I presented a talk at a conference recently on how to use an existing Office 365 tenant to create an extranet without additional licensing fees. A good part of the presentation was background on how external sharing works and the part played by access requests in the external sharing process flow. After the talk I had several people who asked if I had ever blogged about the details that I covered in my talk or if I knew of anywhere else that this information was documented. This post is the first in a series of posts that will document those details. Here’s a brief overview of the posts in the series:
- Part 1 – (This Post) A high level walk-through of how to configure external sharing starting with your O365 tenant and going down to an individual site collection.
- Part 2 – How the process flow of sharing differs between sharing a site versus sharing a document and how Office 365 adjusts this experience
- Part 3 – How external sharing depends on the site collection access request list to manage permissions for an external sharing invitation
- Part 4 – How to use PowerShell to manage external users
Tenant Level Settings
The Office 365 admin center has a specific tab for managing external sharing settings for you tenant. This post will focus on settings related to sharing SharePoint sites, but you can also control external sharing of Exchange calendars Lync, and the use of third party apps. The Sharing Overview page provides On/Off toggles for whether external sharing is available in your tenant or not. The default settings are shown in the following screenshot.
Selecting the Sites tab (or clicking on Go to detailed settings for sites) will take you to a screen where you can set tenant level defaults for external sharing and view the site collections where external sharing has been enabled.
The tenant level default controls whether anonymous guest links can be used anywhere in the tenant or not. If Anonymous guest links are enabled in a site collection, users can send email invitations that contain links to individual documents which can then be accessed WITHOUT LOGGING IN to SharePoint. These links can be very dangerous if the original recipient shares the link since anyone can use the link to access the document.
This page also displays a list of all the site collections in your tenant and the current level of external sharing enabled for that site collection. By default new site collections are created with external sharing disabled. The External Sharing Sites page is displayed in the screenshot below:
SharePoint Admin Settings
The SharePoint admin center also provides settings that can be used to control the default External Sharing levels allowed in individual site collections. These settings are not directly affected by the Tenant level settings described above. Instead they provide an additional layer of configuration for External Sharing. So even if External Sharing is disabled at the tenant level you will be able to adjust the site collection defaults available in the SharePoint Admin settings. But when configuring External Sharing for individual site collections the level of sharing possible will respect both defaults. For example, if guest links are disabled at the tenant level, but enabled in the SharePoint settings you still won’t be able to configure a site collection to allow the use of guest links. The SharePoint Admin External Sharing settings are highlighted in the screenshot below:
Configuring a Site Collection
Once you’ve set all the defaults you can configure external sharing for individual site collections. When a new site collection is created External Sharing is disabled by default. Selecting a site collection and clicking on the Sharing button in the ribbon brings up a dialog where you can configure External Sharing for sites in that site collection. There are three possible settings. Don’t allow sharing will disable External Sharing for that site collection. Allow external users… will allow sharing with authenticated external users. And Allow both external users and…anonymous guest links will allow sharing with both authenticated and anonymous external users. The tenant defaults and SharePoint defaults discussed earlier will limit which of these three options can be selected. The sharing dialog is displayed in the screenshot below:
Now that External is configured your users can begin extending sharing invitations to external users and creating anonymous guest links. I’ll cover the process for sharing sites and documents with external users in Part 2 of this series. Part 2 coming soon!