You can't spell SharePoint without 'Share'. Sharing is a core concept within the modern workplace and it is powered by SharePoint and OneDrive but there are complexities that lie underneath the covers that you need to know about. Collaboration lives at the core of a workplace and collaboration is built around effective sharing. Getting content securely to the right people at the right time keeps a company moving. But do you really know everything that is out there? Who has access to the content? Is the content still secure? Learn move about what you can do as a user to share your content, what happens after it has been shared, and how to control content sharing as an administrator.

1. Everything you
need to know
about sharing
files in SharePoint
& OneDrive
SharePoint Fest Seattle2019
#SPFestSea

2. Drew Madelung
Email : drew.madelung@protiviti.com
Twitter : @dmadelung
Website: drewmadelung.com
Senior Manager – SharePoint & Office 365

3. Types of sharing
What really happens
Sharing management
What’s next
Everything you need
to know about sharing
files in SharePoint &
OneDrive
SharePoint Fest Seattle 2019
#SPFestSea

4. Let’s talk security
Permission
Level
Full Control
Edit
Contribute
Read
View Only
Approve
Design
Create your own!
SharePoint Object
3 things make up SharePoint Security
Site
Collection
Site
Library, List
Item,
Document,
Folder
User or Group

5. Security is based on inheritance
Site
Collection
Site
Library, List
Item,
Document,
Folder
Site
Collection
Site
Library, List
Item,
Document,
Folder
Unbroken Inheritance Broken Inheritance

6. Sharing 101
To someone
Site
Collection
Site
Library,
List
Item,
Document,
FolderUser
Shares something
Gets access

7. Sharing administration vs End User sharing
Admins plan and set
sharing configuration
End users share content
Internal
users
External
users

8. Authenticated or Anonymous
Someone from outside your Office 365 subscription who has been
granted access to a site, file, or folder
Authenticated with
Microsoft account
Anonymous
Spreads across workloads
Added to Azure AD as Guest
Groups, Teams, SharePoint, OneDrive, Yammer, etc
Can’t be shared sites
IP tracked

9. Types of sharing via End User
Specific People
People with existing access
People in the organization
Anyone

10. Specific people
A non-transferrable, revocable secret key, only grants
access to the specific recipient
Won’t work if forwarded to others
Existing users get access via their account
New external users prove email
ownership via simple one-time passcode
Internal users granted access directly with
inheritance broken

11. People with existing access
Send link without sharing
Does not change permissions
Cannot be set as default link type
Users have access and receive a link via email
Gets direct link to file

12. People in my organization
A transferrable, revocable secret key, only grants access
to internal users
Can be forwarded to others
Access can be revoked anytime
Users need link to gain access
Requires sign-in to an account in my
organization
Members (non-guests) in Azure AD

13. Anyone (Anonymous)
A transferrable, revocable secret key
Can be forwarded to others
Access can be revoked anytime
Users need link to gain access
Guarantees users can open, anywhere, without signing in

14. Sharing from everywhere
Modern sharing UI is unified across platforms
OneDrive Mobile App
Office Mac
File Explorer with OneDrive sync
Mac Finder
SharePoint
OneDrive
Office Online
Office Desktop

15. Demo!

16. What happens when you share with links?
Share via Link
Inheritance broken on file
New SP Group created and added to
files Access Control List (ACL)
Users put into SP Group when shared
or link clicked
Entry added to Sharing Links SP List

17. Specific people – Share externally securely
Passcode required via secondary email
Must use email link was sent to verify
Auditable through “SecureLink” actions
Get-SPOExternalUser will not return them
• Must used Get-SPOUser
User shares file or
folder to user not
in directory
Guest receives passcode
and not required to login
with MS account

18. Sharing sites vs content
Sharing sites requires Microsoft account login
Utilizes access requests
Adds user as guest to Azure AD after login
Get-SPOExternalUser returns guest accounts
Once in Azure AD -> will appear in people picker
Adds user to site SP group

19. Classic sharing UI
“Invite people” is like sharing
with specific people
“Get a link” gives you organization links and anonymous

20. Sharing in Office 365 Groups
Modern SharePoint team sites are powered
by Office 365 Groups – Including MS Teams!
Feature Guest user allowed?
Create a group No
Add/remove group members No
Delete a group No
Join a group Yes, by invitation
Start a conversation Yes
Reply to a conversation Yes
Search for a conversation Yes
@mention a person in the group No
Pin/Favorite a group No
Delete a conversation Yes
"Like" messages No
Manage meetings No
View group calendar No
Modify calendar events No
Add a group calendar to a personal
calendar
No
View and edit group files Yes, if enabled by tenant admin
Access the group OneNote notebook Yes, via link from group member
Browse groups No
Security model is different
1 Azure AD group powers 2 permission levels – Owner & Member
Permissions cross workloads
Add users (share) to the Group vs content in SharePoint
Unique external sharing administration
Guests cannot be an owner
Modern Communication sites do NOT utilize Office 365 Groups

