Why is External Sharing Important?
Azure External Identities
Azure External Identities
Have a question?
Why Is External Sharing Important?
In this series of articles, we wanted to go through and answer some of the basic questions about the platform to help our readers better understand what Microsoft provides, and how Extranet User Manager improves and extends the out-of-the-box experience. To begin, we wanted to answer the top-most question: What is external sharing?
External sharing is exactly what it sounds like: the ability for employees to share content with people outside of your organization. Here on the EUM website, we have dozens of case studies and industry examples of why external sharing is needed, and many of the different ways in which this important functionality can be deployed and supported to meet the unique needs of your organization.
Microsoft has been investing in creating a unified sharing experience, providing similar capabilities across each workload -- from SharePoint and Microsoft Teams to Word and OneNote. There are, of course, some differences between sharing an individual document, sharing access in a team or team site, or sharing access to your tenant. However, it is good to see that Microsoft is thinking about each of these experiences and providing common behaviors between tools, as well as opening APIs for partner solutions to further extend these experiences.
What Microsoft provides out-of-the-box:
- For sharing a single file, for example within Microsoft Word, the new unified sharing experience can be accessed through File > Share, allowing you to control how it is shared (email attachment or link), with whom it is shared (anyone with the link, specific people or domains), and what actions they can take (edit or read-only).
When sharing an individual document from within SharePoint or Microsoft Teams, you will see common sharing options:
- For sharing content on a team or team site, you may want to pull people into your location rather than push content out to them. The ability to invite others -- whether they are inside your organization or outside -- must be enabled by the administrator. However, once enabled, the process is as simple as sending an email invitation, however the access these guest users have is limited.
- For more granular access and extended capabilities, your options are to upgrade your guest users to full users (adding them to your Azure Active Directory and providing the necessary licenses) or to create a formal extranet. Obviously, these options require additional security and governance planning and ongoing oversight, as well as possible changes to your broader permissions and information architecture to ensure that these users only have access to necessary content and conversations, not other sensitive intellectual property.
For this third option, let's go through some of these important considerations:
In a previous webinar that is available on-demand, Microsoft MVP and EUM President Peter Carson (@carsonpeter) shared five important considerations for planning out your extranet strategy, whether leveraging the OOTB external sharing capabilities in Office 365, or building a more customized solution on top of Office 365:
1.Who will be accessing the extranet?
Who you invite will determine the controls and capabilities you put in place. You may have completely different policies for customers, as for your vendors, partners, board of directors, or anonymous members of the community, so be clear on who you are inviting and the differences between the types of users.
2.Self-registration option or invitation-only?
If inviting a smaller or known set of users, you may opt for an invitation-only process that is more managed, or even delegated to others within your organization to manage. If onboarding hundreds or thousands of external users, you may instead want to have in place a self-registration process with automated approvals and delegation.
3.How will your extranet users authenticate?
Depending on who you are inviting and the process of registration, you may want to support an expanded list of authentication methods, from email and password to authenticated Office 365 or Azure AD profile, or through federated services leveraging their Google, Facebook, LinkedIn or Twitter accounts to authenticate.
4.What interactions are your external users going to have?
Once people are in your environment, what capabilities will be enabled? Will they be accessing published content, collaborating with members of your team and each other on specific documents, or accessing additional team or project sites as guest members? Or do they require even more granular access, becoming full-fledged members of one or more Office 365 Groups?
5.What applications will be accessible?
Is your intention to give these users full access to the entire Office 365 platform, including SharePoint and OneDrive, or to restrict them to specific workloads and tools, such as Teams, Yammer, or Planner? What about 3rd party applications, custom applications and Line of Business (LOB) systems, or your on-premises environments (like SharePoint)?
Sharing a single Word document is a simple and quick activity, but clearly there can be a lot of complexity -- and planning activities -- around a formal external sharing strategy. It's important to understand your needs and intended outcomes, and to plan accordingly. In the on-demand recording (Office 365 External Sharing webinar), Peter walks through many of these external sharing experiences, and highlights some of the technical and process issues with each, including several case studies of how organizations across various industries have solved these issues. Be sure to check out this great online resource, and let us know if we can answer any questions as you begin to plan out your external sharing strategy!