Forum Discussion
David Rosenthal
Microsoft
MicrosoftSharing to an external Office 365 Group
Came across an interesting scenario today and wanted to get this group's opinion (and perhaps yours cfiessinger) The relevant configuration items: We have external sharing requiring authenticati...
There's a specific Guest feature coming for Groups. Guests are invited and must confirm with matching account.
On http://fasttrack.microsoft.com/roadmap, searching for "guest", under In development:
"Guest access support will enable teams using Office 365 Groups to easily collaborate with external team members (members that are not part of their organization/tenant). Guest users will have access to all of the groups assets: inbox, files, calendar and notebook. We'll introduce a number of administration controls to help you manage guests in Groups."
Jim KnibbMicrosoft
MicrosoftI see. You want to keep the file in your tenant and share to people in another tenant by specifying only a Group that is controlled by the other tenant. If that tenant changes the Group's membership, you want the updated list of members to be who can access the file in your tenant.
The Guests feature will let you put the file in a Group in your tenant and specifically list individuals (by email address) in the other tenant. If the list of people in the other tenant changes, you have to edit the membership in your Group.
Or, the Guests feature will also let the other tenant create a Group and add you as the guest. Then you can add the file to their Group and they can change the Group's membership (and thus permissions to the file). You still have an independent copy of the file in your tenant.
Does either Guest scenario work for you? I can get feedback to the engineering team if you need the summary of what I think you're asking.
David RosenthalMicrosoft
MicrosoftThanks Jim Knibb, I think we're on the same page. I want to retain control of the file and ensure that only one version exists for version control purposes, but I want to move permissions control of this file's external users from a certain domain to the admin of an Office 365 Group in that external domain that I trust.
As an example, say I'd hired a consulting firm to work on some assets of mine and expect the project to last for a long enough period of time that I expect quite a bit of staff churn. I'd rather not store my assets on their infrastructure/tenant, but I trust their leadership to only permission the proper people to view/edit all the associated files. Being able to share to an external Office 365 Group allows them to move staff around as needed without involving me or my team at all. The right people can get the right access quickly and efficiently, while the assets/files stay controlled and protected in my tenant. I can turn off access at any time to this external group if I wish without having to individually remove people or stop sharing completely which would break access to my own internal people who were shared with.
Your 1st option takes away the automation of the external permissions that Groups would offer.
Your 2nd option moves the file to the external Group's tenant, which is less secure from an intellectual property perspective (they now have my files, how do I know what they are doing with them or where they are going when our engagement ends?). This option could also cause some version conflicts as the files would exist in two places simultaneously.
Probably more of a niche case for now, but the automated aspect and usage of the powerful collaboration features that Office 365 offers are very appealing.
Cross-tenant federation, if that ever becomes a thing, would actually solve this I believe, but I would need to trust this external partner very much in order to fully federate with them. Instead of one Group getting access to some files, their tenant and my tenant would see each other's users as the same and allow access to anything as long as proper permissions were granted.