At any given point in time, every organization needs to share its content with end-users, clients or partners, who are not a part of the organization.
You will also use it if your organization has many Office subscriptions. Through External Sharing, an organization’s users can share their content with outside users without creating separate accounts for them. This way, external users can also contribute to the organization’s growth. But, sometimes, External Sharing gives access to certain content that you don’t want to share with people outside the organization, which rises security concerns. Therefore, sharing content externally needs proper planning and a structured hierarchy of permissions. Otherwise, your organization will be at risk. I am here to shed some light on what external sharing is and the options that are available to share safely and securely.
So, What is External Sharing?
The External Sharing is a feature of SharePoint Online, through which users in your organization share content with users outside the organization such as partners, vendors, clients, or customers.
Different Options to share content in SharePoint Online
Before configuring External Sharing settings first, you need to know the different options that are provided by SharePoint Online. You can choose any one of them, depending on your need and requirement.
1. Anyone
Through this option, you can share content using anonymous links that don’t require sign-in. Anyone who has the link can access the content i.e. view, edit and share with others. It’s recommended to not share any sensitive information with anonymous users because you don’t have a proper tracking of who is accessing what.
2. New and Existing Guests
This options allows to share content with existing external users and, you can also share it with new external users. But they must sign in or provide verification code to access the content. Whenever you share content with them, they will receive an email invitation that contains a link where they need to sign in. Then, they’ll be added to your organization’s Azure Active Directory as a guest. If they don’t have work or school account, then they need to enter verification code every time and are not added to your Azure AD.
3. Existing Guests
With this option, sharing content with new external users is not allowed. But the external users who already exist in your Azure AD by accepting sharing invitations can access the content.
4. Only People In Your Organization
You cannot share content with external users with this option. If external users already have access to your content, then they will lose access to it. Only users within your organization have access to your data. To prevent external sharing completely, prefer this option.
5. Configure External Sharing Settings
Choose this option to share content externally in SharePoint Online and One Drive for Business. You need to select one option from above and, along with it, you also need to configure some External Sharing settings at below levels so that your content is more secure. The levels are as follows-
- Organization level
- Individual Site level
- File or folder or item level
1. Organization Level
To share content externally, you need to enable external sharing at the Organization Level. Choose an appropriate way of sharing your content and configure additional settings.
2. Individual Site Level
To use the Individual Site Level, first you need to enable external sharing at Organizational Level. Site administrators can configure different external sharing settings for an individual site or the same as an organization setting. The least permissive will be applicable at the site level. For example, if an organization has Anyone, but at site-level, you choose Existing guests, then Site will not be accessible to anyone and not allowed to share with new external users.
3. File or Folder or Item Level
To share files or folders or items you need to configure settings at both organization level and site level. Finally, you need to share them with external users in an appropriate way. To know more about these refer here.
Best Practices for External Sharing
While sharing your content somewhere, you may feel that some sensitive information is also shared with a greater number of unauthorized users. If you want to disable External Sharing, it is not a great idea as you may completely lose the benefits of External Sharing. Instead, you can follow the SMART practice and train your users to efficiently implement and utilize external sharing in your organization. The SMART approach is-
- Secure Share
- Manage SharePoint Content
- Avoid Anonymous Access
- Restrict Sharing
- Timely Check the Sharing Activity
1. Secure Share
Share your content securely. After sharing the content link with an external user, they must sign-in using the same account to which sharing invitations are sent and Make sure your guest users know what they are doing. Don’t allow external users to share items externally. To know more, please refer here.
2. Manage SharePoint Content
Manage your SharePoint content structure correctly. For example, If the folder is shared with external users, then the sensitive information within the folder also being shared with external users. Make sure no external users have inherited permissions on your secure content and No external user got access to content through the SharePoint Groups. Make sure that you are not sharing the entire site collection or site. Only Share required libraries/folders/files. If required keep your sensitive content separately in another site/library.
3. Avoid Anonymous Access
Don’t share your content using anonymous links as these don’t require sign-in. So, an authenticated user or anyone who has the link can access the content and misuse it. If it is required, set expiration, password and block download using the anonymous links. Keep track of those links so that you can unshare if required.
4. Restrict Sharing
Share the content with only trusted authenticated users. So, you have a better track of the sharing activity, which files got shared with whom. To ensure secure sharing, you can restrict the sharing of content by blocking specific domains. For more secure share add white list and blacklist domains.
5. Timely Check the Sharing Activity
Check your sharing activities regularly so that you have a better track of your site collection, sites, list/libraries, and folders/files and external users who have access to your content. It is recommended to create appropriate governance policies so that you can counter or modify the external sharing.
Now that you have a better idea about External Sharing and all the ways through which you can share content and the best approaches to share, wouldn’t it be great if there’s a tool that can do it all for you? This is where the Saketa Security Manager steps in!
To keep track of external users and their activities, you need an expert or a great third-party tool like Saketa Security Manager. With this tool, you can completely track all external sharing activities, shared links, external users and their permissions on the entire tenant. You can review and take actions accordingly like modify or remove permissions of external users of any site collection, site, list or library, folders, and items/files all in one place.
Start Your Free Trial Today!