}

External Sharing is EASY with SharePoint Online

2019-07-31

[:en]SharePoint Online makes sharing your content externally easy. But the tricky part is, ensuring you have the proper level of security and set up for external users.

There are multiple authentication options for sharing your site externally.

You can choose the best option for your organization at tenant/admin level. Then, you can change site collections individually to allow for different levels of sharing per site collection. Note, at site collection level, you can only change the site collection sharing option to be less permissive and not more permissive then the tenant level settings. Therefore, you want to set the tenant level options to be the most permissive level you are willing to allow in any part of your environment. Then you can apply a stricter external sharing policy per site collection.

As a rule of thumb, internal content should be stored in one site collection. While external content should be stored in a separate site collection. There by, reducing the internal content's risk of exposure to external users. Internal site collections can have external sharing turned off while external sites will have external sharing turned on. This will effectively block external users from accidentally accessing content they shouldn't.

How do you check or change your organization's external sharing settings?


Navigate to the SharePoint admin center and then select Sharing from the left navigation.

SharePoint admin center screenshot

Options for External sharing in SharePoint Online


Below are the options for external sharing, listed from least to most permissive.


  • Only people in your organization:




      • This option blocks external sharing for your entire organization. Using this option will block any and all external sharing! Rather use a more open policy at tenant level and then you can adjust each site collection's settings to be more restrictive.






  • Existing Guests:




      • In Active Directory (AD), you can add external users as guest users. This gives IT more control and easy visibility on the external users being allowed access in the organization.

      • To set up an external user in AD, select Add Guest User.
        external user in AD screenshot

    • A guest user account can be set up using any email address.

        • For O365 accounts, the users will log in with their company's username and password.

        • For other email accounts (such as gmail), users will need to set up a password.



In addition, the guest user account needs to be added to an appropriate SharePoint permission group in order to access content.

New and existing guests



    • Site members/owners can grant access to users that are not in organization's Active Directory. The site's members/owners are free to decide who they will grant access to.

    • Authentication is required. External users need to log in with their email and authenticate with their own credentials.



    • For O365 accounts, users will log in with their company's username and password.

    • For other email accounts, users will need to set up a password.




Anyone



    • External users can access the content without authentication. Login is not required. Internal users can simply share a link to any content. Meaning, external users can potentially share and forward the link with anyone outside of the organization. Therefore, you will not know who is accessing the shared data.

    • You can specify additional settings for the anonymous access links by setting an expiration date and the level of access the link can provide.
      setting an expiration date screenshot





Note: If an external user accesses a word/excel file and does not have word/excel application, they can view and edit the file via the web browser.

Additional Settings



    1. You can limit external sharing to specific domains. This limits the pool of potential external users to specific 3rd party companies.

    1. Keep external sharing more controlled by requiring the user to access content with the account that it was shared with.

    1. Guests, with the right level of access (Edit, Full Control), can share content just like any other internal user. You can limit their sharing rights, by deselecting the tick box that allows them to share content they don't own.
      tick box screenshot



[sidebar_cta header="Maximize Your Office365 Investment with These Helpful Tips" color="blue" icon="" btn_href="https://www.learningtree.com/resources-library/webinars/office-365-key-tools-for-personal-productivity-and-collaboration/" btn_href_en="https://www.learningtree.com/resources-library/webinars/office-365-key-tools-for-personal-productivity-and-collaboration/" btn_href_ca="https://www.learningtree.ca/resources-library/webinars/office-365-key-tools-for-personal-productivity-and-collaboration/" btn_href_uk="https://www.learningtree.co.uk/resources-library/webinars/office-365-key-tools-for-personal-productivity-and-collaboration/" btn_href_se="https://blog.learningtree.com/external-sharing-easy-sharepoint-online/" btn_text="Watch On-Demand Webinar"]

Changing Site Collection Level External Sharing Settings


Once external sharing is set at the tenant level, you can change the settings for the site collections in your organization. Ideally, external users will only be allowed access on a separate site collection.

How can we change a site collection's external sharing options?



    1. Navigate to the SharePoint Admin center and select active sites from the left navigation.
      SharePoint Admin center screenshot

    1. Select the site collection you want to change the settings for, then select Sharing from the ribbon.
      Sharing from the ribbon screenshot

    1. A settings pane will display on the left side of the screen, adjust the settings as needed.
      settings pane screenshot



Guest User Experience


Before granting access to Guest users with required authentication, you will want to know what that looks like on their side before rolling it out.

