Managing External Sharing in Office 365 – Part 1

Office365I presented a talk at a conference recently on how to use an existing Office 365 tenant to create an extranet without additional licensing fees.  A good part of the presentation was background on how external sharing works and the part played by access requests in the external sharing process flow.  After the talk I had several people who asked if I had ever blogged about the details that I covered in my talk or if I knew of anywhere else that this information was documented.  This post is the first in a series of posts that will document those details.  Here’s a brief overview of the posts in the series:

  • Part 1 – (This Post) A high level walk-through of how to configure external sharing starting with your O365 tenant and going down to an individual site collection.
  • Part 2 – How the process flow of sharing differs between sharing a site versus sharing a document and how Office 365 adjusts this experience
  • Part 3 – How external sharing depends on the site collection access request list to manage permissions for an external sharing invitation
  • Part 4 – How to use PowerShell to manage external users

Tenant Level Settings

The Office 365 admin center has a specific tab for managing external sharing settings for you tenant.  This post will focus on settings related to sharing SharePoint sites, but you can also control external sharing of Exchange calendars Lync, and the use of third party apps.  The Sharing Overview page provides On/Off toggles for whether external sharing is available in your tenant or not.  The default settings are shown in the following screenshot.

External Sharing Tenant

Selecting the Sites tab (or clicking on Go to detailed settings for sites)  will take you to a screen where you can set tenant level defaults for external sharing and view the site collections where external sharing has been enabled.

The tenant level default controls whether anonymous guest links can be used anywhere in the tenant or not.  If Anonymous guest links are enabled in a site collection, users can send email invitations that contain links to individual documents which can then be accessed WITHOUT LOGGING IN to SharePoint.  These links can be very dangerous if the original recipient shares the link since anyone can use the link to access the document.

This page also displays a list of all the site collections in your tenant and the current level of external sharing enabled for that site collection.  By default new site collections are created with external sharing disabled.  The External Sharing Sites page is displayed in the screenshot below:

External Sharing Sites page

SharePoint Admin Settings

The SharePoint admin center also provides settings that can be used to control the default External Sharing levels allowed in individual site collections.  These settings are not directly affected by the Tenant level settings described above.  Instead they provide an additional layer of configuration for External Sharing.  So even if External Sharing is disabled at the tenant level you will be able to adjust the site collection defaults available in the SharePoint Admin settings.  But when configuring External Sharing for individual site collections the level of sharing possible will respect both defaults.  For example, if guest links are disabled at the tenant level, but enabled in the SharePoint settings you still won’t be able to configure a site collection to allow the use of guest links.  The SharePoint Admin External Sharing settings are highlighted in the screenshot below:

External Sharing SharePoint defaults

Configuring a Site Collection

Once you’ve set all the defaults you can configure external sharing for individual site collections.  When a new site collection is created External Sharing is disabled by default.  Selecting a site collection and clicking on the Sharing button in the ribbon brings up a dialog where you can configure External Sharing for sites in that site collection.  There are three possible settings.  Don’t allow sharing will disable External Sharing for that site collection.  Allow external users… will allow sharing with authenticated external users.  And Allow both external users and…anonymous guest links will allow sharing with both authenticated and anonymous external users.  The tenant defaults and SharePoint defaults discussed earlier will limit which of these three options can be selected.  The sharing dialog is displayed in the screenshot below:

External Sharing Site Collection setting

 

Now that External is configured your users can begin extending sharing invitations to external users and creating anonymous guest links.  I’ll cover the process for sharing sites and documents with external users in Part 2 of this series.  Part 2 coming soon!

A New Look for a New Year and New Posts

HappyNewYearIf you’ve ever read this Blog you probably noticed that its been very inactive for the last year or so.  So I’ve decided with the new year to rededicate myself to putting some posts out here.  I decided if I was going to do that I was also going to freshen things up with a new look.  In addition to freshening things up and changing the colors there are also some other new enhancements.  The new theme I now using supports “responsive design”.  Here’s how the site looks on my Windows 8.1 phone:

DontPapanic Blog Screenshot

Its much easier to read then it used to be with my previous theme. So if you like reading Blogs on your mobile device, like a tablet or a phone, you’ll find that the layout of the site now adapts to the lower screen real estate available on those devices.

