Downloaded 21 times
Uploaded byDrew Madelung
Everything you need to know about external sharing in OneDrive, SharePoint, and Teams
The document outlines key aspects of external sharing in Microsoft 365, particularly focusing on OneDrive, SharePoint, and Teams. It describes various sharing settings, management of guest access, and the complexities around sharing sensitive content across organizations. Additionally, it emphasizes best practices for controlling external sharing and ensuring secure collaboration among teams and external users.
More Related Content
Similar to Everything you need to know about external sharing in OneDrive, SharePoint, and Teams
More from Drew Madelung
![Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]](https://cdn.slidesharecdn.com/ss_thumbnails/agenticcommunityseries-day3-cfd-251120170304-ddef8112-thumbnail.jpg?width=640&height=640&fit=bounds)
Everything you need to know about external sharing in OneDrive, SharePoint, and Teams
- 1. FALL: Las Vegas,NV Dec 7–9, 2021 SPRING: Las Vegas, NV April 5–7, 2022 M365Conf.com MICROSOFT 365 COLLABORATION CONFERENCE Everything you need to know about external sharing in OneDrive, SharePoint, & Teams Drew Madelung
- 3. 2021/2022 April 5 –7, 2021 MGM Grand Las Vegas, NV Dec 7 – 9, 2021 MGM Grand Las Vegas, NV In-Person – December and April
- 4. M365Conf.com FALL: Las Vegas,NV Dec 7–9, 2021 SPRING: Las Vegas, NV April 5–7, 2022 Who am I Drew Madelu n g Milwaukee, Wisconsin Associate Director @ Protiviti @dmadelung
- 5. M365 architecture tosupport sharing Sharing for files, groups, sites Sharing management Everything you need to know about external sharing in OneDrive, SharePoint, & Teams #M365Conf
- 6. Do you allow externalsharing? Do you have email turned off?
- 7. Access and Share allyour files through OneDrive Collaborate, communicate, and share in one spot in Teams Share content, data and portals in SharePoint
- 8. Global economies requirecross company collaboration Users need to be able to safely share content across company boundaries Companies need to keep sensitive content secure in a complex environment
- 9.
- 10. File Collaboration acrossMicrosoft 365 All files stored in SharePoint File sharing settings shared Every OneDrive site is a SharePoint Site Collection SharePoint Online SharePoint Communication Sites Teams OneDrive for Business SharePoint Team Sites Yammer Communities
- 11. Teams Chat Microsoft 365Groups are a group of people Single identity across workloads Azure AD objects Share at the group level Different sharing settings Teams Chat SharePoint Files Planner Tasks Exchange Email Microsoft 365 Groups SharePoint Sites not M365 Group backed (Communication/ Classic)
- 12. Teams Chat The configuration& management for sharing files is different than the Microsoft 365 group Adding external users to the group grants them access to solutions the group is granting access too Sharing files grants them access to just that content SharePoint Files Microsoft 365 Groups
- 13. Teams Chat PlannerTasks Exchange Email Teams Chat SharePoint Files Microsoft 365 Groups Teams Chat Adding external users to the Team adds them to the Microsoft 365 Group File sharing the same as the content is still based on SharePoint sharing rules
- 15. Someone from outsideyour Microsoft 365 subscription who has been granted access to a site, file, or folder Authenticated with Microsoft account Anonymous Spreads across workloads Added to Azure AD as Guest Groups, Teams, SharePoint, OneDrive, Yammer, etc Can’t be shared sites IP tracked
- 16. External access enables communication(chat) or content available without using guest accounts • Sharing a file anonymously Sometimes used synonymously but there are differences Guest access enables non directory users into your environment as guest accounts which can grant them access to content • Adding a user to a team
- 17. Share files andfolders Request files Add guests to Teams (M365 group) Share files and folders Add guests to site Add guests to M365 group Share files and folders
- 18. There are differentexternal sharing settings for containers vs files M365 Group Files M365 Group Site Files Files
- 19.
- 20. Specific People People withexisting access People in the organization Anyone
- 21. A non-transferrable, revocablesecret key, only grants access to the specific recipient Won’t work if forwarded to others Existing users get access via their account New external users prove email ownership Internal users granted access directly with inheritance broken
- 22. Send link withoutsharing Does not change permissions Users have access and receive a link via email Gets direct link to file
- 23. A transferrable, revocablesecret key, only grants access to internal users Can be forwarded to others Access can be revoked anytime Users need link to gain access Requires sign-in to an account in my organization Members (non-guests) in Azure AD
- 24. A transferrable, revocablesecret key Can be forwarded to others Access can be revoked anytime Users need link to gain access Guarantees users can open, anywhere, without signing in
- 25. Modern sharing UIis unified across platforms OneDrive Mobile App Office Mac File Explorer with OneDrive sync Mac Finder Microsoft Teams (TBD) SharePoint OneDrive Office Online Office Desktop Outlook on the Web
- 26. SharePoint tenant settings checkedfor external sharing SharePoint site settings checked for external sharing User shares file that creates a link External user accesses link B2B invitation processes if non anonymous External user accesses file Guest access expiration begins
- 27.
