.

How to select a permission level for external users in SPO sites?

External users require SharePoint Online permissions to access the respective site, folder, file, or list. However, it is necessary to grant the right level of permissions to avoid any accidental or intentional sensitive data loss in your organization.

You can grant privileges such as Read, Edit, and Full control, based on the external user's requirements for that specific site or file.

Set the guest permission levels, while you invite or share the SharePoint site with external users. Follow the steps below to select the permission level for external users.

Navigate to Settings»Site Permissions.
Find the username of the external user for whom you want to set the permission level.
Click on Permissions next to the username.
A drop-down box will appear with a list of available permission levels. Select the desired permission level and save the changes.

Can a SharePoint file be shared with users without a Microsoft account?

Yes, even if the external users do not have a Microsoft account, they can access and seamlessly collaborate on shared files and folders using a verification code sent to their email ID. However, this method is applicable only when "Anyone" links are not set in your organization.

You can send an email to non-Microsoft users containing a link to access the shared files or folders.
Upon clicking the link, it prompts them to verify their account.
They can click the Send Code option to verify their account.
Once clicked, Microsoft will send an email containing a verification code.
They have to enter the verification code to access the shared resource.

However, when multi-factor authentication is configured with Conditional Access policies, non-Microsoft users cannot access the files shared with them. Furthermore, you cannot share a SharePoint site with users without a Microsoft account.

Note: If you share files using "Anyone" links, users without a Microsoft account can access them directly without requiring a verification code.

How to enable external sharing in SharePoint Online?

When you are unable to share a SharePoint site with external users, it is important to ensure that your SharePoint Online is configured to allow access for external users. If it is not enabled, you can enable external sharing in the ways below.

Login to the SharePoint Online admin center. Under Policies, select Sharing.
Choose the external sharing level as per your requirement.

Enable external sharing using SharePoint Online Navigate to Sites»Active sites. Click on the desired site. Under the Settings tab, choose the mode of sharing from the "External file sharing" drop-down box.
Enable external sharing using PowerShell Run the below PowerShell cmdlet to configure the sharing settings for an individual site.

Connect-SPOService -Url <https://yourtenantname-admin.sharepoint.com>

Set-SPOSite -Identity <https://yourtenantname.sharepoint.com/sites/yoursite> -SharingCapability ExternalUserAndGuestSharing

Using AdminDroid, you can periodically receive the SharePoint site sharing permissions report to your mailbox that depicts the external sharing capability for each site in your organization.

You can directly click on the "Schedule this report now" icon to receive the report in different time frames to your mailbox.
Pro Tip: Disable external sharing for sites with sensitive information and choose other permission levels for less confidential sites.

How to monitor the external users in SharePoint Online?

Monitor the external users in your organization's SharePoint sites to ensure secure collaboration across organizational boundaries. You can retrieve the list of external users in SharePoint Online using the following methods.

SharePoint Online Admin Center To get the external user list from the SharePoint admin center, navigate to Sites»Active sites.Click on the desired site. Under the Membership tab, you can get the external users in the site labelled as Guest.
Microsoft PowerShell Run the PowerShell script provided to get the detailed list of external users in SharePoint Online.

Verifying the presence of external users from the SharePoint admin center can be challenging, as it requires navigating to each site to identify them.

Using AdminDroid, you can use the built-in alert policy to get alerted on an unusual number of sharing invitations to external users.

Click the "Preview and Deploy" to create the alert policy.
This default alert policy triggers an alert when the number of SharePoint external sharing invites for the same 'site' in a day increases by at least 5% over the same day of the previous week.
Pro Tip: You can modify the alert policy based on specific properties using Scope by navigating to the Alerts tab of the AdminDroid portal.

How to manage SharePoint Online external users?

You can effectively manage external users in SharePoint Online by adding and removing them, enabling expiration policies, managing permissions, and monitoring their activity. It ensures proper access control of external users and prevents attacks that may occur due to external sharing within your Microsoft 365 environment.

Remove unnecessary external users in SharePoint Online

If you don’t require specific external users for a site, you can remove them from SharePoint Online or restrict the access given to them.
To remove external users from SharePoint Online, follow the steps below.

Navigate to Site settings»People and Groups from the settings icon of the desired SharePoint site.
Select the user you want to remove and click on the Actions drop-down box, and then click on Remove user from Group.

Run the following cmdlets to remove external users from SharePoint Online using PowerShell.

Connect-SPOService -Url <https://yourtenantname-admin.sharepoint.com>

$user = Get-SPOExternalUser -Filter <External user’s UPN>
Remove-SPOExternalUser -UniqueIDs @($user.UniqueId) -Confirm:$true

Note: Your organizational members may see the username of the removed external user in the membership dialogue box. Once removed, these external users cannot sign-in or access any of your organization’s resources.

Does SharePoint Online have a guest expiration policy?

Yes, you can set an expiration policy for external users which is used to limit the number of days the visitors can access it. Users' access to the site expires when it reaches the limit mentioned in the policy.

To manage guest expiration policy for a SharePoint site,

Login to the SharePoint Online admin center.
Navigate to Policies»Sharing.
Click on More external sharing settings and enable the checkbox "Guest access to a site or OneDrive will expire automatically after this many days", and then set the number of days you will need to give the guest access.

