Posey's Tips & Tricks
A Look at Microsoft's Office 365 Guest Access
While Microsoft has finally provided a way to share content in SharePoint Online, there are some limitations.
Microsoft routinely adds new features and capabilities to Office 365, so it really isn't surprising that they have added a new capability to SharePoint Online. What is surprising however, is that this new capability allows SharePoint resources to be shared with external (unlicensed) users. This is something that SharePoint Online users have been screaming at Microsoft for many years. I am ecstatic that Microsoft is listening to its customers and has finally given them something that they have wanted for so long.
The only thing better than the fact that Microsoft is allowing external access to SharePoint is the fact that Microsoft is letting administrators provide that access in three different ways. This means that external access can be given to customers, vendors, partners, etc. with varying degrees of granularity.
The first way in which Office 365 administrators will be able to provide SharePoint Online usage to external users is through the use of an account. Admins can allow site-level access that is tied to either a Microsoft account or to a "work or school account."
A second way in which an admin can provide external access to SharePoint Online is at the document level. Rather than providing an external user with access to an entire SharePoint site, the administrator can grant access to a specific document within a document library. As is the case with granting site level access, document access is tied to either a Microsoft account, or to a "work or school account."
The third option for providing external SharePoint access is to create a link that can be used for anonymous access to a document.
Before granting external access to SharePoint Online, there are a few limitations that you need to know about. First, none of the methods described above allow for blanket, anonymous access to SharePoint content. You cannot, for example, build a public-facing Web site that is based on SharePoint Online by using any of these methods.
Another thing that you need to know is that when you create an invitation to access SharePoint content, that invitation is only good for one person. If you need to provide multiple external users with SharePoint access, you can create multiple invitations, but a single invitation cannot be shared.
A third limitation is that it is only possible to externally share SharePoint content if a global administrator enables external sharing and grants the required permissions. Fortunately, Microsoft has made this process easy on the administrator. To do so, log into the SharePoint Admin Center as a global admin and click Site Collections. Next, click on the checkbox for each site for which external content sharing should be enabled. You can see what this looks like in Figure 1.
As you look at the figure above, you will notice that the toolbar contains a Sharing icon. Clicking on this icon reveals the various sharing options. It is worth noting that Microsoft seems to be making the sharing feature available to its customers somewhat slowly. As such, it is possible that when you click on the Sharing icon, you may see a blank dialog box. Once you have been granted access to the feature however, your sharing dialog box will look like the one shown in Figure 2.
As you can see in the figure above, Microsoft provides several options for content sharing. The first option on the list effectively disables content sharing.
The second option allows external content sharing, but requires that content is only shared with those people who are already listed in the Active Directory as contacts. Active Directory contacts are not the same things as user accounts. They are essentially reference objects that provide details about non-employees.
The third option is to allow external access to anyone, so long as they accept a sharing invitation from an authorized user, and they authenticate into Office 365 using a Microsoft account or a work or school account.
The final option on the list is to allow sharing with all external users via anonymous access links. Because this type of sharing is anonymous, no authentication is required.
Keep in mind that these are global settings that apply to the selected site collections. It is still up to the individual site collection administrators to enable content sharing at the site collection or document level. Microsoft provides instructions for content sharing here.
Brien Posey is a 21-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.