SOLVED
Home

Will anonymous external sharing be disabled: New ways to govern access of external users

Highlighted
Joris van der Sligte
Occasional Contributor

Will anonymous external sharing be disabled: New ways to govern access of external users

Hello, we just received the Major Update Notification: New ways to govern access of external users are coming to Office 365 

 

When I read the accompanied KB I conclude that external anonymous sharing will not work anymore after this date. And that when using Office365 groups in collaboration with external users we will be fine and nothing changes. Are my assumptions correct?

30 Replies
Solution

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

IMHO, you are not correct.

What will change is that external users will see only the content that has been shared directly with them or with Groups to which the external users belong.

This applies only to external users which are required to sign-in, while anonymous sharing will continue to work as usual.

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Totally agree here with @Salvatore Biscari . Adding also @Stephen Rice

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Hi Salvatore, thanks for the clarification. Good to hear.

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

@Salvatore Biscari is correct. This change only changes the "Everyone", "All Authenticated Users" and "All Forms Users" claims/groups. So before this change, if you shared something to "Everyone", that content would be accessible by all users in your organization and all guest users in your directory. Now, it will only be the first group. Hope that helps!

 

Stephen Rice

OneDrive Program Manager II

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

How do you share files in groups with an anonymous link? It is greyed out for me, and I have anonymous sharing turned on in the Admin portal.

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Hi @Harold Anderson,

 

Anonymous sharing is disabled by default for group-connected sites. You will need to use SharePoint Online Management PowerShell to change that setting (Set-SPOSite). Soon you will be able to do this via the new SPO Admin Center as well (which will show group-connected sites). Thanks!

 

Stephen Rice

OneDrive Program Manager II

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

So there is actually no way to do this without the PowerShell?

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Not today. The Admin center changes will be coming very soon (but I don't know the exact date).

 

Stephen Rice

OneDrive Program Manager II

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

I should have stored everything in OneDrive instead of Office 365 Groups.

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

I cannot figure out how to use the PowerShell to allow us to create an anonymous link to the folder of pictures we want to share with our web designer. Seems very confusing, and not at all clear that it can be done. I am truly surprised that I am the only person who needs to share files with someone outside our organization.

Is this a Beta product, or are people just supposed to know that they should not be using Groups?

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Hi @Harold Anderson.

 

It is actually very simple to share Group items to anonymous users.

The main steps are the following:

  1. Enable anonymous sharing at tenant level.
  2. Enable anonymous sharing at Group site collection level
  3. Share the item

The first two steps are clearly described in the following article:

https://support.office.com/en-us/article/turn-external-sharing-on-or-off-for-sharepoint-online-62882...

 

Also, we have discussed this topic in detail in many threads in this community.

 

Hope it helps...

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

It is actually impossible to do without the PowerShell according to Microsoft, see above posts by Stephen Rice.

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Correct.

At the moment you need PowerShell in order to change the sharing setting for site collections connected to Groups. It will be possible to do it in the new SPO admin UI, but we don't know when.

What is the problem in using PowerShell? It is quite easy, IMHO.

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

It is not as easy as this:

https://www.youtube.com/watch?v=gEO7vrrm0AY

I was not able to figure out how to use PowerShell, and in my humble opinion, Dropbox's solution is easier. I could be wrong.

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Harold, it's not fair to compare Office 365 with Dropbox.

Office 365 is immensely more powerful, and hence more complex, than Dropbox.

So, if you don't need the power of Office 365, then stay with Dropbox, but otherwise you need to learn to manage the complexity of Office 365 in general, and of SharePoint in particular.

Also, in Office 365 it is a common pattern to have at first most options configurable only with PowerShell, with the most frequent ones arriving eventually to the UI at a later time.

In short, if you want to be proficient with Office 365, you need to be at least a little familiar with PowerShell.

What doesn't work for you in the PowerShell code described in the article I linked?

 

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

We needed email, spreadsheets, and word processing also, and Dropbox does not have those. So we bought Office 365 from GoDaddy for $7.99 per month per user. Buying Dropbox also would be a waste of money, so it was viewed as an either/or choice. Since Dropbox did not have email, we went with Microsoft. But the sharing and file storage in Dropbox is much easier and more familiar to most users. I do not see Dropbox making users download command line tools and figure out the URL for their files before being able to share them.

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Understood.

PowerShell is actually needed only to tenant admins, in order to configure less common options.

So, if you aren't the tenant admin, you can ask your admin to configure the relevant options.

If you are instead the tenant admin, then you need to do a little effort and learn the basics of PowerShell.

Otherwise, you will only scratch the surface of Office 365, IMHO.

Just my opinion, of course...

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Ironically, OneDrive is actually two different drives: The OneDrive product and then the Office 365 Groups. I think it might be easier to share files if you avoid Office 365 Groups entirely. The OneDrive part of OneDrive seems to have easier ways to do anonymous sharing

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Hi Harold,

 

What you're seeing is certainly a rough edge on the product and it's one that we are quickly working to address. When looking at OneDrive and SharePoint (SharePoint being deeply connected with O365 Groups), the former is intended for files that belong to "Me" and SharePoint/Groups are for files that belong to "We" (i.e. multiple people). Our goal is for both experiences to have the same great collaboration abilities and the same great security features. Because SharePoint/Groups have an implicit concept of membership (the "Group" of people), Group files are further locked down (disabling anonymous links) for security reasons while OneDrive has anonymous enabled by default.

 

Today, you do have to use PowerShell to open the Group site up for broader sharing and we've heard lots of feedback that the experience is, well, suboptimal :) The new SharePoint admin center (which started rolling out recently) is going to make this entire experience much better for you. While PowerShell can certainly be useful, we don't want to make it a requirement for using O365 effectively (especially for smaller businesses which may not have dedicated IT departments).

