Protiviti / SharePoint Blog

SharePoint Blog

August 08
Sharing with External Users with Office 365

Fact: Every organization will require interactions between internal users and external users.

One of the most common requests I receive from clients is the ability to share information and collaborate with external users. Traditionally this has created a nightmare situation for IT Departments that want to make sure that they protect their organization from external threats. Up to now the solution has been to create an Extranet that is secured but allows for the necessary collaboration. This is less than ideal because of the amount of time it takes to implement (users need to collaborate now not 6 months from now) as well as the cost of creating and maintaining an extranet.

All of this has changed with Office 365 and SharePoint Online. Microsoft has gone to great lengths to provide world class security around the SharePoint Online environments (details can be found on Antonio Maio’s blog). With the infrastructure for external sharing being provided simply by having an Office 365 tenant you can enable external sharing with a few simple clicks. There are many options for controlling the extent to which users can share content externally and these should be carefully reviewed before opening up your environment.


Will you even want to share your content externally? Your Office 365 administrator can turn external sharing on/off at the global level. You may not want to have a specific tenant be capable of sharing with external users. If this is the case then you would turn off external sharing at a global level and you would need another O365 tenant for external sharing.

What if we only want to share some content but we don’t want external users to be able to access everything? External sharing can be configured (once enabled for the farm) at the Site Collection level. This allows you to have sites where only internal users can access content and sites with the ability to share content to either users with an account (they will need to register their email address with a Microsoft Live account which takes a few steps but is easy and free) or users that receive anonymous access links.

What if we don’t want users to have indefinite access to content? If you are requiring users to authenticate to access content you can simply remove the account form your SharePoint group as you would internal users. When configuring a site collection to allow anonymous access you can set limitations on how long the anonymous access links are valid for and they will automatically lose access after the link’s expiration date.

What if we want to only share content with specific companies or block certain companies from accessing our content? SharePoint Online give you the ability to identify specific domains and what to do with them. You can specifically block sharing with certain domains:

Or only allow sharing with specific domains:

Notes: This can only be configured at the global level, not at the Site Collection level. You can only block or grant access, not both!

To learn more about Office 365, join us for our Office 365 Roundtables in October in Chicago, Atlanta, Minneapolis, Washington DC and Houston! Learn more.

Quick Launch

© Protiviti 2021. All rights reserved.   |   Privacy Policy