By default, when you share a file/folder to other user with "Can Edit" permission. They can grant the file/folder access to 3rd person. If you want to prevent further sharing from other user, you need to setup the the "Access request and invitation" for your account.

The access request feature allows people to request access to content that they do not currently have permission to see. As a owner, you can configure the feature to send you email when someone requests access to the share file/folder. You can then choose whether to approve or decline their request. If you approve the request, you can also specify the specific level of permission you’d like to assign to a user.

Set up access requests

  • Login Office 365 portal.
  • Browse to your OneDrive for Business. (At the top bar, select the Office 365 app launcher icon, and then select OneDrive.)
  • Go to "Settings The image office 365 settings gear button" -> "Site Settings".
  • Under Users and Permissions, click "Site Permissions".
  • On the Permissions tab, click Access Request Settings.
    The image illustrate the Allow request button
  • In the Access Request Settings dialog box, select the "Allow access requests", and then type the email address of the person you want to make responsible for approving access requests (Normally the owner of this account).
    The image illustrate the Allow request option and email box
  • Click "OK".


Approve or decline access requests for a site:
You will receive a email showing that someone is requesting to share the file/folder to other user. You can click on the provided hyperlink to accept/decline the request.
The image illustrate the request email

or you can access the Office 365 portal to view the request:

  • Go to "Settings The image office 365 settings gear button" -> "Site Settings".
  • Under "Users and Permissions", click "Access requests and invitations".
  • Under Pending Requests, find the request you want to update, click the ellipses . . . to open the menu.

  • The image illustrate the request permission selection
  • Under Permissions, select the permission level you would like to assign the user (if you plan to approve the request). You can also optionally type a message to the person requesting access.
  • Click "Approve" or "Decline".

  • The image illustrate the approve or decline option

For details, please visit Set up and manage access requests.