SharePoint Online: External Sharing – End- to-End backed by enterprise-grade document lifecycle management Mark Kashman Senior Product Manager – SharePoint @mkashman
Dec 24, 2015
SharePoint Online: External Sharing – End-to-Endbacked by enterprise-grade document lifecycle management
Mark KashmanSenior Product Manager – SharePoint@mkashman
ManageBuild
DiscoverOrganize
SHAREShare
Sharing is SharePoint
Share easily
Share responsibly
Share with anyone
Sharing is hereSimpleSharing & Shared with dialogsNew people picker
No roadblocksAccess Requests
Sharing is always at your fingertips, in …SharePointOffice clientsOffice Web Apps
Sharing is externalSharePoint Online OnlyExternal AccessSites or documents can be shared with external users External users sign in using Microsoft Account or Office365 Account Once inside, external users are treated similar to internal users
Guest LinksDocuments can be shared using Guest Links View or edit Guest LinksWhoever gets the link can access the contentDocuments open in Office Web Apps
Administrative controlsOffice 365 Enterprise3 options to configure Guest Links & External Access
Switch at company level, separate switch for each site collection & Personal Sites
DefaultsBoth Guest Links and External Access ON at company levelON for pre-created site collections (My Sites, Team Site, Public)Newly created site collections have External Sharing OFF
Office 365 Small business1 switch for both Guest Links & External Access
Switch at company level – no separate switch per site collection
DefaultsGuest Links & External Access ON at company level
External User Use RightsIn scope• View and edit with the Office Web Apps.• External users inherit the use rights of the Office 365 customer.• Add, view, edit and delete documents, lists, list items; per their permissions.• Navigate to sub-sites within the same site collection to which they were invited.• View and contribute to Site Feeds.
Out of scope•Do not get their own Personal Sites (what used to be referred to as My Sites).
• They will not have their own SkyDrive Pro.• External users cannot view the company-wide newsfeed or use the “following” capabilities. • They also cannot edit their own profile, change their photo, or see aggregated tasks.• External users do not add quota to the overall tenant storage pool.• External users cannot be an administrator for a site collection.
• However, you can designate an external user as a designer for your Public Website. • Cannot access the Search Center and will not be able to execute searches against “everything.”
More details in this “What is an external user?” Office.com help article:http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/what-is-an-external-user-HA104036809.aspx
A LOT OFDemoExternal Sharing: end-to-end
Resources Manage external sharing for your SharePoint online
environment http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/manage-external-sh
aring-for-your-sharepoint-online-environment-HA102849864.aspx?CTT=5&origin=HA104036809
What is an external user? http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/what-is-an-external-
user-HA104036809.aspx
SharePoint Online: software boundaries and limits http://
office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/sharepoint-online-software-boundaries-and-limits-HA102694293.aspx
Get-SPOExternalUser cmdlet article http://technet.microsoft.com/en-us/library/jj730438.aspx + SharePoint Online Management Shell:
http://www.microsoft.com/en-us/download/details.aspx?id=35588
Q&A
I will post this deck anonymously via Twitter: @MKashman
Thank You
Office Doc Scavenger HuntStart here: http://aka.ms/SPOScavenger
Hands-on Fun with SharePoint Online’s External Sharing and the Office Web Apps
Play to win:
Appendix
External Access & InvitationsSharePoint Online onlyWho can invite?Only users with “Manage Permissions” can invite external users
Invitation redemption First redeemer gets accessHistory of redemptions maintained in the Access Request List
AccessIf a document is shared – Access is limited to document onlyIf a site is shared – Access is limited to everything within site
External Access & Invitations (cont.)How does it work?
Security validationsCheck if External Access is enabledCheck if invitation is validCheck if redeemer is the same
Features blocked for authenticated guestsSkyDrive Pro, Newsfeed, Following, Sites hub, Site Mailbox
External user
invited This
creates invitatio
n in Access
Request List
Invitation email sent to guest with
invitation URL
Guest clicks URL.
Verification of
validity of
invitation and if external access
is enabled.
Guest signs in
with Microsof
t Account or Office
365 Account. Verificat
ion of redeem
er.
Guest added
to SharePoi
nt Online
Directory
Service & to site collectio
n
Guest gets
permissions on
the object &
is redirected to it
Guest LinksSharePoint Online OnlyWho can create Guest Links?Only users with “Manage Permissions” on a file can invite users to it via a Guest Link
Guest Link redemptionWhoever gets the link can access the contentOffice documents open in Office Web Apps, other files trigger download
AccessGuests get View or Edit access only to the document shared
Guest Links (cont.)How does it work?
Security validationsCheck if Guest Links are enabledCheck if the link is a valid link
Site secretDoes the document exist?
Check if this link has been disabled
User shares a
document using Edit or View
link
Hidden user
created and
granted permissions on the document
. Inheritance broken.
Guest receives
email with
Guest Link.
Clicks on the link.
Verification:
Are Guest Links
enabled? Is this a
valid link? Does the document
exist?
User impersonates the hidden
user and is
redirected to the
document in web apps.
Sharing with “Everyone”Two special “everyone” claims“Everyone”
New name for “All authenticated users”Available in SharePoint as well as SharePoint OnlineMaps to “All authenticated users in the tenancy, including external users” in SharePoint Online
“Everyone except external users”
Available in SharePoint Online only
“Shared with Everyone” folder in SkyDrive ProSharePoint: “Everyone” has access to this folderSharePoint Online: “Everyone except external users” has access to this folder
No customizations available
Administrative controls with PowerShellOffice 365 Enterprise Only
Reporting: Enumerate/Search external usersGet-SPOExternalUser -PageSize 10
Delete external users
Remove-SPOExternalUser -UniqueIDs@(“[email protected]”)
Screenshot Click-thruExternal Sharing
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.