Browse all topics
All guidesGlossary

Microsoft Loop external sharing and governance

How Loop components and workspaces work with external users — and the governance considerations.

Microsoft Loop components and workspaces have a more complex external-sharing story than typical SharePoint files because components are portable — they can be embedded in chats, emails, and documents that travel outside the tenant. Governance for Loop requires understanding both the workspace-level model and the component-level travel pattern.

Workspace-level sharing

A Loop workspace is backed by a hidden Microsoft 365 Group and SharePoint site. Sharing a workspace is structurally similar to sharing other Microsoft 365 content:

  • Add internal members — full access to all workspace pages.
  • Add external guests (where tenant policy permits) — same access as members.
  • Roles — Member (edit), Read-only (where supported).

The workspace's sharing inherits the SharePoint and Entra ID external-sharing settings. If your tenant blocks external sharing, Loop workspaces can't be shared externally. If it allows guests, Loop workspaces can have them.

Component-level travel

This is where Loop differs from typical content. A Loop component — a list, a table, a task list — embedded in a Teams chat or Outlook email can be shared with the chat's recipients, including external ones (if your tenant allows external chat).

The component is the same live content as the one in the workspace. Editing it anywhere updates everywhere.

This is powerful and tricky:

  • Powerful: a project status list lives in one place but appears in everyone's relevant chat and inbox, always current.
  • Tricky: the same component can end up visible in many places to many people, with permissions defined per-host rather than per-component.

Governance challenges

  • Permissions spread by embedding — a component starts in your private workspace; you embed it in a chat with three colleagues; it's now visible to those three. No re-permissioning happened explicitly.
  • Surface inconsistency — the same component looks different in Teams chat vs Outlook email vs Word document.
  • External access propagates through chats — if you have a Teams shared channel with a partner, components in that channel are visible to the partner.
  • Audit complexity — tracking component access across multiple hosts requires looking at all those hosts.

Configuration controls

Tenant admins control Loop via the Microsoft 365 admin center and via Microsoft Graph:

  • Enable / disable Loop tenant-wide.
  • Enable / disable Loop workspaces specifically (separate from components).
  • Sensitivity label support — apply labels to Loop content for inheritance.
  • Retention policies apply via the underlying SharePoint storage.
  • External sharing of workspaces follows the SharePoint settings.

Loop components in Teams chat are governed by Teams' external-sharing policies; components in Outlook by Exchange's policies.

Practical guidance

For tenants enabling Loop:

  • Decide on workspace external-sharing posture explicitly. Default to internal-only unless you have specific external-collaboration needs.
  • Communicate the embedding model to users — components travel, and users need to understand the implications.
  • Apply sensitivity labels to Loop workspaces and pages for sensitive content.
  • Audit periodically — workspaces accumulate orphaned content over time.
  • Set retention so workspace content has a managed lifecycle.

Where Loop is heading

Microsoft continues to invest in Loop. The component model is increasingly the substrate for Copilot Pages (Copilot output → editable Loop page) and for collaborative work generally. As Loop matures, the governance surface around it will continue to evolve.

For tenants new to Loop, start with internal-only workspaces, get comfortable with the model, then consider external scenarios deliberately. Don't enable broad external Loop access on day one.