If your organization is requiring external users to be listing in Active Directory, an AD Admin user will need to set up the guest user account. Then, once the user is added in AD, they will get an email that looks like this:

AD Admin user screenshot

When they select the Get Started button one of the following will happen:



    • For users who already have an O365 account, they will be prompted to sign in using their existing O365 account.

    • For users who do not have an O365 account, they will be asked to set up a password and verify their email.
      set up a password screenshot



The user will not have access to any content until they are added to the appropriate SharePoint permission group.
SharePoint permission group screenshot

External User will receive the standard SharePoint "share" email when they are given access to a site or file in SharePoint.

given access to a site screenshot

If your organization does not require external user to be in Active Directory but authentication is required (option #3 in the external sharing options listed above), the users will need to sign in or created a password from the share email below. They will follow the same set up screens as the registered guest user above.

Happy External Sharing!

Do you want to learn more about SharePoint? Join a SharePoint Learning Tree course![:]

Malka Pesach

Written by Malka Pesach

In honor of Women’s History Month we are going to showcase some of our incredible female instructors through a series of blogs! Tell us a little bit about yourself: I am a hardworking mom of 2 beautiful girls who likes a good challenge and a glass of wine every now and then. Professionally, I started in the medical field as a phlebotomist for a cardiologist with hopes of pursuing a career in the medical field. But man plans and god laughs. After leaving my job at the cardiologist office, I ended taking a job at Shell to help with their SharePoint environment as a temporary job. I stayed at Shell for 6 years developing, deploying and customizing their SharePoint Environment. More recently, two years ago, I opened my own business, servicing a wide array of clients in their Office 365 and SharePoint deployments. In addition, I got introduced to Learning Tree and started teaching classes. With my new business and Learning Tree, I get to meet new people and get introduced to different work models and environments. The variety and constant change make everyday a new challenge and keeps things interesting. What do you love most about being an instructor? I love working with Learning Tree, the staff and other instructors. After I left Shell, a Learning Tree instructor reached out to me on LinkedIn to help with a large project he was working on. Working on the project, I was introduced to other Learning Tree instructors and got recruited to the Learning Tree family. And yes, Learning Tree is very much a warm, inviting family. In addition, Learning Tree’s working environment is very flexible. The work schedule, location, accommodations are all different per gig. Instructors are sent worldwide to teach. We are put in foreign situations. I believe that’s what makes learning Tree such a great environment, it’s part of the training and cultures to be more accepting and tolerant to other cultures and practices. What attributes do you take with you every day to work, and find the most important in succeeding? I would say confidence and being true to who you are. Everyone has their own unique experiences and perspectives. Bring that to the table makes you unique, special and an invaluable asset. You just need to be willing to put yourself out there. What is your biggest motivator? My kids. I want my girls to be confident and love themselves. They should know that they can accomplish anything they set their mind to and always be grateful for the small things in life. We all know actions speak louder than words. The only way to really teach my kids is by modelling that behavior. So, I push myself hard and hope the message seeps through. Who has been the biggest influence of your success? My mother. My mother is a hardworking, determined and persistent. She taught me what it means to go after what you want and never give up. In addition, behind every woman is a man cheering her on. My husband is my cheerleader, encouraging me to push past my fears and go ahead and succeed. Who are/have been your female icons and role models? Recently, my family celebrated Purim. The holiday celebrates a woman, Queen Esther, who is the heroine that saves the day. The tale opens with Queen Esther as a beautiful and obedient, but also a relatively passive figure. During the story, she evolves into someone who takes a decisive role in her own future and that of her people. Standing up for yourself and your beliefs is something that really resonated with me What does Women’s History Month mean to you? Is it important that we celebrate have one? We need to celebrate women! Women are the backbone of society and many times unseen and underappreciated for all their hard work. Who else is going to remind to wash your hands while the Coronavirus rages? What advice would you give to any young woman today? Be confident and communicate your needs clearly. Don’t avoid problems, face them head on even if it is uncomfortable. In the long run it will save you a lot of heart ache. Also, know your worth and don’t be shy to ask for it. And lastly, aim the stars, its closer than you think Thank you so much Malka for your insight, and all you do for Learning Tree and your attendees!