Forum Discussion

escupham's avatar
escupham
Steel Contributor
Mar 01, 2017

Groups Guest access and SharePoint access

Looking to confirm my understanding.  If you add a guest to an O365 from OWA, they will only have access to the associated SharePoint site if external sharing for that site has been turned on (or if external sharing was turned on a the tenant level)?  Since sites created off of groups don't show up in the SharePoint Admin center, you'd have to run PowerShell to enable external sharing on that site?  Is there any other way to grant external member access to a Groups SharePoint site besides PowerShell? 

  • Thanks guys for the feedback! Couple of things, we have been working internally to rationalize this settings & this is the plan of record as of now.

    1. By-default Groups have guest access enabled & the corresponding team site as well.

    2. Currently by default files cannot be shared with new guests unless they are member group. We are planning to *change* this default with full guest access enabled, so that you can share indivudal files with new guest users through SPO. 

    3. The way we want SPO settings & Groups settings for short-term is to be decoupled with the right messaging in the admin portal so that admins are clearly aware of what do they need to do to fully disable guest access.

     

     

     

    • David Rosenthal's avatar
      David Rosenthal
      Icon for Microsoft rankMicrosoft

      Thank you Sahil! This is a great update that will address a lot of the issues we've been seeing hopefully. Looking forward to seeing these changes roll out.

    • Salvatore Biscari's avatar
      Salvatore Biscari
      Silver Contributor

      Sahil Arora

      Thanks Sahil.

      About #2, my understanding is that today, by default, files can be shared with all existing external users, and not only with group members. Am I wrong?

  • The default setting for sites associated to Groups is ExistingExternalUserSharingOnly and you don't need to change it in order to add external members.

    If you want to change it, though, you can do it only by PowerShell.

  • My understanding is that is enough with enabling external guest at the tenant level so you don't need to run any PowerShell to configure Group sites
    • Salvatore Biscari's avatar
      Salvatore Biscari
      Silver Contributor

      Hi Juan.

      External sharing must be enabled at the tenant level AND at the Group site collection level (which BTW is the default) in order to allow access to guest members.

      • escupham's avatar
        escupham
        Steel Contributor

        Thanks. We have external sharing disabled at the tenant level, are only enabling for specific sites.  I added my personal external email to a Group I created, was able to conversate okay but got an access denied when trying to access the site.  Sounds like then that would be expected?  Until I turned on external sharing at the site collection level?

  • Jens Skov's avatar
    Jens Skov
    Copper Contributor

    As I understand my issue is not exactely what you are discussing, but I will chime in anyway. 

     

    We have the need to create links to files in a group library for unauthenticated access. Do I understand the thread right in assuming that this is not possible? 

    This means that right now the users are creating files structures in their own OneDrive that they are sharing with the Group and using the Shared With Us view. 

    What is very messy and takes away a lot of the advantages of the group, bus the external sharinng links are crucials for this organisation. 

     

    Can anyone help?

Resources