As a SharePoint Online user, you would have come across instances where you wanted to share content with external users.
Who are external users?
An external user is someone outside of your organization who can access your SharePoint Online sites and documents but does not have a license for your SharePoint Online or Microsoft Office 365 subscription. External users are not employees, contractors, or onsite agents for you or your affiliates.
What external features sharing are available in SharePoint Online?
Office 365 provides the following features for external sharing functionality to align with your organization’s governance policy at various levels.
- Tenant Level – SharePoint Online provides ability to turn external sharing off at tenant level. This means, no document, site or site collection can be shared externally. Yes, this also includes OneDrive for Business
- Individual Site Collection Level – This provides ability to turn external sharing on or off for specific site collections.
- Authenticated Users Only – This provides ability to turn on external sharing only to authenticated users via Microsoft Account or Work (or School) Account.
- Guest (Anonymous) Users – This is the lowest level of external sharing where all user needs is a guest link to authenticate them to access the content you have shared with them.
Using any of the above method, an external user can (based on access levels provided)
- View and edit documents.
- Perform tasks on sites, list and library. E.g. CRUD operation.
- View and change any additional content on that tenant that has been shared with them.
However, there are actions that an external user cannot perform.
- Create Mysites & manage their profile.
- Perform site collection administrator functions.
- Use Search Centre or site wide search functionality.
- Access features like PowerBI, Data Connection Libraries and eDiscovery
- Visio Services
How to use external Sharing ?
External sharing is turned on by default. If your organizations governance policy doesn’t permit external sharing at all, you can turn it off from here. Else, select one of the option below.
- If external sharing is turned off for the entire SharePoint Online environment, you will not be able to turn it on for specific site collections.
- If external sharing is turned off globally in the SharePoint Online Admin center, any shared links will stop working. If the feature is later reactivated, these links will resume working. It is also possible to disable individual links that have been shared if you want to permanently revoke access to a specific document.
- If you change the external sharing settings for the My Site site collection, these changes will also apply to any existing or newly created personal sites (formerly called My Sites).
- Sharing settings on the –my site site collection (e.g., https://contoso-my.sharepoint.com) will apply to the OneDrive for Business sites for all users of the organization. You cannot selectively manage sharing for a particular user’s OneDrive for Business site.
|If you want to
||Select this option
||For this result
|Prevent all users on all sites from sharing sites or content with external users.
||Don’t allow sharing outside your organization
||· Users will not be able to share sites or content with users who do not have licenses to your Office 365 subscription.
· External sharing cannot be turned on for any individual site collections.
|Require external users who have received invitations to view sites or content to sign-in with a Microsoft account before they can access the content.
||Allow external users who accept sharing invitations and sign in as authenticated users
||· Site owners or others with full control permission can share sites with external users.
· All external users will be required to sign in before they can view content.
· Invitations to view content can be redeemed only once. After an invitation has been accepted, it cannot be shared or used by others to gain access.
|Allow site users to share sites with people who sign in as authenticated users, but you also want to allow site users to be able to share documents through the use of anonymous guest links, which do not require invited recipients to sign in.
||· Site owners or others with full control permissions can share sites with external users.
· All external users will be required to sign in before they can view content on a site that has been shared.
· Site owners or others with full control permissions can share documents and opt to require sign-in, or send an anonymous guest link for documents.
· When site users share a document, they can grant external users either view or edit permissions to the document.
· External users who receive anonymous guest links can view or edit that content without signing in.
· Anonymous guest links could potentially be forwarded or shared with other people, who might also be able to view or edit the content without signing in.
External user sharing can be very useful but at the same time can take a toll on your governance process because.
- There is no global way to see list of all the sites which an external user has access.
- There is no global way to see list of all documents that have been shared externally.
While you can’t do this in SharePoint Online, you can use the Compliance Search feature in the Compliance Centre to do both of these things, by using the ViewableByExternalUsers property in a search query.
To summarize, external sharing is very effective way to collaborate with users outside your organization. Classicisation of content by providing policies and guidelines should help you leverage this feature to the best of its abilities. If you are interested in establishing governance for your Office 365 implementation, feel free to get in touch with me through my contact me page.
You had a problem. You brought SharePoint. Now you have two problems!!!
Some wise person told, we create our own demons. Sometimes, without us knowing about it. And this is what is happening with many enterprises who bring SharePoint to “fix” their problems.
SharePoint and Office 365 are excellent productivity tools widely used for enterprise collaboration, content management and search. And with the 2007 setup, there were two flavors of SharePoint viz. Windows SharePoint Services (WSS) which was technically free SharePoint that came along with Windows Server and Microsoft Office SharePoint Server (MOSS) 2007 that was a licensed product. Then came SharePoint 2010 with Foundation which was free and licensed version SharePoint Server 2010.
But then Microsoft started SAAS based product like called BPOS that featured skimmed down version called SharePoint Online. And as these products matured, we ended up with SharePoint 2013 and Office 365, the SAAS based offering of SharePoint, Exchange & Skype for Business. The choices increased and so did complexity. Enterprises started evaluating SharePoint Online and OneDrive for Business in parallel with their SharePoint On Premise installation. They liked what they saw.
