Forum Discussion
Sharing to an external Office 365 Group
- Jul 20, 2016
There's a specific Guest feature coming for Groups. Guests are invited and must confirm with matching account.
On http://fasttrack.microsoft.com/roadmap, searching for "guest", under In development:
"Guest access support will enable teams using Office 365 Groups to easily collaborate with external team members (members that are not part of their organization/tenant). Guest users will have access to all of the groups assets: inbox, files, calendar and notebook. We'll introduce a number of administration controls to help you manage guests in Groups."
I see. You want to keep the file in your tenant and share to people in another tenant by specifying only a Group that is controlled by the other tenant. If that tenant changes the Group's membership, you want the updated list of members to be who can access the file in your tenant.
The Guests feature will let you put the file in a Group in your tenant and specifically list individuals (by email address) in the other tenant. If the list of people in the other tenant changes, you have to edit the membership in your Group.
Or, the Guests feature will also let the other tenant create a Group and add you as the guest. Then you can add the file to their Group and they can change the Group's membership (and thus permissions to the file). You still have an independent copy of the file in your tenant.
Does either Guest scenario work for you? I can get feedback to the engineering team if you need the summary of what I think you're asking.
The interesting thing is whether an external group can be a guest user in the way that an individual is. As I understand the situation, a guest user is identified by an email address. An Office 365 Group in an external tenant has an email address. Therefore, it should be possible to create a guest user to point to that Office 365 Group and share with them. Wouldn't that solve the problem?
TR
- David RosenthalJul 22, 2016Microsoft
Exactly what I thought as well TonyRedmond , but it doesn't work if you have Set-SPOTenant RequireAcceptingAccountMatchInvitedAccount set to True, since no one member of the group can take action on the invitation link as if they were the group itself in order to accept it and have the permission officially granted. The permission is not actually granted until authentication has happened.
We could set that parameter to False of course, but then we are less secure as anyone who got hold of that link would be able to accept the invitation even with a simple and free Microsoft Account.