As a SharePoint Online user, you would have come across instances where you wanted to share content with external users.
Who are external users?
An external user is someone outside of your organization who can access your SharePoint Online sites and documents but does not have a license for your SharePoint Online or Microsoft Office 365 subscription. External users are not employees, contractors, or onsite agents for you or your affiliates.
What external features sharing are available in SharePoint Online?
Office 365 provides the following features for external sharing functionality to align with your organization’s governance policy at various levels.
- Tenant Level – SharePoint Online provides ability to turn external sharing off at tenant level. This means, no document, site or site collection can be shared externally. Yes, this also includes OneDrive for Business
- Individual Site Collection Level – This provides ability to turn external sharing on or off for specific site collections.
- Authenticated Users Only – This provides ability to turn on external sharing only to authenticated users via Microsoft Account or Work (or School) Account.
- Guest (Anonymous) Users – This is the lowest level of external sharing where all user needs is a guest link to authenticate them to access the content you have shared with them.
Using any of the above method, an external user can (based on access levels provided)
- View and edit documents.
- Perform tasks on sites, list and library. E.g. CRUD operation.
- View and change any additional content on that tenant that has been shared with them.
However, there are actions that an external user cannot perform.
- Create Mysites & manage their profile.
- Perform site collection administrator functions.
- Use Search Centre or site wide search functionality.
- Access features like PowerBI, Data Connection Libraries and eDiscovery
- Visio Services
How to use external Sharing ?
External sharing is turned on by default. If your organizations governance policy doesn’t permit external sharing at all, you can turn it off from here. Else, select one of the option below.
- If external sharing is turned off for the entire SharePoint Online environment, you will not be able to turn it on for specific site collections.
- If external sharing is turned off globally in the SharePoint Online Admin center, any shared links will stop working. If the feature is later reactivated, these links will resume working. It is also possible to disable individual links that have been shared if you want to permanently revoke access to a specific document.
- If you change the external sharing settings for the My Site site collection, these changes will also apply to any existing or newly created personal sites (formerly called My Sites).
- Sharing settings on the –my site site collection (e.g., https://contoso-my.sharepoint.com) will apply to the OneDrive for Business sites for all users of the organization. You cannot selectively manage sharing for a particular user’s OneDrive for Business site.
|If you want to||Select this option||For this result|
|Prevent all users on all sites from sharing sites or content with external users.||Don’t allow sharing outside your organization||· Users will not be able to share sites or content with users who do not have licenses to your Office 365 subscription.
· External sharing cannot be turned on for any individual site collections.
|Require external users who have received invitations to view sites or content to sign-in with a Microsoft account before they can access the content.||Allow external users who accept sharing invitations and sign in as authenticated users||· Site owners or others with full control permission can share sites with external users.
· All external users will be required to sign in before they can view content.
· Invitations to view content can be redeemed only once. After an invitation has been accepted, it cannot be shared or used by others to gain access.
|Allow site users to share sites with people who sign in as authenticated users, but you also want to allow site users to be able to share documents through the use of anonymous guest links, which do not require invited recipients to sign in.||· Site owners or others with full control permissions can share sites with external users.
· All external users will be required to sign in before they can view content on a site that has been shared.
· Site owners or others with full control permissions can share documents and opt to require sign-in, or send an anonymous guest link for documents.
· When site users share a document, they can grant external users either view or edit permissions to the document.
· External users who receive anonymous guest links can view or edit that content without signing in.
· Anonymous guest links could potentially be forwarded or shared with other people, who might also be able to view or edit the content without signing in.
External user sharing can be very useful but at the same time can take a toll on your governance process because.
- There is no global way to see list of all the sites which an external user has access.
- There is no global way to see list of all documents that have been shared externally.
While you can’t do this in SharePoint Online, you can use the Compliance Search feature in the Compliance Centre to do both of these things, by using the ViewableByExternalUsers property in a search query.
To summarize, external sharing is very effective way to collaborate with users outside your organization. Classicisation of content by providing policies and guidelines should help you leverage this feature to the best of its abilities. If you are interested in establishing governance for your Office 365 implementation, feel free to get in touch with me through my contact me page.