 

If you need step-by-step instructions on enabling anonymous sharing for your Groups, shoot me a PM and I can send you each command you'll need to run to make this all work. Thanks!

 

Stephen Rice

OneDrive Program Manager II

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Thanks for the response. The reason we put the files in a Group site was because they were thought of as owned by the whole company rather than one person: So "we" instead of "me" as you say. The problem came when we wanted to share the files with an external web developer. We found out that the share with Anyone link was mysteriously greyed out, and when we Googled the solution, were led to this thread.

I downloaded the PowerShell in an attempt to get it working, but did not see any documentation on it beyond what I could get at the command line. I think the farthest I got was

get-help Set-SPOSite -detailed.

But then there were a lot of options without any description (such as Identity) without any description of how to figure out what they were.

So, my conclusion is that this must only be meant for internal Microsoft developers, since there is no documentation about how to use this stuff. That's what it looks like to me, anyway.

We solved the problem by adding the specific web developer in question to the Group. She received an email, was forced to open a Microsoft account, and then could access the files. In the future, we will probably just shut down the Groups completely and tell people to own their files and then just share them with people via anonymous links.

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Hi Harold,

 

Totally understand. If you want to keep using OneDrive for your company, that's certainly an option. In case it is of value, here is what you will need to do for PowerShell

Connect-SPOService -Url https://<mycompany>-admin.sharepoint.com

(this will pop a prompt for your admin credentials)

 

Set-SPOSite -Identity https://<mycompany>.sharepoint.com/sites/<restofsiteurl> -SharingCapability ExternalUserAndGuestSharing

(this will allow anonymous links on that site)

 

You can then use "Get-SPOSite -Identity https://<mycompany>.sharepoint.com/sites/<restofsiteurl> -SharingCapability to confirm the value was set.

 

Hope that helps!

 

Stephen Rice

OneDrive Program Manager II

 

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

That worked except for the last command. But I verified that the other commands worked by creating an anonymous link.

Get-SPOSite -Identity https://netorgftxxxx.sharepoint.com/sites/Sales18 -SharingCapability
Get-SPOSite : A parameter cannot be found that matches parameter name 'SharingCapability'.
At line:1 char:76
+ ... tps://netorgftxxxx.sharepoint.com/sites/Sales18 -SharingCapability
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-SPOSite], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.Online.SharePoint.PowerShell.GetSite

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Hi Harold,

 

That's great! Glad to hear it worked okay!

 

And I just double checked the documentation, the final command is actually -Detailed (which returns SharingCapability) instead of what I had above. Either way, if you can get an anonymous link, then everything worked right!


If you have any other questions, let me know!

 

Stephen Rice

OneDrive Program Manager II

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Those who looks for the steps to enable this feature manually, this Blog article may be helpful.

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

The final command should be

Get-SPOSite -Identity https://netorgftxxxxxxx.sharepoint.com/sites/marketing -Detailed

Replace xxxxxxx with your tenant id, and replace marketing with your site name.

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Hi Harold.

Try the direct link to the new SP admin center, there you can change this, I just did.
https://yourorg-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/home

There is also a link in the regular SP admin center to the preview.

 

Regards

// Thomas

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Thomas,

 

   I navigated to the new SP Admin center.  From there, one can click on each Sharepoint site in succession.  There is an option in the right-hand Nav bar at the bottom where you can allow sharing to everyone.

 

  Even after changing the setting, however, and testing that the links open in incognito browsers, many of our external vendors are still unable to open links from Sharepoint.  I have taken to copying all the content to my personal Dropbox and sending the vendors Dropbox links, which always work.  There are serious problems with this, in that other team members cannot modify the files in my personal Dropbox.

 

  The result is that we are seriously considering dropping Office 365 in favor of some other solution that includes an storage solution that actually works the way we need it to.  I cannot emphasize strongly enough how deaf Microsoft has been to this issue.  Being able to share files externally is one of the most important things about productivity software.

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

HI @Harold Anderson,

 

I'm sorry to hear you're having issues. Can you drop me a private message in Tech Community so we can troubleshoot? We absolutely want to get this working for you. Thanks!

 

Stephen Rice

OneDrive Program Manager II

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Harold, I can feel your frustration. I felt the same way.

I don't want you to get rid of O365 for that reason...it is so much more than just sharing anonymously…:-) But if you really want to, it's your call. However, I Think your problems will go away now!

 

It can be done though (If you haven't gotten help yet), this is how and why:

1. Go to the new SP admin again.
2. Select Sites/SIte management

3. Search, type in part of the URL or the name of the SP site/Group

4. Click on the sites name in the results pane

5. On the right pane, scroll to the bottom, you will there find 'Sharing status' and 'Change'

(Most likely, it will say 'This site can only be shared with existing external users who sign in', the default setting for an o365 Groups SP Site...regardless of the global sharing setting)

6. Click on 'Change'

7. Change it to: 'Anyone - Users can share files and folders with links that don't require sign-in.'

8. Save - Done!

(The reasong for this seems to be that Groups have a default setting of Existing users only, and this is not reflected anywhere. To share with externals anonymously, you can aslo just create a SP team site and share from there. That will get the Global share setting)

Some illustrations....

settings.PNGsearch.PNGsharing.PNGsharing2.PNG

Regards

// Thomas

Re: Will anonymous external sharing be disabled: New ways to govern access of external users

Sorry, did not read the entire answer...disregard my step by step :-)

Maybe you need to get more info from the users on what happens on their side? I had this working pefectly with an account with just an email today. No Gmail, no MS, no nothing, just a web email account and the links open just fine, the files to.
Good luck!
// T