}

External Sharing is EASY with SharePoint Online

2023-03-27

SharePoint Online makes sharing your content externally easy. But the tricky part is, ensuring you have the proper level of security and setup for external users.

There are multiple authentication options for sharing your site externally.

You can choose the best option for your organization at the tenant/admin level. Then, you can change site collections individually to allow for different levels of sharing per site collection. Note, at the site collection level, you can only change the site collection sharing option to be less permissive and not more permissive than the tenant-level settings. Therefore, you want to set the tenant-level options to be the most permissive level you are willing to allow in any part of your environment. Then you can apply a stricter external sharing policy per site collection.

As a rule of thumb, internal content should be stored in one site collection. At the same time, external content should be stored in a separate site collection. Thereby reducing the internal content's risk of exposure to external users. In addition, internal site collections can have external sharing turned off, while external sites will have external sharing turned on. This will effectively block external users from accidentally accessing content they shouldn't.

How do you check or change your organization's external sharing settings?

Navigate to the SharePoint admin center and select Sharing from the left navigation.
SharePoint admin center screenshot

Options for External sharing in SharePoint Online

Below are the options for external sharing, listed from least to most permissive.

Only people in your organization:

This option blocks external sharing for your entire organization. Using this option will block all external sharing! Instead, use a more open policy at the tenant level, and then you can adjust each site collection's settings to be more restrictive.

Existing Guests:

In Active Directory (AD), you can add external users as guest users. This gives IT more control and easy visibility of the external users being allowed access to the organization.

To set up an external user in AD, select Add Guest User.
external user in AD screenshot

A guest user account can be set up using any email address.

  • For O365 accounts, the users will log in with their company's username and password.
  • For other email accounts (such as Gmail), users will need to set up a password.

In addition, the guest user account must be added to an appropriate SharePoint permission group to access the content.

New and existing guests

Site members/owners can grant access to users not in the organization's Active Directory. The site's members/owners can decide to who they will grant access.

Authentication is required. External users must log in with their email and authenticate with their credentials.

For O365 accounts, users will log in with their company's username and password.

For other email accounts, users will need to set up a password.

Anyone

External users can access the content without authentication. A login is not required. Internal users can share a link to any content. External users can potentially share and forward the link to anyone outside the organization. Therefore, you will not know who is accessing the shared data.

You can specify additional settings for the anonymous access links by setting an expiration date and the level of access the link can provide.

setting an expiration date screenshot

Note: If an external user accesses a word/excel file and does not have a word/excel application, they can view and edit the file via the web browser.

Additional External Sharing Settings

  1. You can limit external sharing to specific domains. For example, this limits the pool of potential external users to specific 3rd party companies.
  2. Keep external sharing more controlled by requiring the user to access content with the account that it was shared with.
  3. Guests with the right level of access (Edit, Full Control) can share content just like any other internal user. However, you can limit their sharing rights by deselecting the tick box that allows them to share content they don't own.
    tick box screenshot

    Changing Site Collection Level External Sharing Settings

    Once external sharing is set at the tenant level, you can change your organization's site collections settings. Ideally, external users will only be allowed access to a separate site collection.

    How can we change a site collection's external sharing options?

    1. Navigate to the SharePoint Admin center and select active sites from the left navigation.
      SharePoint Admin center screenshot
    2. Select the site collection for which you want to change the settings, then select Sharing from the ribbon.
      Sharing from the ribbon screenshot
    3. A settings pane will display on the left side of the screen. Adjust the settings as needed.
      settings pane screenshot

      Guest User Experience

      Before granting access to Guest users with required authentication, you will want to know what that looks like on their side before rolling it out.