- Minimum administrative overhead, maximum productivity, no upgrade or patching headaches. And the onus for downtime goes to Microsoft.
- End users would demand just one more site collection on SharePoint Online. Power users would demand just one more APP. Infrastructure Managers started moving their network drives on OneDrive for Business. Sweet!!!
- And then comes chaos. Chaos on what content goes where? When to use OneDrive for Business? When to use SharePoint Site? And most importantly, when not to use SharePoint? To add to the confusion, questions like what content goes on premise? what content goes online? How do we search? Where do we search? What gets priority?
Hence, Governance for SharePoint Hybrid. So let’s start with the basics, how does SharePoint Governance help?
Governance is important and essential part of every SharePoint deployment. A solid and real governance plan helps answer the most critical question any organization has
How do we effectively manage our SharePoint environment?
This question has haunted IT Leadership for long. And Governance is the answer because it helps define Policies, Processes, People and Tools that control your IT teams, Business teams and executive sponsors to work in harmony.
How can Governance help in hybrid scenario?
- Avoid content chaos.
- Consistent user experience.
- Enforce standardization and best practices.
- Eliminate redundancy and ambiguity in content life cycle process.
- Establish a consistent mechanism to identify whether SharePoint Online, SharePoint On Premise or OneDrive for Business is the right tool for given classification of content.
- Governs storage and compute power.
- Improve find ability.
What is a Governance Plan?
Governance Plan is more than a document. Its a complete guide that keeps IT & Business goals as central focus and defines policies, processes, people and tools to effectively manage the SharePoint environment. IT points to resources, templates and guides to execute tactical and operational activities related to SharePoint.
Policies – The governance plan needs clearly articulated policies. These policies have to be in line with business, legal and compliance needs of an organization.
Processes – The governance plan would require processes to enforce policies, escalate in case of non-compliance and process to request for overriding of policies along with service level agreements to complete the processes.
People – The governance plan would require clear definition of people (roles) involved, their responsibility, escalation matrix, operational level agreements and authorization matrix.
Tools – No all policies can be enforced manually or via a document. It is imperative to define tools to execute various processes. E.g. Backup tools, compliance tools, etc.
The following picture depicts governance plan broken into three segments, each having its own area of importance.
IT Governance: This segment defines policies and processes around IT Infrastructure like storage, backup, restore, high availability, disaster recovery and content security. It also deals with identity, authentication and access management plan.
Information Governance: This segment defines policies and processes around content and how it is organized and presented to end users and content owners. It also deals with taxonomy and hierarchy of content along with its findability.
Application Governance: SharePoint is as much of a platform as it is content management system and customization using API and services is possible. It is imperative to have Application Governance defined to ensure user experience, system performance and customization standards are consistent and adhered to. It also deals with application life cycle management and dev ops procedures to minimize disruptions.
Governance and Site Types
Different type of sites require different policies. And in case of hybrid, the importance varies depending upon whether the content is on premise or cloud. Published sites have tighter governance over information and application management than team sites, personal sites and OneDrive for Business. Generally, the larger the number of people who get information from a particular type of site, the more tightly it is governed, and vice versa. This is shown in the following graph. For example, if your intranet home page is available for everyone in your organization, it’s generally much more tightly governed than the site for the accounting department, which is more tightly governed than most group or team sites, and so on. Personal sites are generally the least governed types of sites.
Governance Operating Framework
GOF or Governance operating Framework is the various area of SharePoint Operations where Policies & Processes are defined. The following diagram depicts the Governance Operating Framework for which the Governance Team would establish policies and processes. In my subsequent blog post, I would create a sample governance plan taking the below into consideration. In case of hybrid environment, it is imperative to have these broken down for clear demarcation between SLAs and processes for On Premise and Online environments.
Best Practice for Governance Plan
- Goals: An effective governance plan anticipates the needs and goals of your organizations business functions and IT teams. IF you have a goal defined, you will have a metric to measure it.
- Uniqueness: While the intent is to standardize processes, the governance plan has to be unique to your organization. Templated one size fits all plans are useless and misdirect governance team energies towards tweaking processes other way round.
- Classification: Classify your business information. Build Taxonomy or Buy Taxonomy that’s tailored to support your business needs.
- Educate: Establish training and education plans. It is imperative that every SharePoint user is educated to organization’s policies and processes.
- Phased out approach: Governance plan is an ongoing initiative. And you many not achieve perfection on day one. Plan phases. Start with small governance team. Build the foundational policies and processes. Aim high but execute in phases.
To summarize, hybrid SharePoint environment needs to be governed and control to avoid the content and information being scattered. A back up plan for on premise might not apply on Office 365 and license management plan for Office 365 might not apply on on premise environment. In my subsequent blog post, I will publish a template and elaborate on how to approach establishing a governance plan. Till then keep watching this space.