Creating Your External Sharing Strategy
Microsoft has been investing in creating a unified sharing experience, providing similar capabilities across each workload -- from SharePoint and Microsoft Teams to Word and OneNote. There are, of course, some differences between sharing an individual document, sharing access in a team or team site, or sharing access to your tenant.
Microsoft provides a number of core sharing capabilities out-of-the-box:
- For sharing a single file, for example within Microsoft Word, the new unified sharing experience can be accessed through File > Share, allowing you to control how it is shared (email attachment or link), with whom it is shared (anyone with the link, specific people or domains), and what actions they can take (edit or read-only).
- For sharing content on a team or team site, the ability to invite others -- whether they are inside your organization or outside -- must be enabled by the administrator. However, once enabled, the process is as simple as sending an email invitation, however the access these guest users have is limited.
- For more granular access and extended capabilities, your options are to upgrade your guest users to full users (adding them to your Azure Active Directory and providing the necessary licenses) or to create a formal extranet. Obviously, these options require additional security and governance planning and ongoing oversight, as well as possible changes to your broader permissions and information architecture to ensure that these users only have access to necessary content and conversations, not other sensitive intellectual property.
For this third option, there are some of these important considerations:
- Who will be accessing the extranet?
- Self-registration option or invitation-only?
- How will your extranet users authenticate?
- What interactions are your external users going to have?
- What applications will be accessible?
Read the full article on the Extranet User Manager blog to get more details on each of these planning considerations.