Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Power Saturday Paris 2019 - Enabling External Sharing in Office 365, SharePoint and OneDrive


Published on

By default, Office 365 is turned for external sharing. However, without any planning and considerations some organisations turn this off and plan for later, but businesses can't wait after all collaboration is internal and external! There are plethora of settings and services to allow external sharing to your customers, partners and suppliers. With recent improvements in external sharing, this demo based session will cover the ins and outs for successful implementation of external sharing in Office 365.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Power Saturday Paris 2019 - Enabling External Sharing in Office 365, SharePoint and OneDrive

  1. 1. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Power Saturday Enabling External Sharing in Office 365, SharePoint and OneDrive Chirag Patel @techChirag 14 et 15 juin 2019, Paris
  2. 2. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Merci à nos sponsors http:// Silver Bronze Gold
  3. 3. Chirag Patel @techchirag /techchirag techchirag.comBlog Office 365 & SharePoint Consultant, Architect, Speaker
  4. 4. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Session Overview
  5. 5. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Getting started with External Sharing and Collaboration
  6. 6. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Sharing & collaboration coverage • From OneDrive for Business, share with “Anyone." • From OneDrive for Business, if collaboration isn't to be ongoing, share with “Specific people.” • For ongoing collaboration, use a new or existing Team or team site and add members (including external members). • Use a new or existing Communications site. • Grant “everyone except external guests” permissions to a site, folder, or file in your team shared library or OneDrive for Business. • Share a file in OneDrive for Business (both for internal and external sharing). • Share a team/project file from a team site. • Use a new or existing Team or team site and add members (including external members). • Save all team files into Teams document library or team site • Share links to specific files from a team site. • For ongoing collaboration, use a new or existing Team or team site and add members (including external members), OR • For specific content, grant access to a site or folder from your team site shared library. Share with no restrictions Share externally Share broadly with company Share with my team + others Share with my team Share one-off file
  7. 7. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 End-user sharing experience ANYONE Easiest way to share files with anyone on the planet Recipient has access if they have the link Recipients decides who else gets access PEOPLE in my COMPANY Easiest way to share files within the company Recipient has access if they have the link AND are in the company Recipient decides who else in my company has access PEOPLE with EXISTING ACCESS Direct pointer, does not add permissions Recipients who already have access via membership, or explicit permission have access Recipient cannot decide who else to share to SPECIFIC PEOPLE Sharer decides which specific people inside and outside have access Only those people have access and prove their identity
  8. 8. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Think about putting policies in place Policy Examples System will support external collaboration Users cannot share content from OneDrive for Business Externally Users can share content from SharePoint External sharing should be disabled on sites by default IT will restrict 3rd party / domains Only users who have completed training are allowed to share content externally External users are required to sign in IT can enable / disable external sharing Require external users to re-prove account ownership every 7 days Prevent external users from sharing content they do not own Only site owners can invite external users External Sites should have naming convention External access sites to be identifiable in sites list IT can remove 3rd party access
  9. 9. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Thinking about people and processes External access process with roles and responsibilities Training - including compliance requirements Information security policy Information classification policy Instructions for 3rd Parties – Setup, access, policies Managing external access and removing access Sharing v Links v Office 365 Groups User
  10. 10. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Managing external sharing Control WHO can share to external users Everyone Only specific people No one Control WHICH external users can be shared with Anyone Only authenticated users Only authenticated users except specific domains Only authenticated users in specific domains No one Control WHAT can be shared externally Anything Only specific libraries Only files without sensitive content Control HOW externally shareable links can be used Default Enabled, but not default Mandatory expiration date Block externally-shareable edit links Disabled
  11. 11. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 External Sharing Governance Support staff Enable self service creation Use lifecycle management Detecting valuable content Use classification for sites Scan with data loss prevention (DLP) Protect content Limit reach Enforce policy Use conditional access Use IRM (Information Rights Management) Charge Responsibility Manage group / site ownership Review external membership Use IT services and management tooling
  12. 12. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Accounts and Invitations
  13. 13. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Look…I just want to share externally! ExternalUser (SharePoint/OneDrive) • Someone from outside your Office 365 tenant to whom you have given access to one or more sites, files, or folders. • 3 types of users • Anonymous • Authenticated without MSA • Authenticated with MSA GuestUser (Office365&AzureB2B) • Also known as external user that grants them access to all apps within O365 group (emails, calendar, notes, files, and plans) • Foundation for Microsoft Teams, Planner, PowerBI, Dynamics CRM and other Enterprise Apps
  14. 14. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 External Sharing Invitation Management SharePoint (& OneDrive) • Separate invitation manager to Azure AD • Adds users to SPO directory after users have redeemed their invitations • New invitations generated every time you share • Can pick external users from Azure AD Azure AD B2B • Users are added immediately on invitation so that they show up everywhere • OneDrive/SharePoint Online invited users also show up in Azure AD after they redeem their invitations • Guests in Office 365 Groups already uses Azure AD B2B invitation APIs for sharing
  15. 15. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Microsoft Accounts and Anonymous users External User Type Sharing Behaviours Authenticated user with Microsoft account (listed with #EXT# in their username) • Collaboration tasks aligned with site permission levels i.e. “Site Member” – i.e. site libraries, subsites, etc. • For files or folder: added as guests to Office 365 directory • Can view and edit files in Office Online only Authenticated user without Microsoft account • Can only share files and folders to email address with one-time access code (email) for authentication each time they access • Forwarded emails attempt will send one-time code to original recipient • Can’t share sites Anonymous User • Free link - shareable link to file or folder and can view/edit without log in with a username or password • Can be forwarded and valid until you disable link or expire • Can’t access site, nor assign licenses, nor verify identity – only IP address. (updated 06 May 2019)