What is SharePoint Online external sharing time limit? The minimum period you can specify for guest access is 30 days while the maximum is 730 days.

How to get a SharePoint Online external sharing report?

To mitigate the risk of data loss and other security breaches, admins must monitor the activities of external users with whom the SPO content was shared. To audit SharePoint Online external sharing activities, follow the steps below.

Get external sharing report in SharePoint Online To get a report on external user sharing activities, navigate to Settings»Site Usage»Shared with an external user from the desired SharePoint site. By clicking on "Run report", you can generate the report and save it to your site's document library. However, you would need to perform this action for all the SharePoint sites individually.
Audit sharing links in SharePoint Online Checking external sharing activities by navigating to each site individually can be a time-consuming task. Instead, you can obtain an external sharing report for all SharePoint sites by following the steps below.

Login to the SharePoint Online admin center.
Navigate to Reports»Data access governance»Sharing Links.
The report is available for "Anyone" links, "People in your organization" links, and "Specific people" links shared externally. Click on the desired option to generate an external sharing report.

Using AdminDroid, you can check all the files shared to external users in your SharePoint Online environment.

To view the files shared to external users via SharePoint Online, apply easy filters for the Workload property.
You can also download or export the report in the format you need by clicking the download icon present at the top right corner.

AdminDroid SharePoint Online ReporterRemain at the top of seamless SPO external users' management!

Serving as the comprehensive hub for all Microsoft 365 admins, the AdminDroid SharePoint Online auditing tool lets you identify and manage external users without running any difficult PowerShell scripts.

Maximizing your insights with AdminDroid's unmatched features to get the external users in your SharePoint Online environment.

The Accepted Sharing Invitations for SharePoint report provides detailed information on SharePoint Online external users, including the invite accept time, shared item, invite accepted user, target user, etc. This report proves to be a valuable tool for admins to track external collaboration and managing external users in SharePoint Online.

An Overview

Entire Information on Sharing Invitations

Gain visibility about various details of sharing invitations such as those created, updated, blocked, revoked, and accepted in your Microsoft 365 environment.

External Users in SharePoint Groups

Audit the added external users to SharePoint groups and check whether they are legitimate members of those groups in your Microsoft 365 environment.

External Users in SharePoint Sites

View the external users in SharePoint sites and remove them when they don’t need access to your SharePoint sites or their contents.

SharePoint Online DLP Policies

Check the instances of SharePoint Online DLP rule matches to prevent unauthorized sharing of sensitive information.

Role-Based Access to SharePoint Online

Delegate granular access to any Microsoft 365 user for monitoring SharePoint Online activity reports exclusively.

Manage Access Requests in SPO

Audit the approved access requests in your SharePoint Online environment and revoke accidental access to sensitive infromation.

Overall, AdminDroid provides powerful features that empower you to efficiently manage and track the details of SharePoint Online external users. You can also track SharePoint sites' activities, security and permissions-related activities, ensuring comprehensive control over all external users in your SharePoint Online environment.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps for getting external users in SharePoint Online

The following are the possible errors and troubleshooting hints while dealing with the list of external users in SharePoint Online.

Error: Connect-SPOService: No valid OAuth 2.0 authentication session exists.

This error occurs when the URL provided does not resemble the tenant administration site.

Troubleshooting hint :Connect to the SharePoint Online PowerShell using the below cmdlet with correct URL.

Connect-SPOService -Url <https://yourtenantname-admin.sharepoint.com>

Error: Connect-SPOservice : The remote server returned an error: (403) Forbidden.

This happens when the user account does not have sufficient access privileges to the site, or the credentials you are using to connect to the site are incorrect.

Troubleshooting hint :You may have used the credentials of another tenant, resulting in this error notice. Therefore, double-check the URL and credentials and try again.

Error: Your organization’s policies don’t allow you to share with these users. Go to External Sharing in the Microsoft 365 admin center to enable it.

This error occurs because external sharing is disabled either at the tenant level or site collection level.

Troubleshooting hint :Enable external sharing either at the tenant level or site collection level.

// Run the below cmdlet to enable external sharing at the tenant level.
Set-SPOTenant -SharingCapability <Sharing Mode>
// Run the below cmdlet to enable external sharing for an individual site collection.
Set-SPOSite -Identity <Site URL> -SharingCapability <SharingMode>

Error: Welcome to SharePoint Online. This invitation cannot be accepted by the current signed in user. You'll need to accept the invitation using a different account.

This error occurs when you fail to accept an invitation as they are already signed into a personal Microsoft account in their browser, and then copies the invitation link to the browser.

Troubleshooting hint :Ensure that you’re fully logged out of any personal accounts in your browser before accepting the SPO invitation.

Error: You need permission to access this site.

This error occurs when the account that accessed the shared link is different from the account to which the sharing invitation was originally sent.

Troubleshooting hint :To resolve this issue, you need to verify using the same account or click the Request Access option to request access for a different account.

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Give Just the Right Access to the Right People

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Insightful Charts and Exclusive Dashboards

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Efficient Report Exporting for Microsoft 365

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Get SharePoint Online External Users Report in Microsoft 365