You can't spell SharePoint without 'Share'. Sharing is a core concept within the modern workplace and it is powered by SharePoint and OneDrive but there are complexities that lie underneath the covers that you need to know about. Collaboration lives at the core of a workplace and collaboration is built around effective sharing. Getting content securely to the right people at the right time keeps a company moving. But do you really know everything that is out there? Who has access to the content? Is the content still secure? Learn move about what you can do as a user to share your content, what happens after it has been shared, and how to control content sharing as an administrator.

1. Everything you need to
know about sharing files in
SharePoint & OneDrive
SharePoint Saturday Twin Cities 2018
#SPSTC

2. Thank you #SPSTC
sponsors!

3. Drew Madelung
Email : drew.madelung@protiviti.com
Twitter : @dmadelung
Website: drewmadelung.com
Senior Manager – SharePoint & Office 365

4. Types of sharing
What really happens
Sharing management
What’s next
Everything you need
to know about sharing
files in SharePoint &
OneDrive
SharePoint Saturday Twin Cities
#SPSTC

5. Let’s talk security
Permission
Level
Full Control
Edit
Contribute
Read
View Only
Approve
Design
Create your own!
SharePoint Object
3 things make up SharePoint Security
Site
Collection
Site
Library, List
Item,
Document,
Folder
User or Group

6. Security is based on inheritance
Site
Collection
Site
Library, List
Item,
Document,
Folder
Site
Collection
Site
Library, List
Item,
Document,
Folder
Unbroken Inheritance Broken Inheritance

7. Sharing 101
To someone
Site
Collection
Site
Library,
List
Item,
Document,
FolderUser
Shares something
Gets access

8. Sharing administration vs End User sharing
Admins plan and set
sharing configuration
End users share content
Internal
users
External
users

9. What is an external user or guest
Someone from outside your Office 365 subscription who has been
granted access to a site, file, or folder
Authenticated with
Microsoft account
Authenticated without
Microsoft account
Not licensed but can be
Limited to basic collaboration tasks
SP permissions
Office online
Added to Azure AD with #EXT# in user name
Not licensed
Sent one-time access code
Can’t be shared sites

10. Types of sharing via End User
Specific People
People with existing access
People in the organization
Anyone

11. Specific people
A non-transferrable, revocable secret key, only grants
access to the specific recipient
Won’t work if forwarded to others
Existing users get access via their account
Can specify internal or external users
New external users prove email
ownership via simple one-time passcode
Internal users granted access directly with
inheritance broken
Similar to “Grant Access”

12. People with existing access
Send link without sharing
Does not change permissions
Cannot be set as default link type
Users have access and receive a link via email

13. People in my organization
A transferrable, revocable secret key, only grants access
to internal users
Can be forwarded to others
Access can be revoked anytime
Users need link to gain access
Requires sign-in to an account in my
organization
Members (non-guests) in Azure AD

14. Anyone (Anonymous)
A transferrable, revocable secret key
Can be forwarded to others
Access can be revoked anytime
Users need link to gain access
Guarantees users can open, anywhere, without signing in

15. Sharing from everywhere
Modern sharing UI is unified across platforms
OneDrive Mobile App
Office Mac
File Explorer with OneDrive sync
Mac Finder
SharePoint
OneDrive
Office Online
Office Desktop

16. Demo!

17. What happens when you share with links?
Share via Link
Inheritance broken on file
New SP Group created and added to
files Access Control List (ACL)
Users put into SP Group when shared
or link clicked

18. Specific people – Share externally securely
Passcode required via secondary email
Must use email link was sent to verify
Auditable through “SecureLink” actions
Does not add guest account into Azure AD (yet)
Get-SPOExternalUser will not return them
• Must used Get-SPOUser
User shares file or
folder to user not
in directory
Guest receives passcode
and not required to login
with MS account

19. Specific people – Share externally securely

20. Sharing sites vs content
Sharing sites requires Microsoft account login
Utilizes access requests
Adds user as guest to Azure AD after login
Get-SPOExternalUser returns guest accounts
Once in Azure AD -> will appear in people picker
Adds user to site SP group

21. Classic sharing UI
“Invite people” is like sharing
with specific people
“Get a link” gives you organization links and anonymous

