If you perform work that involves sharing documents or collaborating directly with vendors, clients, or customers, then you might want to share content on your Team site or OneDrive for work or school with people outside your organization who do not have licenses for your Microsoft 365 Small Business subscription.
There are three ways that you can do this:
-
You can share an entire site by inviting external users to sign in to your site using a Microsoft account or a work or school account.
-
You can share individual documents by inviting external users to sign in to your site using a Microsoft account or a work or school account.
-
You can send users a guest link that they can use to view individual documents on your site anonymously.
If you're looking for more information on sharing a document or site and who is considered an external user, see Share SharePoint files or folders in Microsoft 365.
Note: These steps apply to Office 365 Small Business, which is no longer available for purchase. If you're using a different Microsoft 365 plan, see External sharing overview.
In this article
How to share without oversharing
Best practices for sharing sites
If you've shared an entire site with a user, then that user will be able to log in to the site and function like a full member of the site. They will be able to browse, search for, view, and edit content (depending on which permission group you assign them to). They will be able to do things like see the names of other site users in the People Picker or view document metadata. External users will also appear in the People Picker as site users. This means that other people who use your site could grant different permissions to these users than you initially granted when you shared the site with them. Be sure you know the identity of external users before you invite them to your site.
If you invite external users to your Team site, they will be able to view content on the Team site and all subsites. If you want to avoid having external users gain access to important or sensitive content on your Team site, you should create a subsite of your Team site that has unique permissions, and then share only that subsite with external users. To learn more about permissions inheritance, see What is permissions inheritance?
Similarly, if you want to share a subsite that you've created on your OneDrive for work or school site, you will want to ensure that it has unique permissions so that you do not accidentally grant users permission to additional sites or content on your OneDrive for work or school site.
Best practices for sharing documents
If you share documents using anonymous guest links, then it is possible for invitation recipients to share those guest links with others, who could use them to view content. Do not use guest links to share documents that are sensitive. If you want to minimize the risk that someone might share an anonymous link, share a document by requiring sign-in instead.
Deciding how to share
When considering if and how you want to share content externally, think about the following:
-
To whom do you want to grant access to content on your Team site and any subsites, and what do you want them to be able to do?
-
To whom in your organization do you want to grant permission to share content externally?
-
Is there content you want to ensure is never available to be viewed by people external to your organization?
The answers to these questions will help you plan your strategy for content sharing.
Try this: | If you need to: |
---|---|
Share a site If you want to share a site, but you also want to restrict external users from gaining access to some of your organization's internal content, consider creating a subsite with unique permissions that you use exclusively for the purpose of external sharing. | Provide someone outside your organization with ongoing access to information and content on a site. They need the ability to perform like a full user of your site and create, edit, and view content. |
Share a document and require sign-in. | Provide one or several people outside your organization with secure access to a specific document for review or collaboration, but these people do not require ongoing access to other content on your internal site. |
Share a document, but don't require sign-in. | Share a link to a non-sensitive or non-confidential document with people outside your organization so that they can either view it or update it with feedback. These people do not require ongoing access to content on your internal site. |
Turn external sharing on or off
The ability to invite external users to the Team site is enabled by default, so site owners and site collection administrators can share the Team site or any of its subsites with external users at any time. However, if you are the Microsoft 365 admin, you can choose to disable the feature for all sites so that no future invitations can be sent. When this feature is deactivated, any external user currently invited to sites will no longer be able to access the sites.
Enabling external sharing is not the same thing as enabling anonymous access. When external sharing is enabled, users must be authenticated (by signing in) before they can access internal resources.
-
Go to Admin > Service Settings > sites and document sharing.
-
Do one of the following:
-
Turn on external sharing
-
Turn off external sharing
-
Security Note:
-
When you deactivate external sharing, any external users who had access to the site at the time the feature was deactivated are denied access to the site and no future invitations can be sent. If the feature is reactivated with external user names in the SharePoint permissions groups, then those users will automatically be able to access the site again. To permanently prevent a user from accessing the SharePoint site, you can remove them from the list of external users.
-
If external sharing is turned off globally, any shared guest links will also stop working. If the feature is later reactivated, these links will resume working. It is also possible to disable individual links that have been shared if you want to permanently revoke access to a specific document.
Remove individual external users
If you need to remove external users so that they no longer have access to sites that have been shared with them, you can do so by removing them from the list of external users in Microsoft 365 Service Settings.
-
Go to Admin > Service Settings > sites and document sharing.
-
Click Remove individual external users.
-
Select the external users you want to remove, and then click Delete (the trash can icon).
Disable an anonymous guest link
When a document has been shared through a guest link, you can see this information in the properties menu for the document. To learn how documents can be shared through guest links, see Share SharePoint files or folders in Microsoft 365.
You can revoke access to a document that has been shared through a guest link by disabling the link.
-
Go to the library that contains the document for which you want to remove a guest link.
-
Point to the document, and click Open Menu.
-
Click a guest link in the sentence Open to anyone with a guest link.
-
Next to the URL for the guest link, click the Delete button.
-
When you are asked if you want the link disabled, click Disable Link.
When people outside your organization attempt to access the content using the guest link, they will see a message indicating that they cannot access it.
Withdraw invitations
If you want to withdraw an invitation you have sent to an external user, you can revoke the invitation before it is accepted.
Go to the site on which you want to withdraw an invitation
-
Go to Settings> Site Settings.
-
Under Users and Permissions, click Access requests and invitations.
-
Under External User Invitations, find the person you would like to uninvited to the site and click Open Menu.
-
In the properties window, click Withdraw.
If the external user has already accepted an invitation, and you want to remove their access, you can do so by removing them from the SharePoint permissions group to which you assigned them.
No comments:
Post a Comment