- 28.
- 29. Tenant settings checked ifguest access available Group settings checked if guest access available User adds guest to a Group (Team) B2B invitation sent Guest user accepts invitation Guest added to group and has access to content External sharing settings enforced for files This is not how shared channels will work
- 30.
- 31.
- 32. Tenant settings checked ifguest access available User adds guest to a SharePoint site B2B invitation sent Guest user accepts invitation Guest added to SharePoint site and has access to content External sharing settings enforced for files
- 33.
- 34.
- 35.
- 36.
- 37. Microsoft 365 admincenter > Settings > Security & Privacy
- 38. Turn on/off externalsharing Tenant, per group, per user Turn on/off per workload Teams, Power BI, SharePoint Allow guests to invite Access reviews Powered by Azure B2B Guest inviter role (no Teams) Domain allow/block Different than SPO & OneDrive Configured in Azure AD Terms of use (some have extended licensing)
- 39. Allow OR Block,not both One policy per organization Works independently from SPO Does not apply to already added guest members Powered by Azure B2B https://go.microsoft.com/fwlink/p/?linkid=857710
- 40. Powered by AzureB2B Microsoft 365 admin center > Settings > Services & add-ins > Microsoft 365 Groups https://aka.ms/o365-groups-guests
- 41. • Azure ActiveDirectory: Guest access in Microsoft Teams relies on the Azure AD business-to-business (B2B) platform. Controls the guest experience at the directory, tenant, and application level. • Microsoft Teams: Controls Microsoft Teams only. • Microsoft 365 Groups: Controls the guest experience in Microsoft 365 Groups, Teams, Outlook, and more • SharePoint Online and OneDrive for Business: Controls the guest experience in SharePoint Online, OneDrive for Business, Microsoft 365 Groups, and Microsoft Teams. Anywhere there are files. https://aka.ms/teams-dependencies
- 42. Microsoft Teams >Org-wide settings > Guest access https://aka.ms/teams-manage-guests
- 43. Configure forceprivacy (public private) Manage ability to add new guests Configure external file sharing Control access from unmanaged devices or other CA
- 44.
- 45. Control WHO canshare to external users • Everyone • Only specific people • No one Control WHICH external users can be shared with • Anyone • Only authenticated users • Only authenticated users except specific domains • Only authenticated users in specific domains • No one Control WHAT can be shared externally • Anything • Only specific sites • Only files without sensitive content Control HOW externally shareable links can be used • Default • Enabled, but not default • Mandatory expiration date • Block externally-shareable edit links • Disabled
- 46. Sharing forOneDrive can be MORE restrictive but not LESS restrictive than SharePoint If sharing turned off globally in SharePoint any shared links will stop working Sharing Options No external sharing Only existing external users (sign-in required) New and existing external users (sign-in required) Anyone, including anonymous users (on by default) Your SharePoint Online sharing settings determine which OneDrive sharing settings are available Files hosted in Teams use these permissions
- 47. Only effects files& sites Can be set per site Only for new shares after expiration put in place
- 48.
- 49.
- 50. Usage logs Audit log Sharingreports Data governance reports
- 51. OneDrive external sharingreports per OneDrive Data governance reports for sharing links in tenant
- 52.
- 53. Utilize specific SharePointsites or Teams as extranet(s) and only allow external sharing there • Only specific users can share to external users • External users cannot share • Only specific domains can be shared to Allow anonymous by request for specific OneDrive sites • Configure expiration policy • Pull audit events out and retain for all anonymous shares Allow external for all SharePoint sites and Teams • External users cannot share • Enable DLP to restrict access of sensitive info if shared • Empower sensitivity labels for regulated users • Enable monthly access reviews for external users • Have external users accept terms of use • Build sharing reports
- 55. Work with thebusiness to understand sharing requirements, don’t just lock down Utilize MFA for guests using conditional access Setup DLP to remove guest access to sensitive content Utilize terms of use for guests through Azure AD & conditional access Use guest access reviews in Azure AD Force web only access for guests using conditional access and sensitivity labels Utilize sensitivity labels for sites, groups, & Teams to control external guest and file sharing
- 56. Questions? Email: drew.madelung@protiviti.com Twitter: @dmadelung Website:drewmadelung.com Slides: http://bit.ly/DrewSlides
- 57. M365Conf.com FALL: Las Vegas,NV Dec 7–9, 2021 SPRING: Las Vegas, NV April 5–7, 2022 MICROSOFT 365 COLLABORATION CONFERENCE Everything you need to know about external sharing in OneDrive, SharePoint, & Teams