One of the major benefits enjoyed by organizations that are part of the SharePoint Online environment is undoubtedly the ease of collaboration, not just with their employees but also with customers, vendors or partners. All thanks to external sharing features of SharePoint Online that enable you to share content with people outside your organization.
Who is external user?
An external user is a person who is not part of your Office 365 subscription and yet he/she has been given the access to your content including files, documents, one or more sites.
Different types of external users
There are essentially two types of external users:
Authenticated users with Microsoft accounts
Sharing content including permissions and groups with external users who have a Microsoft Account from another Office 365 subscription is quite similar to the way you share with your internal users.
Since these users do not have a license to your Office 365 subscription, they have limited collaboration capabilities:
- External users can perform tasks like view, add, update, edit, delete on sites, flies or folders for which you have given access to them.
- Guest users will have access to sites, files, documents but they will not be able to download the desktop version of Office 365 on their computers unless you assign them a license.
- Depending on the permissions you give, external users will be able to access other content sections on sites.
In case you wish to offer greater capabilities to your guest users, you need to assign them an appropriate Office 365 license.
Authenticated users without Microsoft accounts
It is possible to share content with anyone who has an email address even though if it is not a Microsoft Account. In this case, a one-time access code for authentication is sent to them each time they access the file or folder.
Key external sharing features in SharePoint Online
- Sharing with existing external users
This option allows you to share sites, folders, and documents with external users who are already in your Office 365 user directory. It may include users who have accepted sharing invitations earlier or have been imported from Office 365 or Azure Active Directory tenant.
- Sharing with authenticated external users
You can share content with external users who already have a Microsoft account or an Azure Active Directory subscription. These users are not required to log in using a Microsoft account instead they are sent a one-time code, which can be used to verify their identity.
- Sharing with anonymous users
Content can be shared using anonymous links that don’t require sign-in. Anyone with an access to the link can view or edit the files and folders. The links are valid until you disable them, or they expire (if an expiration date was set).
In addition, anonymous users cannot be assigned licenses. They can only access the specific documents, files or sites for which they have an anonymous access link. Even though you cannot verify their identity, the IP address is recorded in audit logs when they access or edit shared content.
What happens when I share a site or document?
Sharing content with authenticated external users
Once you share a site with an authenticated external user:
- An invitation containing a link to the site or document is sent to the user via email
- Once they log in using their Microsoft account, they are given access to the content and added into the users list in your Office 365 subscription.
- The new user is seen listed with #EXT#in their user name
- Once the external user is added to your user list, you can directly give them access to other sites or documents without sending them additional invitations.
- In case you wish to discontinue sharing with the guest users, either remove them from the user list in Office 365 or remove their permissions from the site.
Sharing content with authenticated external users without Microsoft accounts
When you share a file or folder with a authenticated guest user without Microsoft Account:
- An email containing a link to the file or folder is sent
- In order to verify their identity, a time-sensitive code is sent via email each time they access the file or folder.
- To access the file or folder, guest user must enter the code
- To discontinue sharing content with the external user, delete the sharing link that was sent to them.
Sharing with anonymous users
To share with anonymous users:
- Separate view and edit links are created and sent to them
- The links are set to expire at a specified time
- The same links can be reused and passed around
- Anonymous users are not added to the user list in Office 365
- To discontinue sharing, go to the document or folder that you shared and delete the anonymous link
Collaboration with external business partners/vendors
To collaborate with vendors, clients or business partners, you can set up a SharePoint Online extranet site. It is a dedicated space for your B2B collaboration. Further, you can even lock this site ensuring that only site owners and authenticated users access it.