Restrict Sharing Permissions
Want to restrict who can share a SharePoint Site or share the files it contains? Then this Tip is for youThe publications and views expressed in this (blog) website are my own personal opinions and are by no means associated with my employer.
This can be only be done by an owner of the SharePoint Site
Access the SharePoint Site and do the following:
Locate the Cog icon in the top right of the screen
In the Side Panel that appears, locate and click the "Site Permissions" text link
Locate the "Change how members can share" under the "Site Settings" heading
You will then have 3 different options
Owners and Members can share the "Site" and "Files"
Only Owners can share the "Site" but Owners and Members can share "Files"
Only Owners can share the "Site" and "Files"
Depending on what you require, the 3rd option is the most restrictive which will only allow the "Owners" of a "Site" or, if it is linked up to a "Team" in Microsoft Teams, the Owners of that Team will be able to share any files stored, whereas the 1st option is more permissive and will allow both "Owners" and "Members" to be able to share the Site as well as any files stored with others who are not members or owners of the "Site".
Scenarios
You have a Team in Microsoft Teams, where you want to prevent owners of the Team to share the confidential Files with anyone who is not part of the Team.
By Default, Owners and Members are able to access the files and have the ability to share it's files for collaboration purposes with access to either View or Edit.
To prevent Members from being able to share the files stored, you would set this to the 3rd Option which is the most restrictive and would only allow the Owner of the Team to be able to share any files to non-members.
In addition to the above setting, you will also have the ability to turn on the option to "Send Requests to Share". This will send a request to either the "Owners" or to a specific "email address" you specify, this would be something like a shared mailbox or to a mailbox that is linked to a ticketing system which would go to a Queue of agents who would have the ability to approve requests like this.
Personally, I would recommend leaving this as the owners of the site, as this, I believe, will be dynamic.
So if the site has 1 Owner, the request will go to this single owner. If you then add a 2nd Owner to the site, the next request should send to 2 Owners rather than the original single owner.
Please note, this can differ depending on if the system has been able to pickup that an additional owner has been added.