Managing External Sharing in Office 365 – Part 2

Office365This is the second in a series of posts that is reviewing details about how to manage External Sharing in Office 365.  This post will cover the process of what happens from the time you fill in the sharing dialog to share a site or document with another user until that user accesses the site.  For the purpose of this overview we won’t get into the specifics of how this process differs for an external user.  We’ll cover that in the third installment of this series.  If you haven’t read the first post in the series you can access it through the links below:

  • Part 1 – A high level walk-through of how to configure external sharing starting with your O365 tenant and going down to an individual site collection.
  • Part 2 – (This Post) How the process flow of sharing differs between sharing a site versus sharing a document and how Office 365 adjusts this experience
  • Part 3 – How external sharing depends on the site collection access request list to manage permissions for an external sharing invitation
  • Part 4 – How to use PowerShell to manage external users

How Sharing Works

To understand how external sharing works you first need to understand what happens when a user shares a document or site.  In this post we’ll trace the process that SharePoint goes through whenever something is shared.  We’ll take a look at what permissions are required to share a site or document and explain what the user experience is for a user who receives a sharing request.  Along the way we’ll discover that there is a significant difference between the experience of the recipient when receiving an invitation to share a site versus share a specific document.  We’ll also point out a potential difference in the experience between sharing in Office 365 versus an On-premises SharePoint environment. Note:  we’ll dig more into the differences between SharePoint On-line and SharePoint On-premises in Part 3 of this series.

Sharing a Site

If you are the Site Collection Administrator (SCA) or Site Owner (SO) the process for sharing a site or a document is the same.

Managing External Sharing in Office 365 – Part 1

Office365I presented a talk at a conference recently on how to use an existing Office 365 tenant to create an extranet without additional licensing fees.  A good part of the presentation was background on how external sharing works and the part played by access requests in the external sharing process flow.  After the talk I had several people who asked if I had ever blogged about the details that I covered in my talk or if I knew of anywhere else that this information was documented.  This post is the first in a series of posts that will document those details.  Here’s a brief overview of the posts in the series:

  • Part 1 – (This Post) A high level walk-through of how to configure external sharing starting with your O365 tenant and going down to an individual site collection.
  • Part 2 – How the process flow of sharing differs between sharing a site versus sharing a document and how Office 365 adjusts this experience
  • Part 3 – How external sharing depends on the site collection access request list to manage permissions for an external sharing invitation
  • Part 4 – How to use PowerShell to manage external users

Tenant Level Settings

The Office 365 admin center has a specific tab for managing external sharing settings for you tenant.  This post will focus on settings related to sharing SharePoint sites, but you can also control external sharing of Exchange calendars Lync, and the use of third party apps.  The Sharing Overview page provides On/Off toggles for whether external sharing is available in your tenant or not.  The default settings are shown in the following screenshot.

External Sharing Tenant

Selecting the Sites tab (or clicking on Go to detailed settings for sites)  will take you to a screen where you can set tenant level defaults for external sharing and view the site collections where external sharing has been enabled.

The tenant level default controls whether anonymous guest links can be used anywhere in the tenant or not.  If Anonymous guest links are enabled in a site collection, users can send email invitations that contain links to individual documents which can then be accessed WITHOUT LOGGING IN to SharePoint.  These links can be very dangerous if the original recipient shares the link since anyone can use the link to access the document.

This page also displays a list of all the site collections in your tenant and the current level of external sharing enabled for that site collection.  By default new site collections are created with external sharing disabled.  The External Sharing Sites page is displayed in the screenshot below:

External Sharing Sites page

SharePoint Admin Settings

The SharePoint admin center also provides settings that can be used to control the default External Sharing levels allowed in individual site collections.  These settings are not directly affected by the Tenant level settings described above.  Instead they provide an additional layer of configuration for External Sharing.  So even if External Sharing is disabled at the tenant level you will be able to adjust the site collection defaults available in the SharePoint Admin settings.  But when configuring External Sharing for individual site collections the level of sharing possible will respect both defaults.  For example, if guest links are disabled at the tenant level, but enabled in the SharePoint settings you still won’t be able to configure a site collection to allow the use of guest links.  The SharePoint Admin External Sharing settings are highlighted in the screenshot below:

External Sharing SharePoint defaults

Configuring a Site Collection

Once you’ve set all the defaults you can configure external sharing for individual site collections.  When a new site collection is created External Sharing is disabled by default.  Selecting a site collection and clicking on the Sharing button in the ribbon brings up a dialog where you can configure External Sharing for sites in that site collection.  There are three possible settings.  Don’t allow sharing will disable External Sharing for that site collection.  Allow external users… will allow sharing with authenticated external users.  And Allow both external users and…anonymous guest links will allow sharing with both authenticated and anonymous external users.  The tenant defaults and SharePoint defaults discussed earlier will limit which of these three options can be selected.  The sharing dialog is displayed in the screenshot below:

External Sharing Site Collection setting

 

Now that External is configured your users can begin extending sharing invitations to external users and creating anonymous guest links.  I’ll cover the process for sharing sites and documents with external users in Part 2 of this series.  Part 2 coming soon!