SOLVED

Will anonymous external sharing be disabled: New ways to govern access of external users

Copper Contributor

Hello, we just received the Major Update Notification: New ways to govern access of external users are coming to Office 365 

 

When I read the accompanied KB I conclude that external anonymous sharing will not work anymore after this date. And that when using Office365 groups in collaboration with external users we will be fine and nothing changes. Are my assumptions correct?

30 Replies
best response confirmed by Joris van der Sligte (Copper Contributor)
Solution

IMHO, you are not correct.

What will change is that external users will see only the content that has been shared directly with them or with Groups to which the external users belong.

This applies only to external users which are required to sign-in, while anonymous sharing will continue to work as usual.

Hi Salvatore, thanks for the clarification. Good to hear.

@Salvatore Biscari is correct. This change only changes the "Everyone", "All Authenticated Users" and "All Forms Users" claims/groups. So before this change, if you shared something to "Everyone", that content would be accessible by all users in your organization and all guest users in your directory. Now, it will only be the first group. Hope that helps!

 

Stephen Rice

OneDrive Program Manager II

How do you share files in groups with an anonymous link? It is greyed out for me, and I have anonymous sharing turned on in the Admin portal.

Hi @Harold Anderson,

 

Anonymous sharing is disabled by default for group-connected sites. You will need to use SharePoint Online Management PowerShell to change that setting (Set-SPOSite). Soon you will be able to do this via the new SPO Admin Center as well (which will show group-connected sites). Thanks!

 

Stephen Rice

OneDrive Program Manager II

So there is actually no way to do this without the PowerShell?

Not today. The Admin center changes will be coming very soon (but I don't know the exact date).

 

Stephen Rice

OneDrive Program Manager II

I should have stored everything in OneDrive instead of Office 365 Groups.
I cannot figure out how to use the PowerShell to allow us to create an anonymous link to the folder of pictures we want to share with our web designer. Seems very confusing, and not at all clear that it can be done. I am truly surprised that I am the only person who needs to share files with someone outside our organization.

Is this a Beta product, or are people just supposed to know that they should not be using Groups?

Hi @Harold Anderson.

 

It is actually very simple to share Group items to anonymous users.

The main steps are the following:

  1. Enable anonymous sharing at tenant level.
  2. Enable anonymous sharing at Group site collection level
  3. Share the item

The first two steps are clearly described in the following article:

https://support.office.com/en-us/article/turn-external-sharing-on-or-off-for-sharepoint-online-62882...

 

Also, we have discussed this topic in detail in many threads in this community.

 

Hope it helps...

It is actually impossible to do without the PowerShell according to Microsoft, see above posts by Stephen Rice.

Correct.

At the moment you need PowerShell in order to change the sharing setting for site collections connected to Groups. It will be possible to do it in the new SPO admin UI, but we don't know when.

What is the problem in using PowerShell? It is quite easy, IMHO.

It is not as easy as this:

https://www.youtube.com/watch?v=gEO7vrrm0AY

I was not able to figure out how to use PowerShell, and in my humble opinion, Dropbox's solution is easier. I could be wrong.

Harold, it's not fair to compare Office 365 with Dropbox.

Office 365 is immensely more powerful, and hence more complex, than Dropbox.

So, if you don't need the power of Office 365, then stay with Dropbox, but otherwise you need to learn to manage the complexity of Office 365 in general, and of SharePoint in particular.

Also, in Office 365 it is a common pattern to have at first most options configurable only with PowerShell, with the most frequent ones arriving eventually to the UI at a later time.

In short, if you want to be proficient with Office 365, you need to be at least a little familiar with PowerShell.

What doesn't work for you in the PowerShell code described in the article I linked?

 

We needed email, spreadsheets, and word processing also, and Dropbox does not have those. So we bought Office 365 from GoDaddy for $7.99 per month per user. Buying Dropbox also would be a waste of money, so it was viewed as an either/or choice. Since Dropbox did not have email, we went with Microsoft. But the sharing and file storage in Dropbox is much easier and more familiar to most users. I do not see Dropbox making users download command line tools and figure out the URL for their files before being able to share them.

Understood.

PowerShell is actually needed only to tenant admins, in order to configure less common options.

So, if you aren't the tenant admin, you can ask your admin to configure the relevant options.

If you are instead the tenant admin, then you need to do a little effort and learn the basics of PowerShell.

Otherwise, you will only scratch the surface of Office 365, IMHO.

Just my opinion, of course...

Ironically, OneDrive is actually two different drives: The OneDrive product and then the Office 365 Groups. I think it might be easier to share files if you avoid Office 365 Groups entirely. The OneDrive part of OneDrive seems to have easier ways to do anonymous sharing

Hi Harold,

 

What you're seeing is certainly a rough edge on the product and it's one that we are quickly working to address. When looking at OneDrive and SharePoint (SharePoint being deeply connected with O365 Groups), the former is intended for files that belong to "Me" and SharePoint/Groups are for files that belong to "We" (i.e. multiple people). Our goal is for both experiences to have the same great collaboration abilities and the same great security features. Because SharePoint/Groups have an implicit concept of membership (the "Group" of people), Group files are further locked down (disabling anonymous links) for security reasons while OneDrive has anonymous enabled by default.

 

Today, you do have to use PowerShell to open the Group site up for broader sharing and we've heard lots of feedback that the experience is, well, suboptimal :) The new SharePoint admin center (which started rolling out recently) is going to make this entire experience much better for you. While PowerShell can certainly be useful, we don't want to make it a requirement for using O365 effectively (especially for smaller businesses which may not have dedicated IT departments).

 

If you need step-by-step instructions on enabling anonymous sharing for your Groups, shoot me a PM and I can send you each command you'll need to run to make this all work. Thanks!

 

Stephen Rice

OneDrive Program Manager II

1 best response

Accepted Solutions
best response confirmed by Joris van der Sligte (Copper Contributor)
Solution

IMHO, you are not correct.

What will change is that external users will see only the content that has been shared directly with them or with Groups to which the external users belong.

This applies only to external users which are required to sign-in, while anonymous sharing will continue to work as usual.

View solution in original post