Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Deep Dive on Office 365 - External Sharing

267 views

Published on

Presented at O365 Saturday in Perth, Sydney and Brisbane.
Extranet without any overheads? How is that possible? Is it secure?

In this session we shall see how you can leverage on SharePoint B2B Collaboration for providing extranet capabilities for partners with minimum overheads! We shall look at the various security controls available at various levels so the business can effectively and securely do business with its partners. The demo will show you a real world scenario involving multi domain scenario and how B2B capabilities can be leveraged to have an extranet for partners up and running with minimum overheads

  • Be the first to comment

  • Be the first to like this

Deep Dive on Office 365 - External Sharing

  1. 1. Gold Silver Bronze
  2. 2. Extranet for Partners – Office 365 / SPO Extranet for Partners – Azure B2B Security Controls in Office 365 and SharePoint Online Challenges with Extranet Implementation Demos
  3. 3. Network Operational Overheads Identity Management Security Infrastructure Challenges with External Sharing Implementation Firewall Extranet Network Extranet Farm in Azure (IaaS) InternetPartner User CORP User Virtual Network Extranet SharePoint 2013 Farm Active Directory Domain Controller DNS Virtual Network Microsoft Azure Data Center (Australia)
  4. 4. Federation = Domains that have established a federation trust Authorization = Access Guest = External User Access B2B = Business to Business Authentication = Identity
  5. 5. Google Account Microsoft Account Corporate Identity with no Azure Active Directory ‘presence’ Corporate Identity with Azure Active Directory ‘presence’ Cloud Identity Azure B2B – Identity Types
  6. 6. Azure Portal Walkthrough Demo
  7. 7. Office 365 Tenant – Global Administrator SharePoint Online Tenancy – SharePoint Administrator SharePoint Online Site Collection Level – SharePoint Administrator SharePoint Online Site Level – SharePoint Site Owner SharePoint Online Site Content Level – Content Owner
  8. 8. Enabling External Sharing Demo
  9. 9. Configuration Result Notes Don’t allow sharing outside your organization Users will not be able to share sites or content in this site collection with users who do not have licenses to your Office 365 subscription. Default – External Sharing not enabled Allow sharing only with the external users that already exist in your organization’s directory Users will not be able to share sites or content in this site collection with external users who do not already exist in your organization's directory External User must be ‘part of the organisation’ , i.e. accepted the invite and completed the sign-in Allow external users who accept sharing invitations and sign in as authenticated users Site owners or others with full control permissions on a site can share documents with external users by requiring sign-in. All external users will be required to sign in before they can view content. Invitations to view content can be redeemed only once. After an invitation has been accepted, it cannot be shared or used by others to gain access. User must accept the invite, sign-in. After the sign-in process is completed, user is added to organisation’s Azure AD Allow sharing to authenticated external users and using anonymous access. Optionally, you can set links to expire in a specific number of days. Site owners or others with full control permissions can also share documents externally opt to require sign-in, or send an anonymous guest link for documents. When users share a document, they can grant external users either view or edit permissions to the document.External users who receive anonymous guest links can view or edit that content without signing in. Anonymous guest links could potentially be forwarded or shared with other people, who might also be able to view or edit the content without signing in. Not recommended
  10. 10. Configuration Result Notes Don’t allow sharing outside your organization Users will not be able to share sites or content in this site collection with users who do not have licenses to your Office 365 subscription. Default – External Sharing not enabled Allow sharing only with the external users that already exist in your organization’s directory Users will not be able to share sites or content in this site collection with external users who do not already exist in your organization's directory External User must be ‘part of the organisation’ , i.e. accepted the invite and completed the sign-in Allow external users who accept sharing invitations and sign in as authenticated users Site owners or others with full control permissions on a site can share documents with external users by requiring sign-in. All external users will be required to sign in before they can view content. Invitations to view content can be redeemed only once. After an invitation has been accepted, it cannot be shared or used by others to gain access. User must accept the invite, sign-in. After the sign-in process is completed, user is added to organisation’s Azure AD Allow both external users who accept sharing invitations and guest links Site owners or others with full control permissions can share sites with external users. All external users will be required to sign in before they can view content on a site that has been shared. Site owners or others with full control permissions can also share documents externally opt to require sign-in, or send an anonymous guest link for documents. External users who receive anonymous guest links can view or edit that content without signing in. Anonymous guest links could potentially be forwarded or shared with other people, who might also be able to view or edit the content without signing in. When users share a document, they can grant external users either view or edit permissions to the document. Not recommended
  11. 11. ExternalUserInvite–GoogleAccount,MicrosoftAccount, FederatedIdentity Demo
  12. 12.  External users can use Office Web Apps to view and edit  External users can use Office Web Apps to edit if they have permissions  External users can use Office Client edit – login required to edit  Inherit use rights of the user who invites external user.  An external user can perform tasks on a site consistent with the permission level that they are assigned.  External users will be able to see other types of content on sites.
  13. 13.  External users cannot create their own personal sites (My Sites). This means that they do not have their own One Drive for Business.  External users cannot Delve. They also cannot edit their own profile, change their photo, or see aggregated tasks.  External users do not add quota to the overall tenant storage pool (this is determined by licensed users only).  External users cannot be an administrator for a site collection.  By default, external users cannot access the Search Center and will not be able to execute searches against “everything” (cross site collection search)  As external users are cannot be licensed as an enterprise user, they will not have access to any of the licensed components such as Exchange Online, Skype for Business, etc.
  14. 14. External Sharing Experience Demo
  15. 15. alpesh.nakar@avanade.com http://alpeshnakar.com http://in.alpeshnakar.com http://t.alpeshnakar.com
  16. 16. Gold Silver Bronze

×