Let’s just say that you are IT admin for your company, and you have to allocate a lot of time for managing storage for your email solution. As we all know, usually employees are sending a lot of documents as attachments. And who can blame it? We all, are depending on working with customers and partners, so we have to share documents or other type of files.
Still for IT, Security and Compliance teams, those attachments mean allocating effort and budget for bigger storage (if using on-prem email solutions) and also for monitoring them.
Not to mentions that for small companies this effort is too much.
There are also other disadvantages for your employees, your partners or clients:
- It is difficult to find the latest shared version of a file
- It is difficult to have an overview of files shared with a partner/client
- Each attachment means higher chances to have a full mailbox (Yes! This apply for them as well!)
- Higher chances to make mistakes like: “Ops, I forgot the attachment!”
Therefor giving the employees a solution to share documents with external without using emails I am sure it will be highly appreciated.
In this article I am showing you what steps needs to be done on SharePoint Online in order to allow sharing documents with external and auditing who shared external.
Please keep in mind that below settings are done at a tenant/organization level. For each site you can have different settings but not more “relaxed” that tenant level.
First step would be to configure SharePoint site to allow external sharing. So:
In order to be able to configure the external SharePoint access you need to be Global admin or SharePoint admin. So, please check the role for the user who will make all the changes.
Then sign in to https://admin.microsoft.com as a global or SharePoint admin.
- In the left pane, under Admin centers, select SharePoint. (You might need to select Show all to see the list of admin centers.)
- Here you have options to allow or restrict external sharing both for SharePoint and OneDrive for Business. Keep in mind that OneDrive permissions cannot be more relaxed than SharePoint permissions. Just move the slide to your desired permission level. Personally, I recommend setting it up to maximum “New and existing guests”.
Now click on “Advanced settings for external sharing”. Here you can limit the sharing process to only specific domains.
Also, I would recommend looking on last checkbox! By default, is On! Are you sure you want to permit to your external to giver access to other people?
Next, you can configure the Default options for sharing. From my experience, people will do the minimum configuration during sharing process in order to send the information as soon as possible. They will not allocate time for re-check the security settings. So, these default settings are very important.
I am usually using “Specific people (only the people the user specifies)“, I am also configuring an expiration period and permit only View rights for files.
Note: Below screenshot appears when the most permissive settings have been configured in Step 2. In case you have configured less permissive (some settings will not be available).
Next, in case you want to be sure that only some people from your organization will be able to share documents with external, there is a button for this also.
Just click on “Limit external sharing to specific security groups”
You will be redirected to another page (from SharePoint classical interface). Here you will find some settings that you already configured in previous page but also, one very useful one. You can decide who are the employees that can share with externals. All you have to do is to create a security group with dedicated people.
- Press OK and you have finalized the SharePoint tenant permissions.
Now, you can make fine-tuning for each team site. Go back to SharePoint admin center, select Active sites, and select the team site you want to configure:
With your site selected, press Sharing and select the level of permission:
In my next article I will show you how to monitor this external sharing activity (useful also for GDPR).