Forum Discussion
Why does default option sharing OneDrive for Business docs now give link anyone can use to edit?
Hi Stephen
That does help and I understand the imperative. As some might say "you need to square the circle" and that is not always easy.
Microsoft is a technology company now providing services to very large cohorts of users. I understand why you would want to make the different capability discoverable.
My main point is about how the majority of users in a "business" organisation would expect the default behaviour to be. I'm surprised that Microsoft has concluded that the default would be open and anyone with the link can access the file. I presume Microsoft is measuring the proportions of files shared openly and just for the people included.
I appreciate the efforts being made - this is all non-trivial stuff :-)
Microsoft
One of the fun challenges in sharing is that each feature we build will get used by the mom & pop shop of 5 people and also by the enterprise of 50,000 people. It gives a huge breadth of types of users we need to address.
When we looked at how we wanted to make sharing work by default, we started with what is still the biggest method of sharing for everyone today: attachments. Anonymous access links are designed to work as closely to attachments as possible (with the additional benefits of being a cloud file). For example, when I send an e-mail containing an attachment to you, there is no "restriction" on that e-mail by default. You can take the mail and forward it to anyone in the world and they can access that attachment as well. Anonymous links are meant to work the same way (You send the link to Bob, and then Bob can share it with their coworker Jill if they need to). Sending a "specific people" link is meant to mirror the scenario of IRM'ing a mail. In that case, the user is making an explicit decision that "this document is for Bob and only Bob. He can't forward it or share it without my express permission".
Of course, we want IT to feel like they have control over content which is why we provide all of the settings we have today (and are constantly building more). In a lot of cases, we give IT on/off switches for features to help control exposure. One of the things we are working on adding more of in sharing is the idea of a "default" where users can still get their work done but IT ensures that they are safe by default and make "risky" choices explicitly (instead of by accident). We can make the best end user experiences in the world but if IT turns them off or feels its not safe, then we're not doing our job right.
It's a big problem space but we've made a lot of progress in the last few years (and 2017 is shaping up to be just as big in that respect as well). I always love hearing feedback on this type of stuff because it's absolutely critical to nail both ends of the experience.
Thanks!
Stephen Rice
OneDrive Program Manager II
A little later yesterday someone in my org. quite independently contacted my team to ask about the behaviour of attachments he'd received from someone using Outlook Web Access (OWA) to attach documents which went into the sender's OneDrive for Business "email attachments" folder.
In your last message you said: "Anonymous access links are designed to work as closely to attachments as possible (with the additional benefits of being a cloud file). For example, when I send an e-mail containing an attachment to you, there is no "restriction" on that e-mail by default. You can take the mail and forward it to anyone in the world and they can access that attachment as well. Anonymous links are meant to work the same way (You send the link to Bob, and then Bob can share it with their coworker Jill if they need to)."
However, what I have observed is that because the sender used the default option for OWA, the links appear in emails which were either opened in Outlook 2013 (not logged in to Office 365) or OWA (logged in) or another client e.g. mail on a Mac (not logged in). The behaviour when accessing the email in unauthenticated mode (not logged in) resulted in being presented with a link which opened a document with Guest contributor privileges.
That is fine if the person just wants to review the document but in this case the sender expected people to download the attachment and use it as a template. In anonymous contributor mode there is no facility to download the document - so there seems to be a major gap in the "use case" of "anonymous access links are designed to work as closely to attachments as possible"
Is there a reason for not allowing downloads on documents opened in anonymous contributor mode?
- StephenRice
Sorry for the delay in responding to this. I had to ask around the team a bit to see what is going on. The short version is that anonymous links don't explicitly support download today. We do want to light this scenario up eventually but we have some other link improvements that are already on-going that take precedence. Thanks for the feedback!
Stephen Rice
OneDrive Program Manager II
yeah, getting complaints about the whole downloading the anonymous shared files. I think roughly because the default share option is now anonymous. I've changed that so it should help but since folders can download files, so should direct files. I mean I kind of understand why would shouldn't download office files to try to keep one master document vs. getting into e-mail cob web again, but for things like templates it could be a problem. However this is why they should either A. Learn to put it on SharePoint and update the copy there, or B. just use a regular e-mail attachment :p.