eSHARE Collaborate users whose outbound email is routed through the Secure Collaboration Gateway.
Requires: No user action. Your administrator enables and assigns the governing Sharing Policy.
Overview
When your organization enables this feature, any native Microsoft file or folder link you paste into an email or into a secure-conversation message is automatically converted to a eSHARE Trusted Share link before it reaches the recipient. The conversion is performed by the eSHARE Secure Collaboration Gateway (also referred to as the Secure Mail Gateway, or SCG) for email, and by eSHARE Collaborate server for secure conversations.
The purpose of the conversion is to ensure that every link you share with external recipients carries your organisation's governance — recipient authentication, permission limits, sensitivity labelling, DLP tagging, domain allow/block enforcement, and a full audit trail — rather than falling back to Microsoft's native sharing behaviour.
You do not change how you write email. You continue to paste SharePoint Online, OneDrive for Business, and Microsoft Teams links the way you always have. eSHARE handles the conversion transparently and sends you a confirmation of what was converted.
How It Works
1. You compose and send email as usual
Draft your email in Outlook (or your usual mail client) and insert a native Microsoft file or folder link — a SharePoint document link, a OneDrive file link, or a Teams file link. You do not need to pre-convert the link, wrap it, or take any eSHARE-specific action.
2. Outlook's native access warning does not block conversion
Outlook may display an access warning — for example, "Some recipients may not have access to this link." — when it detects that one or more recipients lack native M365 permission on the linked content. You may resolve that warning by adjusting the recipient list or the native M365 permissions, or you may ignore it and send the email as-is. Ignoring the warning is supported: eSHARE will secure the link at the gateway and the recipient will be able to access the content through the resulting Trusted Share.
3. The Secure Collaboration Gateway converts the link
When the message leaves your mailbox, it transits the eSHARE Secure Mail Gateway (SCG). SCG scans the message body for recognized native Microsoft file and folder links and rewrites each one in place as a Trusted Share link. The surrounding text, message formatting, recipient list, and any non-matching URLs are preserved unchanged.
Recognised link sources include:
SharePoint Online file and folder links
OneDrive for Business file and folder links
Microsoft Teams file links
4. You receive a conversion confirmation email
After SCG converts one or more links, eSHARE sends you a confirmation email summarising the conversion. The confirmation identifies the Trusted Share(s) that were created, the Sharing Policy applied, and the recipients who will have access. Retain this email as your audit record. It also links directly to the Trusted Share in the eSHARE Web Portal or eSHARE M365 App so you can manage recipients or permissions afterward.
5. Recipients access the content through a Trusted Share
Recipients receive the email you sent, but where you pasted a SharePoint, OneDrive, or Teams URL, they see a Trusted Share link. On clicking the link, eSHARE performs recipient verification (typically login or a one-time code) and then presents the content under the permissions defined by the applicable Sharing Policy. Recipients who could not have opened the original native Microsoft link — because they lack access to your Microsoft 365 tenant as a guest — can reach the content through the Trusted Share, subject to your organization’s eSHARE policies.
Your organization's sharing policies for external users continue to apply at every access, not only at the moment of conversion.
How the Sharing Policy for a Converted Link Is Selected
You do not select the Sharing Policy when you send the email. eSHARE determines the governing policy automatically based on the governance context surrounding the message and the linked content. Inputs that can influence the selection include:
The Microsoft Purview Information Protection sensitivity label applied to the email message.
The sensitivity label or DLP classification on the linked file or folder in SharePoint, OneDrive, or Teams.
Microsoft Purview policies that apply to the linked content or to your mailbox.
SharePoint site-specific sharing policies registered with eSHARE for the site that hosts the content.
Your organization's default Sharing Policy, where no more specific policy applies.
The confirmation email identifies the policy that was applied to each converted link. The Trusted Share record in the eSHARE Cloud Web Portal displays the same information.
eSHARE Attribute-Based Access Control (ABAC) for Converted Links
If your organization has configured Attribute-Based Access Controls (ABAC) with eSHARE, attribute evaluation runs at two distinct points:
At link-conversion time. When the Secure Mail Gateway converts a native Microsoft link, eSHARE ABAC attributes for you, the recipients, and the content are evaluated to determine whether the conversion is permitted, which Sharing Policy applies, and what permissions the recipients receive on the Trusted Share.
At access time. Each time a recipient clicks the converted Trusted Share link, eSHARE ABAC is re-evaluated before access is granted. If the recipient's attributes change after conversion (for example, they leave a partner organization or change role), access on the same link may be restricted or revoked on their next click, without requiring the sender to take any action.
Because eSHARE ABAC is evaluated both at conversion and at access, a link that was successfully converted may later be denied to a specific recipient if the policy or the recipient's attributes change. This is the intended behavior — access control is continuous rather than one-time.
Microsoft Links in Secure Conversations
The same conversion behavior applies inside the secure-conversation chat attached to a Trusted Share. If you paste a SharePoint Online, OneDrive for Business, or Microsoft Teams link into a secure-conversation message, eSHARE rewrites it to a Trusted Share link before the message is delivered to the other participants. Secure-conversation conversion does not depend on the Secure Mail Gateway; it is handled inside the Trusted Share itself.
Notes
The email-body conversion path requires that your outbound email is routed through the eSHARE Secure Collaboration Gateway. If SCG is not in the mail path, pasted links in outbound email are not converted.
Conversion applies to messages sent after the feature is enabled. Previously delivered emails and existing Trusted Shares are not modified retroactively.
Only recognized native Microsoft file and folder links that belong to your organization are converted. Other URLs in the same message are left as-is.