Forum Discussion

Paul O'Neill's avatar
Paul O'Neill
Copper Contributor
Apr 17, 2017

SP Online and contractors

We want to provide contractors with access to some areas of our SP Online environment. Have read about external sharing and it seems suitable as: *contractors may work infrequently (from a few days...
SharePoint Online
Dean_Gross's avatar
Dean_Gross
Silver Contributor
Apr 19, 2017

Just to add to the confusion, MS has provided https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-licensing which does not mention "contractors". I think that this uses much more precise language than the support.office.com page.

 

I think that we need to consider Microsoft's intent and how they operate their own business. They have thousands of "contractors" in India and other locations who while they have MS badges don't get all of the benefits provided to their full time employees. Given this, it seems logical to evaluate our business relationships in a similar manner when determining who needs a license.

roykim's avatar
roykim
MVP
Apr 19, 2017
I agree with your statement.
  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor
    Apr 19, 2017

    One of the many benefits of Azure AD is that MS is aware of hacks like occurred with Yahoo, and will provide warnings to you when those accounts are being used to access applications such SharePoint online.

     

    The B2B functionality (eliminates the need to bring outsiders into your directory while providing many powerful controls) and when  used in conjuction with other Azure AD Services (MFA, Identity Protection, Privileged Identity management, etc) is a very powerful set of security capabilities.

     

    Creating SPO site collections for each client is a common method for managing a security boundary and when used with Azure B2B and AAD Groups provides an easily understandable and maintainble security structure.

  • Vivek Jain's avatar
    Vivek Jain
    Iron Contributor
    Apr 19, 2017

    It's a sea full of information, Microsoft at it's best again. May be due to just plain fact that the products are so vast/versatile that hard to cover all scenarios in terminologies. I liked the external sharing capabilities within SPO. But in my organization the management had decided to not share externally (due to limited size of external users, who aer really our clients) and instead had those external user brought onto Office-365, this is mainly due to the fact that public domain accounts are more prone to hacking (e.g. massive hacking of Yahoo accounts in recent past).

     

    With all the unclear language around defining "external users", do we need to worry for legality what we see or microsoft sees as an external user. If we were to play the role of MS Account Manager, I myself would take the "safer for myself" route and decide that if it's a "contractor" then they need a license.

     

    If we would like to provide certain users "within our own org" (contractors and employees alike) the "external access" then my own opinion is that we can do that by all means, if there was any

    legality/restrictions then the basic check micrsoft would have in place would be to not allow (or a warning) if we provide "external access" to those email addresses where the domain is already has a tenant on Office-365  but the user himself not migrated to Office-365 (for the reason of deferring the user until we are fully convinced about Office-365). I don't believe there is any such check restriction or warning today while sharing externally.