But in addition to a new look I also want to start writing posts with meaningful information and workarounds. I’ll be starting that off in the next week with a series that examines the concept of “External Sharing” in Office 365.  I’ve done a couple talks on the subject recently and some of the attendees commented that they hadn’t seen some of the details I presented anywhere else.  I promised I would write a post or two on the subject, so I’ll start sharing those with you soon.  Hope you have a Happy New Year and I hope you like the new look of the site.

 

Speaking at the Columbus Buckeye SPUG

BuckeyeSPUG_TranspI will be speaking at the Columbus Buckeye SharePoint Users Group on Thursday, January 16th. The meeting will start at 5:30pm. My topic will be "Share, Follow, and Sync: How SharePoint 2013 uses Personal MySites for Social functionality”. Here’s a brief description of the talk:

Prior to SharePoint 2013 many organizations built a MySite Host but never implemented personal MySite storage. This was a very viable strategy in 2010. But with the introduction of the Social features in SharePoint 2013 things have changed. In this talk we’ll review all the new "Social" features in SharePoint 2013 that depend on personal MySites. We’ll also look at how to control and manage personal MySites in your organization and discuss how future integration with Yammer may change this requirement. 

Next Buckeye SPUG Meeting: Jan 16th – 5:30 pm @ the Microsoft Polaris Office

Agenda

5:30pm – 6:00pm –> Food Sponsor’s Presentation

6:00pm – 6:30pm –> Community Time

6:30pm – 7:30pm –> My Talk

7:30pm +           —> SharePint @ The Pub

SharePoint MVPs Volunteer for Typhoon Relief

MVP

A few days after Typhoon Haiyan hit the Philippines one of my fellow MVPs, Dux Raymond (@meetdux), suggested that we should all band together and do something to support the relief effort.  His idea was that we would all volunteer an hour or two of phone consulting time for anyone who would contribute to a charity for the relief of the victims of Typhoon Haihayn.  I’m happy to report that almost 50 MVPs, including me, have volunteered to contribute to the effort.  If you would be interested in some consulting time with an MVP check out Dux’s blog where the list of MVPs who are contributing to the effort is being kept up to date.  YOu can find it here:

http://meetdux.com/2013/11/12/operation-sharelove-help-typhoon-haiyan-victims-sharepoint-experts-will-help-you-rescueph/

 

Unfortunately, my contribution to the effort has already been snapped up by a contributor.  But there are lots of other knowledgeable MVPs waiting to help you (and the people of the Philippines) out.

MCM, MCSM, and MCA Programs Cancelled

tombstone-rip

Less than two months after Microsoft announced a major change to the Microsoft Certified Masters (MCSM formerly known as MCM) program they’ve dropped another bombshell on the community. At the end of June Microsoft abruptly announced that they were removing all the pre-requisites from taking the MCSM Knowledge Exams and Qualification Lab to make the certification available to more people.  Last night at about 1:00 AM Eastern Time they sent out an email to all currently certified MCMs, MCSMs, and MCAs to give them the bad news that as of October 1, 2013 (Yes, that’s only 30 days from now) all the MCSM and MCA certification exams and training will be retired and the certification will no longer be offered.  Here’s the beginning of the email:

We are contacting you to let you know we are making a change to the Microsoft Certified Master, Microsoft Certified Solutions Master, and Microsoft Certified Architect certifications. As technology changes so do Microsoft certifications and as such, we are continuing to evolve the Microsoft certification program. Microsoft will no longer offer Masters and Architect level training rotations and will be retiring the Masters level certification exams as of October 1, 2013.

Words cannot express how deeply disappointed I am by this news.  The MCSM community has helped me several times in the last few months alone to find the answers to SharePoint problems that I’ve experienced in the projects I work on.  And I hope that I’ve helped some of my other MCMs with their problems.  After the news earlier this summer I was trying to decide whether recertifying my MCSM: SharePoint certification was worth it or not.  I had just about made up my mind that it was and had started talking to my management about getting the time to go back to training (one of the best parts of the program) to complete my recertification before time was up next June.  I guess I don’t have to worry about that anymore.  Crying face