External sharing is activated by default on the Office 365 tenants. This is already a major governance fail in my opinion, but it does get worse. The security trimming is not working properly. Security trimming means that you only see what you have been given access to see. Site Members, Owners and Visitors will all get different menu options accordingly. However, this is not working when sharing externally, so heads up all extranet administrators!
To make matters worse, external sharing users also don’t go into the Visitors group by default, they are added outside of any groups. This means you need to manually check the permissions settings on every document and/or folder to see who has access to what.
You can configure all the settings from SharePoint Admin down to item level to be read only, and send the links out as read only – users will still see the full menu options. This is not correct and is a major bug.
Also, users can click on the delete or rename options, and that’s when they get an error. The error messages are also not consistent which will compound the issues training users on this.
So now think about it when you have hundreds of external users, with access to hundreds of documents – and you have to manually go through each one to figure out who has access where; let alone the not so great end user experience. It’s a big problem guys.
We did log a call with Microsoft to escalate this, they said they would but advised us to add it to Uservoice, which we also did. If you think this is a concern, please vote it up so Microsoft can fix it.
It’s not working correctly. But thanks for the link on preventing downloads.
All of that looks to be working correctly to me, the read only permission means you can’t update a file, it doesn’t mean you can’s download a file. To prevent download see https://support.office.com/en-gb/article/Prevent-users-from-downloading-content-from-a-site-e17bf52b-fa5d-41cf-9eb0-d3812542424e