  16. 16. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 SharePoint - Invitation Models • This is the default for a new site collection and the recommended model as it provides control to administrators and at the same time flexibility of end users being able to collaborate with their new business partner users without much intervention. User-initiated guest invitation model • If you want more control than the default sharing model over who can invite new users to a site, you can configure the site to only allow site owners to invite new users. This prevents ad-hoc invitations from being sent out by site users. Site-owner-initiated guest invitation model • In an admin-managed partner users model, the Office 365 you pre- populate your organisation's directory with the guest users who you'll be inviting to your site. This can be done by importing users from other Office 365 or Azure AD. Admin-managed partner users model
  17. 17. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 DEMO: Tenant Level Sharing
  18. 18. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 DEMO: Azure External collaboration settings
  19. 19. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Sharing Settings in SharePoint and OneDrive
  20. 20. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 DEMO: SharePoint Admin - External Sharing
  21. 21. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 DEMO: SharePoint Admin – External Sharing
  22. 22. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Who is the target audience?
  23. 23. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Who can share externally?
  24. 24. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 What can external users do?
  25. 25. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Limiting external sharing using domains
  26. 26. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 OneDrive Admin: External Sharing
  27. 27. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Issues accessing files/folders, etc. You give an external user access to a Microsoft SharePoint Online or Microsoft OneDrive for Business resource. The user accepts the invitation but is signed in by using another Microsoft account at the time. The user browses to the shared resource. User receives one of the following error messages: • Access Denied • Let us know why you need access to this site. • User is not found in the directory • You need permission to access this site.
  28. 28. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Authorise guest access (Microsoft Teams) • Azure Active Directory: Controls the guest experience at the directory, tenant, and application level. • Microsoft Teams: Controls Microsoft Teams only. • Office 365 Groups: Controls the guest experience in Office 365 Groups and Microsoft Teams. • SharePoint Online and OneDrive for Business: Controls the guest experience in SharePoint Online, OneDrive for Business, Office 365 Groups, and Microsoft Teams.
  29. 29. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Getting Visibility to External Sharing
  30. 30. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Using Auditing • Awareness of activity & anomalies • Audit log search • Rule based alerts
  31. 31. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 DLP Policy Matches Tuning DLP policies and content patterns
  32. 32. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 New SharePoint Admin Center Dashboards show Files shared externally
  33. 33. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Sharing notifications Be notified when your content is shared
  34. 34. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Managing access to shared content
  35. 35. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Site Usage Awareness when content is externally shared
  36. 36. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Who is accessing my content Give awareness when their content is accessed in OneDrive
  37. 37. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Knowing why I am blocked • Policy Tips • Provide feedback to admin • Override the policy
  38. 38. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Additional External Sharing Considerations
  39. 39. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Apps & Services and add-ins: Office 365 Groups
  40. 40. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Apps & Services and add-ins: Calendar
  41. 41. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Apps & Services and add-ins: Integrated Apps • Read user profile details • Edit or delete files (OneDrive folder) • Read items contained in site collections • Send email as that user
  42. 42. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Apps & Services and add-ins: Forms
  43. 43. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Apps & Services and add-ins: Sway
  44. 44. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Microsoft Teams & Skype4B Admin
  45. 45. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Microsoft Teams & Skype4B Admin
  46. 46. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Power BI Admin
  47. 47. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Sharing Dashboard
  48. 48. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 PowerApps Portals – Coming Soon! • Build low-code, responsive websites – allowing external users to interact with the data stored in the Common Data Service • App Types – Portal, more on the way! • External Users – such as LinkedIn, Microsoft Account, other commercial login providers • Integrate with Power BI embed, Microsoft Flow, Microsoft SharePoint, Azure Blob Storage, Azure AD B2C and Azure Application Insights • Merging capabilities offered by Dynamics 365 Customer Engagement portals
  49. 49. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Secure Access
  50. 50. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Secure Access: Keep it simple for everyone? Device Location User App Tenant Site File Conditional Access Different Scopes Access and Sharing Policies
  51. 51. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Limited browser-only access on unmanaged devices Prevents leakage of data on unmanaged devices Allows users to be productive on any device Scopes: Tenant and site Specific users Controls: Edit vs. View Download non-previewable files
  52. 52. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 What’s new for users?
  53. 53. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 NEW! Smart people picker
  54. 54. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 NEW! Link open receipts  Coming this year
  55. 55. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 NEW! Password-protected links • Coming soon!
  56. 56. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 NEW! Block downloads • Keep your documents in the cloud –Avoid out-of-date copies –Maintain access control • Available for view-only links
  57. 57. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Any Questions
  58. 58. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Evaluations
  59. 59. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 The European SharePoint, Office 365 & Azure Conference 4 Days 2,500 Delegates 150+ Sessions 120 Speakers Use code ESPC19SPSP for 10% discount on all tickets
  60. 60. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Merci! Chirag Patel @techChirag