      If your organization requires external users to be listed in Active Directory, an AD Admin user must set up the guest user account. Then, once the user is added in AD, they will get an email that looks like this:
      AD Admin user screenshot
      When they select the Get Started button, one of the following will happen:

      • Users who already have an O365 account will be prompted to sign in using their existing O365 account.
      • Users who do not have an O365 account, they will be asked to set up a password and verify their email.
        set up a password screenshot

      The user will not access content until they are added to the appropriate SharePoint permission group.
      SharePoint permission group screenshot

      External Users will receive the standard SharePoint "share" email when they are given access to a site or file in SharePoint.
      given access to a site screenshot

      If your organization does not require the external user to be in Active Directory, but authentication is required (option #3 in the external sharing options listed above), the users must sign in or create a password from the shared email below. They will follow the same setup screens as the registered guest user above.

      Happy External Sharing!

       

      Do you want to learn more about SharePoint? Then, join a SharePoint Learning Tree course!

       

      This piece was originally posted on July 31, 2019, and has been refreshed with updated styling.

      Malka Pesach

      Written by Malka Pesach

      In honor of Women’s History Month we are going to showcase some of our incredible female instructors through a series of blogs! Tell us a little bit about yourself: I am a hardworking mom of 2 beautiful girls who likes a good challenge and a glass of wine every now and then. Professionally, I started in the medical field as a phlebotomist for a cardiologist with hopes of pursuing a career in the medical field. But man plans and god laughs. After leaving my job at the cardiologist office, I ended taking a job at Shell to help with their SharePoint environment as a temporary job. I stayed at Shell for 6 years developing, deploying and customizing their SharePoint Environment. More recently, two years ago, I opened my own business, servicing a wide array of clients in their Office 365 and SharePoint deployments. In addition, I got introduced to Learning Tree and started teaching classes. With my new business and Learning Tree, I get to meet new people and get introduced to different work models and environments. The variety and constant change make everyday a new challenge and keeps things interesting. What do you love most about being an instructor? I love working with Learning Tree, the staff and other instructors. After I left Shell, a Learning Tree instructor reached out to me on LinkedIn to help with a large project he was working on. Working on the project, I was introduced to other Learning Tree instructors and got recruited to the Learning Tree family. And yes, Learning Tree is very much a warm, inviting family. In addition, Learning Tree’s working environment is very flexible. The work schedule, location, accommodations are all different per gig. Instructors are sent worldwide to teach. We are put in foreign situations. I believe that’s what makes learning Tree such a great environment, it’s part of the training and cultures to be more accepting and tolerant to other cultures and practices. What attributes do you take with you every day to work, and find the most important in succeeding? I would say confidence and being true to who you are. Everyone has their own unique experiences and perspectives. Bring that to the table makes you unique, special and an invaluable asset. You just need to be willing to put yourself out there. What is your biggest motivator? My kids. I want my girls to be confident and love themselves. They should know that they can accomplish anything they set their mind to and always be grateful for the small things in life. We all know actions speak louder than words. The only way to really teach my kids is by modelling that behavior. So, I push myself hard and hope the message seeps through. Who has been the biggest influence of your success? My mother. My mother is a hardworking, determined and persistent. She taught me what it means to go after what you want and never give up. In addition, behind every woman is a man cheering her on. My husband is my cheerleader, encouraging me to push past my fears and go ahead and succeed. Who are/have been your female icons and role models? Recently, my family celebrated Purim. The holiday celebrates a woman, Queen Esther, who is the heroine that saves the day. The tale opens with Queen Esther as a beautiful and obedient, but also a relatively passive figure. During the story, she evolves into someone who takes a decisive role in her own future and that of her people. Standing up for yourself and your beliefs is something that really resonated with me What does Women’s History Month mean to you? Is it important that we celebrate have one? We need to celebrate women! Women are the backbone of society and many times unseen and underappreciated for all their hard work. Who else is going to remind to wash your hands while the Coronavirus rages? What advice would you give to any young woman today? Be confident and communicate your needs clearly. Don’t avoid problems, face them head on even if it is uncomfortable. In the long run it will save you a lot of heart ache. Also, know your worth and don’t be shy to ask for it. And lastly, aim the stars, its closer than you think Thank you so much Malka for your insight, and all you do for Learning Tree and your attendees!

      Chat With Us