SharePoint Unite 2017 Session

2. External Sharing in SharePoint Online
@maarteneekels

3. Maarten Eekels
20+ yrs in IT, 13 yrs in SharePoint
CTO Portiva
DIWUG board member
Speaker, vlogger
Contact
meekels@portiva.nl
www.eekels.net

4. Agenda
• External sharing options in
Office 365
• Guest link expiration
• The sharing experience
• External users in Office 365
Groups and Teams
• Azure AD B2B
• Conditional access

5. Sharing settings
• Tenant level
• SharePoint Admin level
• Site Collection level
• Site level
• Default sharing link type

6. Sharing a SharePoint site
• Site owner / Administrator
• Give any permission level
• Site member
• No option available to give
specific permission level,
same level as Members group

7. Sharing a document or folder
• Anonymous vs Signed-in
• View vs. Edit
• Expiration of anonymous
links
• You can always remove
permissions/links

8. DEMO

9. The sharing experience
• Microsoft Account vs.
Organizational Account
• The link in the email
points to the site where
the security groups
originates

10. DEMO

11. Office 365 Groups
Vs.

12. Microsoft Teams

13. External users in Office 365 Groups / Teams
• Sharing type can only be set through PowerShell
$template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq
"group.unified.guest"}
$settingsCopy = $template.CreateDirectorySetting()
$settingsCopy["AllowToAddGuests"]=$False
$groupID = (Get-AzureADGroup -SearchString “<your group name").ObjectId
New-AzureADObjectSetting -TargetType Groups -TargetObjectId $groupID -DirectorySetting
$settingsCopy
• Guest users can only be Members
• Profile info of internal users is trimmed

14. DEMO

15. Azure AD B2B
• Manual add users in the new Azure portal
• Bulk add users with CSV import in the classic Azure portal
or with PowerShell
• Programmatically add users with Graph API
• You can add invited users to a security group, which you
can add to a SharePoint group
• Invited users are added to AD instantly

16. Invitation API
https://graph.microsoft.com/beta/invitations / New-AzureADMSInvitation
{
"invitedUserDisplayName": "Satya Nadella",
"invitedUserEmailAddress": “endboss@outlook.com",
"sendInvitationMessage": true,
"invitedUserMessageInfo": {
"customizedMessageBody": "Hello Satya, let's collaborate!“ },
"inviteRedirectUrl": "https://www.microsoft.com"
}

17. DEMO

18. Conditional access
• SharePoint Admin Center
and OneDrive Admin Center
set the same settings
• For non-compliant device
policies, you need Intune
• These policies apply both to
internal and external users!

19. DEMO

20. One last tip
The ability to search for existing guest users in the SharePoint
Online people picker is OFF by default
Set-SPOTenant / Set-SPOSite –ShowPeoplePickerSuggestionsForGuestUsers $true

21. That’s all folks!
@maarteneekels