21. Demo!

22. Control external sharing in Office 365
Members
Owners
Unauth’d
guests
Auth’d
guests
Admin
Inside Outside
Control
External sharing

23. Control external sharing in Office 365
Least Restrictive
Most Restrictive

24. External sharing administration
Sharing configured via SharePoint AND/OR OneDrive admin centers
Configured per tenant
Ability to configure sharing set per site collection
• Every OneDrive is a site collection
Office 365 Group sharing best managed through PowerShell

25. External sharing administration
 Sharing for OneDrive can be MORE restrictive but not LESS restrictive than SPO
 If sharing turned off globally in SPO any shared links will stop working
Sharing Options
 No external sharing
 Only existing external users (sign-in required)
 New and existing external users (sign-in required)
 Anyone, including anonymous users (on by default)
Your SharePoint Online sharing
settings determine which OneDrive
sharing settings are available
Setting Sharing in OneDrive Admin
Center affects SPO

26. Set external sharing settings
Default link type
 Direct links
 Only users who have specific permission
 Internal Links
 Only users within your organization
 Sharable access links
 Anyone with a link (anonymous)
Default link permission
 View or Edit
The following settings apply to both SPO and OneDrive
Anonymous access link permission
 Separate for Files & Folders
 View, Edit & Upload
 View Only for
Anonymous access link expiration
 Up to 2 years / 730 days

27. Set external sharing settings
Limited external sharing by user
 Only certain users in security group can share with
 External users
 External users + anonymous
Other
 External sharing policy URL (new)
 Must accept using same account
 Let external users share items they don’t own
 Require recipients to prove account ownership (days)
 Not anonymous
The following settings apply to both SPO and OneDrive
OneDrive email notifications
 Other users share again
 External users accept
 Anonymous link created or changed

28. External sharing administration
Classic admin center includes certain things
• Only users in selected security groups shared
with external users
• Use shorter links when sharing files and folders
• Require recipients to continually prove account
ownership

29. Domain allow/block
Ability to whitelist or blacklist domains for SharePoint & OneDrive
• Tenant or site collection level
• Recommend blacklist
Office 365 Group external sharing does not respect the SharePoint configuration
Configure Azure AD allow/block list
https://go.microsoft.com/fwlink/p/?linkid=857710

30. Demo!

31. Site collection advanced sharing
Per site collection sharing via admin centers
Non O365
group backed
sites only in
classic admin

32. Site collection advanced sharing
PowerShell to set site specific sharing with Set-SPOSite
General
• -SharingCapability
• -DefaultSharingLinkType
• -DefaultLinkPermission
Anonymous
• -OverrideTenantAnonymousLinkExpirationPolicy
• -AnonymousLinkExpirationInDays
Domain restrictions
• -SharingDomainRestrictionMode
• -SharingAllowedDomainList
• -SharingBlockedDomainList
Other
• -ShowPeoplePickerSuggestionsForGuestUsers
• -DisableCompanyWidSharingLinks
• DisableSharingForNonOwners

33. Site collection advanced sharing
Access requests still can be set and utilized
Default access requests set to site owners SharePoint group
• Can update email + message
Control ability of members to share
Allow members to add to default members group
• Allows members to share site

34. Demo!

35. Sharing tidbits
If external sharing enable -> Office 365 group powered sites will be enabled with the same
Access requests list generated after access request submitted
• Access%20Requests/pendingreq.aspx
Hidden SharePoint List handles link management
Use content search for reporting
External sharing changes for My Site site collection apply to existing and new OneDrive’s
Utilize SharePoint Online as an extranet
Be aware of migration to SharePoint Online with Delve and permission exposure
Work with the business to understand sharing requirements, don’t just lock down

36. • xxxx
Help Contribute &
Stay Informed!
Microsoft Tech Community
https://techcommunity.microsoft.com
Microsoft 365 Roadmap
https://fasttrack.microsoft.com/roadmap
Office Blogs
https://blogs.office.com/
Office 365 Admin Center – Message Center
https://portal.office.com/AdminPortal
Office 365 for IT Pros
http://exchangeserverpro.com/ebooks/office-365-for-it-pros

38. Questions?
Email: drew.madelung@protiviti.com
Twitter: @dmadelung
Website: drewmadelung.com
Slides: http://bit.ly/DrewSlides

39. Everything you need
to know about
sharing files in
SharePoint &
OneDrive
SharePoint FestSeattle2018
#SPFestSeattle