Issue: Anyone invited to the organization or part of the tenant and having edit access might be able to Share files and document externally if external sharing is enabled.
Resolution is to limit anonymous access link creation to a specific security group, so only specific groups of users have the capability of sharing the links anonymously. Anonymous links are the ones where the authentication is not required. The steps are listed below.
Step 1: Goto https://go.microsoft.com/fwlink/?linkid=2185222
Step 2: Select “Allow only users in specific security groups to share externally“
Step 3: Add the Security Group and Click Save
The drop down for Anyone and Authenticated guests only is controlled by the level of content sharing permissions, for example for Most permissive, both of the above options are show.
However if you restrict the permissions from Most Permissive to One Step down for “New and Existing Guests” then “Anyone” Permissions disappears as indicated below.
