Externally share in Microsoft 365 at the scale your business demands!

Extranet User Manager allows IT to setup a robust and granular permission structure which enables the business stakeholders to then manage their own external users in Microsoft 365.

What’s the difference?

Great question, one that we are quite comfortable with! To begin, we advocate to use Microsoft 365 external sharing when it will address the business need of a client and we will be honest with our guidance.

Below are main areas that differentiate EUM from the out-of-the-box external sharing experience:

SharePoint Online OOTB External Sharing

  • External sharing is configured at the site, library, or document level
  • Users determine who to share an item with, and what permissions to give
  • Works well for sharing with a few external people
  • With sites and content growth, it becomes challenging to know who outside the organization has access to what content

Extranet User Manager

  • Access and permissions are provided through Groups which exist as Azure AD groups
  • Each site, library or document that requires a unique level of access gets an EUM group created
  • SharePoint site owners assign group permissions
  • Works well for sharing with a large number of external people
  • Provides tighter access controls for the organization

SharePoint Online OOTB External Sharing

  • Invited users receive an email with a link to access shared content
  • The email comes from the person sharing the link
  • The subject line is standard: Sharer shared “Document Name” with you
  • The body of the email is standard and includes who the link will work for. The sharer can choose to include a descriptive message

Extranet User Manager

  • Clients choose what email SMTP they would like all user emails to be sent from
  • Several email templates are available for different purposes (notifying a user they have been added to the extranet, notifying them when a group membership request has been received/resolved)
  • Welcome emails are fully customizable, include a rich text editor
    • May be branded, include logos, images
    • May include custom text pointing to instructions for accessing the extranet, terms of use, privacy policies, etc.
    • Direct links to SharePoint sites may be embedded in the email

SharePoint Online OOTB External Sharing

  • Users are onboarded into the SharePoint site by receiving a link by email
  • The sharer may send the link to multiple email addresses
  • The sharer chooses how they want access to be granted
    • Anyone with the link can access content
    • Only the recipient using the specified email address can access content
  • Recipients gain immediate access
  • Recipients need to sign in with a Microsoft account or their work/school account

Extranet User Manager

  • 3 methods of onboarding external users:
    • Direct invitation through EUM Admin or the EUM Group Members SPFx Webpart
      • Group owners add members
      • Added members inherit the permissions for the Group they are added to
      • Members can be added to multiple groups at once
      • Members receive a welcome email with link(s) to group(s) they have been granted access to
      • Bulk upload of members from an Excel list can be processed
    • Private registration
      • A group owner generates a registration link that is circulated or sent by email to multiple users
      • Users click the link and are presented with a form to self-register for the group
      • An approval process may be configured for the registration
    • Public registration
      • A link to register to a group or site is presented on a public website
      • Users click the link and are presented with a form to self-register
      • Once submitted, Admin or Group owners receive notification that a user is pending approval
  • Mandatory user information required for external users is First Name, Last Name, Email Address. Additional mandatory/optional user profile fields may be added

SharePoint Online OOTB External Sharing

  • The user sharing content externally selects how they want to grant access
    • Anyone with the link can access the content
      • Options to Allow editing, open in review mode only, set an expiry date, set a password, block downloads
    • Specific people are granted access
      • Options to Allow editing, open in review mode only
  • Over time it becomes challenging to know who outside the organization has access to what content

Extranet User Manager

  • Supports centralized and delegated external user management
  • Admins can search for external users and Groups and see
    • What groups a user has access to
    • A group site URL allows the Admin to navigate to the SharePoint site and view user permissions
    • All users that belong to a Group
  • A delegated permission structure enables IT to define who internally manages their own sets of users and groups
    • Group Owner: can add and manager users within the group(s) they are designated the owner for
    • Group Editor: can access all groups and users, but is unable to edit application settings
    • Configuration Editor: can access all groups and users and can edit application settings
  • Organizations can maintain greater control over how external access is granted while minimizing the burden on IT

SharePoint Online OOTB External Sharing

  • External sharing reporting is available on a site by site basis by accessing site setting > site usage
  • Only site admins, site owners, and site members can view site usage data
  • All files and folders shared with external users within a single site can be extracted as a CSV report
    • All items shared with a link are reported
    • Links emailed directly that have not been clicked are not reported
    • For links that are shared with Anyone, the identity of those using the link is unknown, but their IP address is recorded in audit logs when they access or edit shared content.

Extranet User Manager

  • Site owners can export all or a select set of users or groups into Excel
  • EUM tracks all profile, status, and group membership changes done in internal auditing tables
  • Audit tables can be extracted from the EUM database and into Power BI
  • EUM audit trails can be incorporated into highly interactive visualizations, reports, scorecards, dashboards and charts that can be surfaced within web applications

SharePoint Online OOTB External Sharing

  • If a Data Loss Prevention policy is in place, a PowerShell cmdlet can be used to prevent external users from accessing newly added files before at least one Office DLP policy scans the content of the file
  • External sharing can be limited by domain – either by restricting certain domains or allowing specific domains only

Extranet User Manager

  • All end user pages including the login, self-registration and Landing application can be customer branded
  • Registration forms may include optional customizable profile fields
  • All email templates can be customer branded to include logos, imagery and custom text
  • The self-registration process can include a customizable approval workflow
    • This may include logic that routes registrations or auto-approves them depending on details submitted

SharePoint Online OOTB External Sharing

Extranet User Manager

  • EUM has a full REST API for automating core product functionalities such as creating EUM groups and assigning owners and permissions
  • Integration with a single system of record for user profile updates (ERP, CRM, HRMS etc.) further enhances user management
    • The system of record can be integrated into the self-registration process
    • Only users within the system of record can be added to the extranet
    • User profile updates made during registration or after login are synced back to the system of record

What does this mean for you?

IT Admin

  • IT can set user permissions in a structured way to address the business need
  • Self-registration eliminates the cumbersome account creation process
  • Security trimmed EUM Admin UI encourages delegation of user management to the business
  • Full audit logs of user administration maintained by EUM to meet regulatory requirements

Business User

  • Users can be added through EUM Admin UI or SPFx web part directly on SharePoint site eliminating IT wait times
  • Users can be made Group Owners which enables them to manage users within their group
  • Group Owners can send users email invites quickly

External User

  • Simple onboarding experience ensuring you gain access to the information you need
  • Able to register for additional groups that are publicly available
  • Self service updates to applicable external user profile information

What’s next?

Have a Microsoft 365 external sharing scenario you’d like some guidance on? Schedule a consultation with our team below to review the best options for you and your business, regardless if EUM is part of the solution or not!

More of a “hands on” type person?

We get it! Connect with us to walk you through installing and configuring Extranet User Manager into your Azure subscription in Microsoft 365 in less than 1 day!