By continuing to navigate on this website, you accept the use of cookies. For more information, please read our  Privacy Policy.

Introduction of External sharing in Microsoft Office 365.

One of the interesting features in Microsoft SharePoint is External Sharing. This features lets users of an organization share content with people outside the organization (such as partners, vendors, clients, or customers). External sharing feature can also help in sharing between licensed users on multiple Microsoft 365 subscriptions if an organization has more than one subscription. Planning for external sharing should be included as part of overall permissions planning for SharePoint in Microsoft 365.

External Sharing Settings External Sharing settings can be applied both in Organization level and Site Level. If External Sharing needs to be enabled for any site, it has to be first enabled in Organization level after which it can be restricted in the other sites. If the site’s external sharing option is different from an organization-level sharing option, then the most restrictive value will take precedence.

Security and Privacy If there is any confidential information which should not be shared externally, then the external sharing for that site should be turned off and additional sites should be created for external sharing. This will help in managing the security risk by preventing external access to sensitive information.

Sharing Permissions Following are the sharing permissions that can be enabled on the site:

Anyone: User with whom files are being shared don’t need to Sign-in.

New and Existing guest:Guests will require to Sign-in to access the files.

Existing guests only:Guests are needed to be part of the Organizational Active Directory.

Only people in your organization:External sharing won't be allowed.

If the site is having external sharing as 'Anyone' then users are not required to Sign-in or to be added in the Organization Active Directory.

If the site is has external sharing as 'New and Existing guest' then files can be shared with new users or to the existing guest members in AD. If they are new users then after signing up, they will get added to the Organization Active Directory

If the site is having external sharing as 'Existing guest only' then the Azure AD admin will need to add the user first as a 'Guest', after which the external user will receive an invitation and once accepted, he will be part of the tenant.

If the site is has 'Only people in your organization' then external sharing can't be done from that site.

What happens when Users shareWhen users share sites, recipients will be prompted to sign in with.

  • Microsoft accounts
  • A work or school account in Azure AD from another organization

When users share files and folders, recipients will also be prompted to sign in if they have:

  • A Microsoft account

These recipients will typically be added to your directory as guests, and then permissions and groups work the same for these guests as they do for internal users.

Because these guests do not have a license in your organization, they are limited to basic collaboration tasks:

  • They can use Office.com for viewing and editing documents. If your plan includes Office Professional Plus, they can't install the desktop version of Office on their own computers unless you assign them a license.
  • They can perform tasks on a site based on the permission level that they've been given. For example, if you add a guest as a site member, they will have Edit permissions and they will be able to add, edit and delete lists; they will also be able to view, add, update and delete list items and files.
  • They will be able to see other types of content on sites, depending on the permissions they've been given. For example, they can navigate to different subsites within a shared site. They will also be able to do things like view site feeds.

If your authenticated guests need greater capability such as OneDrive storage or creating a Power Automate flow, you must assign them an appropriate license from Microsoft 365 admin center

Stopping sharing

You can stop sharing with guests by removing their permissions from the shared item, or by removing them as a guest in your directory.

You can stop sharing with people who have an "Anyone" link by going to the file or folder that you shared and deleting the link.

Steps to create external user in Azure AD

1. Login to Azure Portal and click on User (1)

Number-Image-1

2. Click on ‘Add guest user’ (2)

Number-Image-2

3. Select ‘Invite User’ (3), fill the details (4) and click ‘Invite’ (5)

Number-Image-3

4. Once invited, user will get added in the users list, as shown below:

Number-Image-4
  • Bhargava Yasasvi
  • March 04, 2022
Leave a Comment

Your email address will not be published. Required fields are marked*

Get in Touch