How can I safely enable file sharing in Microsoft Teams with external clients and partners?

What is the proper way to allow users to attach files in Teams chats with external contacts?

Enabling file attachments in Microsoft Teams for chats with external users is a critical step for maintaining data security and control. When this feature is off, employees often use unsecure, personal methods to share files, creating significant risks for your organization.

Allowing file sharing directly within Teams keeps all collaboration inside your managed Microsoft 365 environment, where security policies can be enforced and activity can be audited. This guide explains why this feature is important and provides clear instructions on how to enable it using PowerShell.

The Risks of Banning External File Sharing

If you do not provide a simple, official way for employees to share files with partners, clients, or vendors, they will find their own methods. This common practice, often called “shadow IT,” introduces serious security and compliance problems.

Loss of Data Control

When employees use personal email, consumer cloud storage like a personal Google Drive, or messaging apps like WhatsApp, the organization loses all visibility. You cannot track who has the file, where it is stored, or if it has been shared further. The file lives outside your security perimeter, and you have no way to revoke access.

Compliance Violations

Many industries are governed by strict data protection regulations such as GDPR or HIPAA. Using unmanaged services to transfer sensitive information can lead to severe compliance breaches, resulting in heavy fines and damage to your company’s reputation.

Increased Security Threats

Personal accounts and unvetted third-party services lack the enterprise-grade security of Microsoft 365. Files shared through these channels are more vulnerable to malware, ransomware, and phishing attacks, creating a backdoor into your corporate network.

Inefficiency and Confusion

Unofficial file sharing creates chaos. Multiple versions of a file can exist across different platforms, leading to confusion and errors. It becomes difficult to track the most current version, wasting time and reducing productivity.

No Audit Trail

In the event of a data leak or dispute, you need a clear record of who shared what, with whom, and when. Personal services do not provide the auditable logs that are standard in an enterprise platform like Microsoft 365.

The Benefits of Using the Native Teams Feature

Enabling file attachments for external chats in Teams solves these problems by centralizing file sharing within a secure, controlled ecosystem. It transforms a high-risk activity into a managed and efficient process.

The primary benefit is that everything stays within your Microsoft 365 tenant. Files are stored in the sender’s OneDrive for Business account, not on a personal device or a random cloud service. This means all your existing security and compliance tools can be applied. Data Loss Prevention (DLP) policies can scan files for sensitive information, retention policies can manage the file’s lifecycle, and eDiscovery tools can find the file if needed.

Permissions are handled automatically and securely. When a user sends a file, Teams generates a sharing link that grants access only to the people in that specific chat. You do not have to worry about employees creating public links or giving overly permissive access. It simplifies the user experience while enforcing strong security behind the scenes.

How to Enable External File Attachments in Teams

This feature cannot be turned on from the Teams admin center; you must use PowerShell. Before you begin, ensure you have administrative permissions and have installed the Microsoft Teams PowerShell module (version 7.1.0 or newer is recommended).

Connect to Microsoft Teams

First, you need to open PowerShell as an administrator and connect to your Teams account. This command will prompt you to sign in with your admin credentials.

Connect-MicrosoftTeams

Enable the File Sharing Policy

Next, you will run a command to change the global policy. The -Identity Global part means this setting will apply to all users in your organization. This command specifically enables the ability to attach files in one-on-one chats with external users.

Set-CsTeamsFilesPolicy -Identity Global -FileSharingInChatsWithExternalUsers Enabled

Verify the Current Status

After enabling the feature, it is good practice to confirm that the policy was applied correctly. Run the following command to see the current settings for your global files policy. You should see that FileSharingInChatsWithExternalUsers is now set to Enabled.

Get-CsTeamsFilesPolicy

How to Disable the Feature (If Needed)

If you ever need to reverse this change, you can use the same command from step 2 but change the value to Disabled. This will turn off the ability to attach files in external chats across your organization.

Set-CsTeamsFilesPolicy -Identity Global -FileSharingInChatsWithExternalUsers Disabled

The User Experience After Enabling the Feature

Once enabled, the change is simple and intuitive for your users.

When an employee is in a chat with an external contact, they will see the familiar paperclip icon in the message box. They can click this icon to attach a file from their computer or their OneDrive, just as they would in a normal internal chat. The process is seamless and keeps them within the Teams application.

For the external recipient, the experience is just as straightforward. The file appears directly in their chat window with a clear label indicating it is from an external source. The file itself is stored securely in the sender’s OneDrive, and a permission-controlled link is automatically shared. The external user can open and view the file without needing to manually request access, preventing delays and follow-up emails. This creates a clean, secure, and professional collaboration experience for everyone involved.