22. Sharing in Office 365 Groups
Modern SharePoint team sites are powered
by Office 365 Groups – Including MS Teams!
Feature Guest user allowed?
Create a group No
Add/remove group members No
Delete a group No
Join a group Yes, by invitation
Start a conversation Yes
Reply to a conversation Yes
Search for a conversation Yes
@mention a person in the group No
Pin/Favorite a group No
Delete a conversation Yes
"Like" messages No
Manage meetings No
View group calendar No
Modify calendar events No
Add a group calendar to a personal
calendar
No
View and edit group files Yes, if enabled by tenant admin
Access the group OneNote notebook Yes, via link from group member
Browse groups No
Security model is different
1 Azure AD group powers 2 permission levels – Owner & Member
Permissions cross workloads
Add users (share) to the Group vs content in SharePoint
Unique external sharing administration
Guests cannot be an owner
Modern Communication sites do NOT utilize Office 365 Groups

23. Demo!

24. Site collection advanced sharing
Access requests still can be set and utilized
Default access requests set to site owners SharePoint group
• Can update email + message
Control ability of members to share
Allow members to add to default members group
• Allows members to share site

25. External sharing administration
Sharing configured via SharePoint AND/OR OneDrive admin centers
Configured per tenant
Ability to configure sharing set per site collection
• Every OneDrive is a site collection
Office 365 Group sharing best managed through PowerShell

26. External sharing administration
 Sharing for OneDrive can be MORE restrictive but not LESS restrictive than SPO
 If sharing turned off globally in SPO any shared links will stop working
Sharing Options
 No external sharing
 Only existing external users (sign-in required)
 New and existing external users (sign-in required)
 Anyone, including anonymous users (on by default)
Your SharePoint Online sharing
settings determine which OneDrive
sharing settings are available
Setting Sharing in OneDrive Admin
Center affects SPO

27. Set external sharing settings
Default link type
 Direct links
 Only users who have specific permission
 Internal Links
 Only users within your organization
 Sharable access links
 Anyone with a link (anonymous)
Default link permission
 View or Edit
The following settings apply to both SPO and OneDrive
Anonymous access link permission
 Separate for Files & Folders
 View, Edit & Upload
 View Only for
Anonymous access link expiration
 Up to 2 years / 730 days

28. Set external sharing settings
Limited external sharing by user
 Only certain users in security group can share with
 External users
 External users + anonymous
Other
 Must accept using same account
 Let external users share items they don’t own
 Require recipients to prove account ownership (days)
 Not anonymous
The following settings apply to both SPO and OneDrive
OneDrive email notifications
 Other users share again
 External users accept
 Anonymous link created or changed

29. Domain allow/block
Ability to whitelist or blacklist domains for SharePoint & OneDrive
• Tenant or site collection level
• Recommend blacklist
Office 365 Group external sharing does not respect the SharePoint configuration
Configure Azure AD allow/block list

30. Demo!

31. Sharing tidbits
If external sharing enable -> Office 365 group powered sites will be enabled with the same
Access requests list generated after access request submitted
• Access%20Requests/pendingreq.aspx
Use content search for reporting
External sharing changes for My Site site collection apply to existing and new OneDrive’s
Utilize SharePoint Online as an extranet
Be aware of migration to SharePoint Online with Delve and permission exposure
Work with the business to understand sharing requirements, don’t just lock down

32. What’s next

33. What’s next
Sharing UI in Teams
New manage access UI
Per site default link settings
B2B one-time passcode users
External sharing reports
Expiring external access
Password protected links
Block downloads
Smart people picker
Link open receipts
Sharing UI in Office mobile

34. • xxxx
Help Contribute &
Stay Informed!
Microsoft Tech Community
https://techcommunity.microsoft.com
Office 365 Roadmap
https://fasttrack.microsoft.com/roadmap
Office Blogs
https://blogs.office.com/
Office 365 Admin Center – Message Center
https://portal.office.com/AdminPortal
Office 365 for IT Pros
http://exchangeserverpro.com/ebooks/office-365-for-it-pros

35. Questions?
Email: drew.madelung@protiviti.com
Twitter: @dmadelung
Website: drewmadelung.com
Slides: http://bit.ly/DrewSlides

36. Everything you need
to know about
sharing files in
SharePoint &
OneDrive
SharePoint SaturdayTwinCities2018
#SPSTC