External Sharing in SharePoint Online - Important Changes
Microsoft changed the way SharePoint Online works with external users. You can now share the content with the following options:
Sharing files and folders with anonymous users – When this option is enabled, users can create a link to a document giving anonymous users access to that particular file.
Sharing files or folders with named external users – When you share a file with an External User, it’s treated as an ad hoc external recipient that won’t require a Microsoft account to be created or used.
Sharing sites – When you share a site, a Microsoft or Organizational account is still required. A Guest Account will be provisioned in your Azure AD for this particular user. Notice the slight change in the naming convention here, as Microsoft is slowly transitioning from the term External User to Guest User.
Adding external users to an Office 365 group – If a SharePoint site is also an Office 365 group, you can add External Users to the group, granting them access to the SharePoint site and other group content. Please note: Currently you can do so only via the Outlook group admin interface.
SharePoint Online administrators can control which of these options are available for SharePoint Online and OneDrive.
SharePoint Online administrators can control which of these options are available for SharePoint Online and OneDrive.
SPO, OneDrive, MS Teams Site Collections, Power BI Workspaces, all these have SPO Site Collections and are listed under Active Sites in new SP admin center (except OneDrive sites). Delegation of related roles to SPO admins will make life easier for everyone.
First, go to M365 admin center >> Settings >> Services & add-ins >> Sites
Check "Let users share SharePoint Online and OneDrive content with people outside the organization" ans select New and existing external users (sign-in required), Save changes
Go to Classic SP Admin center >> sharing (selected below required options for my company. might change based on your company requirements).
Go to OneDrive admin center >> Sharing (selected below required options for my company. might change based on your company requirements).
Go to Modern SP Admin center >> Sites >> Active sites
Using Customize columns, select 'External sharing' in the view. You can see how many sites are using External sharing option (as shown below).
SharePoint Online External Sharing Key Facts
When administering a SharePoint Online environment, security is of paramount importance. Most importantly, you need to control the external sharing of SharePoint content. Here are a couple of things you should keep an eye on:
When you share a SharePoint Site with a Guest / External User, it will be visible in the Azure AD (Filter by Guest User type).
When administering a SharePoint Online environment, security is of paramount importance. Most importantly, you need to control the external sharing of SharePoint content. Here are a couple of things you should keep an eye on:
When you share a SharePoint Site with a Guest / External User, it will be visible in the Azure AD (Filter by Guest User type).
When you share an Office 365 Group with a Guest User, it will be visible in the Group admin UI in Outlook and Azure AD (see above).
When you share a file with an External User, information about that can be retrieved only on that particular file. There is no record in Azure AD as the user has neither a Microsoft nor an Organizational account.
SharePoint Online External Users - Best Practices
SharePoint Online administrators are probably finding it a bit challenging to detect which files have been shared with ad hoc External Users. One way to find all such users is to navigate to the User Information List. This hidden list shows all the users who have access to a SharePoint site collection. The list URL goes like this: http://your_site_collection_url/_catalogs/users/simple.aspx.
All the users with a display name in an email format are External Users. However, even if you do manage to detect them, you won’t be able to tell which sites and documents they have access to. That's where SysKit Security Manager can help you out. With its Externally Shared Content Matrix you can see exactly what is shared with whom. Finding guest users is no more a tricky and time- consuming task.
However, you still have to be careful when sharing with external users. Here are a couple of best practices to follow:
Make sure your end users know what they are doing. It is so easy to share something with an external email.
Turn off sharing via anonymous links.
Restrict content sharing to pre-approved email domains only.
Disable sharing for site collections with really sensitive data.
When sharing content with a user, make sure that only the user with that exact email address can view the content.
SharePoint Online administrators are probably finding it a bit challenging to detect which files have been shared with ad hoc External Users. One way to find all such users is to navigate to the User Information List. This hidden list shows all the users who have access to a SharePoint site collection. The list URL goes like this: http://your_site_collection_url/_catalogs/users/simple.aspx.
All the users with a display name in an email format are External Users. However, even if you do manage to detect them, you won’t be able to tell which sites and documents they have access to. That's where SysKit Security Manager can help you out. With its Externally Shared Content Matrix you can see exactly what is shared with whom. Finding guest users is no more a tricky and time- consuming task.
However, you still have to be careful when sharing with external users. Here are a couple of best practices to follow:
Make sure your end users know what they are doing. It is so easy to share something with an external email.
Turn off sharing via anonymous links.
Restrict content sharing to pre-approved email domains only.
Disable sharing for site collections with really sensitive data.
When sharing content with a user, make sure that only the user with that exact email address can view the content.
No comments:
Post a Comment