Forum Discussion
External sharing good practice
Hi all
I'm wondering what is the typical industry practice for external sharing of Sharepoint team site files, folders or subsites. Do most companies forbid this and allow just external sharing via Office 365 employee one drive folders?
I saw somewhere else that others recommend setting up a separate sharepoint site collection say called "external sharing" and having subsite for each external client you wish to share with and put their documents in there - only thing with this is you have to manually download from one sharepoint site and upload into that new site collection.
Thanks in advance
Gerry
5 Replies
You can control external sharing settings at almost every level in SharePoint, for this reason I recommend allowing external sharing at the tenant level while setting more restrictive settings at the site and document level.
If your users need to collaborate externally and you don't allow external sharing at the organizational level, none of the sites or OneDrives in your org will be able to share through SharePoint. This only exacerbates the issue, if your users need to share a document externally they will find a way to share that information regardless of how it needs to get done.
So, would you rather external sharing happen in a place where you can have some vision and control or force your users to use another file sharing platform you have zero control or sight of? I'd rather provision sites as needed and at least maintain some control of who's sharing what, with whom and how.
With the introduction of Microsoft Teams external collaboration is even easier to set up, here you make a new team for the various projects and members of that team will have access to a Team site which is automatically created when a team is created. This way you can control access through the team rather then need to go back and dig through the environment and remediate all the direct access the users have been given when a project is finished.
- We have Site Collections for our Departments and Teams but never allow external sharing on these. We create separate 'Collaboration' Site Collections with external sharing enabled for each 3rd party we work with and also limit the Domains which can be shared in order to enforce this. We're a highly regulated organisation, so we have to be careful about what we share and have these steps in place so sensitive content isn't accidentally exposed to the wrong people.
I seldom recommend using the subsite approach, you have much stronger controls creating separate site collections for each company/partner that you want to share with. This is very easy to explain to most people.
If you have a project with multiple subcontractors, creating separate document libraries for each one of them is a very clean and easy way to provide the necessary security controls. Create a SP Security Group for each firm, and then align it with a document library, have some other libraries for content that needs to be shared with everyone.
Many of my clients block external sharing from OneDrives and only allow it from selected SPO Site collections.
You will get different answers from different organizations here. Depends on the industry/company, but yes, it's common to restrict external sharing and the main reason why we have so many controls around it. And yes, having separate SCs for each partner is usually a good approach, especially in cases where they are competitors.
With the new "Move to" update being pushed now, you can easily move a file from one Site collection to another. Currently it only supports folder moves, but once the update is live you can move files including metadata and version history to another site collection very easily.
Sharing depends on how sensitive the data is. In my case I allow all Sharing everywhere. If you keep them from Sharing on SharePoint but allow it on OneDrive, that will just cause file duplication etc. and since they can do it there doesn't really gain you anything IMO and only complicates things.
