By default, when you share a file/folder to other user with "Can Edit" permission. They can grant the file/folder access to 3rd person. If you want to prevent further sharing from other user, you need to setup the the "Access request and invitation" for your account.
The access request feature allows people to request access to content that they do not currently have permission to see. As a owner, you can configure the feature to send you email when someone requests access to the share file/folder. You can then choose whether to approve or decline their request. If you approve the request, you can also specify the specific level of permission you’d like to assign to a user.
Set up access requests
- Login Office 365 portal.
- Browse to your OneDrive for Business. (At the top bar, select the Office 365 app launcher icon, and then select OneDrive.)
- Go to "Settings " -> "Site Settings".
- Under Users and Permissions, click "Site Permissions".
- On the Permissions tab, click Access Request Settings.
- In the Access Request Settings dialog box, select the "Allow access requests", and then type the email address of the person you want to make responsible for approving access requests (Normally the owner of this account).
- Click "OK".
Approve or decline access requests for a site:
You will receive a email showing that someone is requesting to share the file/folder to other user. You can click on the provided hyperlink to accept/decline the request.
or you can access the Office 365 portal to view the request:
- Go to "Settings " -> "Site Settings".
- Under "Users and Permissions", click "Access requests and invitations".
- Under Pending Requests, find the request you want to update, click the ellipses . . . to open the menu.
- Under Permissions, select the permission level you would like to assign the user (if you plan to approve the request). You can also optionally type a message to the person requesting access.
- Click "Approve" or "Decline".
For details, please visit Set up and manage access requests.