External Sharing: Understanding the Problem
We have seen an increase in customers asking about how ProvisionPoint 365 can help them manage External Sharing in Microsoft 365. Across a three-part blog series, we will delve into this topic to understand the problem. We’ll cover how to report on it and ultimately how to manage it.
What is External Sharing
External Sharing is not a feature itself but more a concept that covers a range of collaborations with individuals who are not part of your organisation. Microsoft identify four potential scenarios for external collaboration:
- Collaborate on Documents – Sharing of files stored in SharePoint, OneDrive and Teams with either authenticated or anonymous users. Useful for scenarios where a document needs to be shared with many individuals, for instance, a brochure.
- Collaborate in a Site – Allow guest users outside of your organisations to access the full capability of the SharePoint Site. Useful for working with contractors and other third parties on projects.
- Collaborate in a Team – Adding guest users as members to a Microsoft Team. This allows the guest to collaborate on the full features of the Team, including chat, tasks and files.
- Collaborate with External Participants in a Channel – Work with a group of users from a customer or partner in a Shared Channel. Allows the external participant to work more seamlessly from their Teams environment.
Security Concerns
One sentence in this excellent Microsoft resource stands out for us is “Most guest sharing scenarios work without further configuration.” This neatly encapsulates the flexibility offered by Microsoft 365, empowering users to collaborate easily. However, it also leaves IT and Compliance teams with countless sleepless nights.
Perhaps the sentence should read “Most guest scenarios are enabled everywhere without further configuration.” It is very easy to think of scenarios where this becomes a problem. Some examples include the sensitive commercial documents you don’t want to be shared, the out-of-date price lists or the private HR Site.
Without further configuration and careful planning, external sharing can become a serious problem, with financial or legal consequences. That said it is a very valuable capability that should not be just turned off. The result of such an action would likely be users resorting to less governed solutions outside of Microsoft 365. Instead, organisations must have a clear strategy for External Sharing which should include education, reporting and management.
We have two remaining blogs on external access coming soon. They will cover reporting on external access and how to manage sharing.
To find our more we have a webinar, Managing External Access for Teams on 27 April 2022. You can register here.