External Sharing in Office 365On 4 minutes
As we espouse collaboration as the new way of getting things done, it is important to understand what sharing in Microsoft 365 is, and what exactly we are giving access to when we share with external people.
As we move towards cross-product collaboration in Microsoft 365, there are now more than one way to work with outside collaborators. External sharing and access can be enabled for:
- SharePoint Online
- OneDrive for Business
- Office 365 Groups
Before you can grant external users access to SharePoint online, OneDrive for business or Office 365 groups, you should have enabled guest sharing from within Azure Active Directory.
To do so, log into the Office 365 portal, then click on Azure Active Directory. From there, select External Identities > External collaboration settings.
There are two settings that you will need to verify within the collaboration settings. These are
- Admins and Users in the Guest Inviter Role can invite.
- Members can invite.
When it comes to external sharing, SharePoint Online lets you control settings at the:
- Organization level: For any external sharing to be allowed, it has to be enabled at the organization level. You can change the organization-level external sharing setting from the SharePoint admin center.
- Site level: Once enabled across the organization, external sharing can be restricted on a site-by-site basis. Global or SharePoint admins in Office 365 can change the external sharing setting for a site—but site owners can’t.
External sharing for OneDrive is configured at the Organization level only. Sharing can be managed from the SharePoint admin page or OneDrive admin page.
Office 365 groups is one of the prominent ways to collaborate now as Microsoft Teams becomes the hub of Microsoft 365. To collaborate with external users, you must add them to the group as guests.
Any group owner of an Office 365 Group can invite external users, and once the invitation is accepted, guest users are granted access to group’s conversations, files, calendar invitations, and the group notebook—although as an admin, you can also control that setting. However, this is only possible if guest access has been allowed at the organisation level.
By default, guest access for Microsoft 365 groups is turned on for your organization. Global Admins can control whether to allow guest access to groups for their whole organization or for individual groups.
If you want to enable or disable guest access in groups, you can do so in the Microsoft 365 admin center.
- In the admin center, go to the Settings > Settings and select Microsoft 365 groups.
- On the Microsoft 365 Groups page, choose whether you want to let people outside your organization access group resources or let group owners add people outside your organization to groups.
To manage settings for group access for specific groups, you have to use Azure Active Directory PowerShell for Graph.
Remember, guest users can also access an Office 365 Group’s team site in SharePoint.
If you collaborate with external users as guests, they will be required to sign in with their work or school account (if their organization uses Microsoft 365) or a Microsoft account, or provide a code to verify their identity when they receive the invitations.
Granting anonymous access however, will allow people in your organisation to share files and folders by using links that let anyone who has the link access the files or folders without authenticating.
For SharePoint and OneDrive, Anonymous and Guest access organization level settings can be configured from the SharePoint or OneDrive admin centers.
Selecting Anyone will allow users to grant anonymous access to files and folders. Remember that SharePoint site cannot be shared anonymously.
For Office 365 groups, external collaborators are always added as guests.
I hope this post was useful and you got a better understanding of external sharing in Microsoft 365.