Forum Discussion
Groups Guest access and SharePoint access
Looking to confirm my understanding. If you add a guest to an O365 from OWA, they will only have access to the associated SharePoint site if external sharing for that site has been turned on (or if external sharing was turned on a the tenant level)? Since sites created off of groups don't show up in the SharePoint Admin center, you'd have to run PowerShell to enable external sharing on that site? Is there any other way to grant external member access to a Groups SharePoint site besides PowerShell?
- Sahil AroraMicrosoft
Thanks guys for the feedback! Couple of things, we have been working internally to rationalize this settings & this is the plan of record as of now.
1. By-default Groups have guest access enabled & the corresponding team site as well.
2. Currently by default files cannot be shared with new guests unless they are member group. We are planning to *change* this default with full guest access enabled, so that you can share indivudal files with new guest users through SPO.
3. The way we want SPO settings & Groups settings for short-term is to be decoupled with the right messaging in the admin portal so that admins are clearly aware of what do they need to do to fully disable guest access.
- David RosenthalMicrosoft
Thank you Sahil! This is a great update that will address a lot of the issues we've been seeing hopefully. Looking forward to seeing these changes roll out.
Thanks for this great update Sahil Arora do you have an ETA about when this will be rolled out?
- Salvatore BiscariSilver Contributor
Thanks Sahil.
About #2, my understanding is that today, by default, files can be shared with all existing external users, and not only with group members. Am I wrong?
- Salvatore BiscariSilver Contributor
The default setting for sites associated to Groups is ExistingExternalUserSharingOnly and you don't need to change it in order to add external members.
If you want to change it, though, you can do it only by PowerShell.
- My understanding is that is enough with enabling external guest at the tenant level so you don't need to run any PowerShell to configure Group sites
- Salvatore BiscariSilver Contributor
Hi Juan.
External sharing must be enabled at the tenant level AND at the Group site collection level (which BTW is the default) in order to allow access to guest members.
- escuphamSteel Contributor
Thanks. We have external sharing disabled at the tenant level, are only enabling for specific sites. I added my personal external email to a Group I created, was able to conversate okay but got an access denied when trying to access the site. Sounds like then that would be expected? Until I turned on external sharing at the site collection level?
- Jens SkovCopper Contributor
As I understand my issue is not exactely what you are discussing, but I will chime in anyway.
We have the need to create links to files in a group library for unauthenticated access. Do I understand the thread right in assuming that this is not possible?
This means that right now the users are creating files structures in their own OneDrive that they are sharing with the Group and using the Shared With Us view.
What is very messy and takes away a lot of the advantages of the group, bus the external sharinng links are crucials for this organisation.
Can anyone help?
- Salvatore BiscariSilver Contributor
"By default, all SharePoint site collections that are part of an Office 365 Group have the sharing setting set to Allow sharing only with the external users that already exist in your organization’s directory. To change this setting, you can use the Set-SPOSite Windows PowerShell cmdlet." from https://support.office.com/en-us/article/Manage-external-sharing-for-your-SharePoint-Online-environment-c8a462eb-0723-4b0b-8d0a-70feafe4be85?ui=en-US&rs=en-US&ad=US
Hence, to share with unauthenticated users, it is enough to change the default by powershell.
- Jens SkovCopper ContributorAwesome! That was exactly what I was looking for! Thank you!