cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Change to ODB/SPO sharing dialog specific people option

Stephen Rice
Microsoft

‎Aug 28 2017 11:19 AM - edited ‎Aug 28 2017 11:20 AM

‎Aug 28 2017 11:19 AM - edited ‎Aug 28 2017 11:20 AM

Change to ODB/SPO sharing dialog specific people option

Hi all,

 

Based on feedback, we're making a small update to how the new sharing dialog works with the "Specific People" option.

 

You may recall that we previously had two people pickers in the dialog: One to select who the sharing link work for and another to choose who to actually send the link to. We have eliminated the first people picker and have folded the functionality together. Here's a quick example:snip_20170828111412.pngsnip_20170828111435.png

When "Specific People" is selected as the default link type, users will no longer need to open the Links settings page to choose who they want to share with. This change is rolling out now and should be available in all organizations by the end of the day.

Let me know if you have any questions. Thanks!

 

Stephen Rice

OneDrive Program Manager II

 

8,725 Views
8 Likes
23 Replies
Reply
23 Replies
Stephen Rice

‎Jun 21 2018 10:33 AM

‎Jun 21 2018 10:33 AM

Re: Change to ODB/SPO sharing dialog specific people option

Hi David,

 

Thanks for the clarification. You are correct, the link is still accessible to anyone though note that it will only work for people who possess the link. At this time, OneDrive personal does not support sharing to specific people (without allowing the re-forwarding) and this is not something that has ever been in the product. About two years ago now, we did remove an option that used to say "Require sign-in" but all that actually did was require that the recipient sign-in with a Microsoft account (regardless of whether they were the user that was shared with). The team was hearing lots of confusion around the setting so it was removed when we updated the UX design.

 

One option that may be available to you now is that you can actually copy a link and set a password on it. So you could copy the link, set a password and then send it to your wife so that only people with the link & the password will be able to use it.

 

I'd also definitely recommend that you vote up (or submit) a request on onedrive.uservoice.com for sharing with specific users. This helps the team prioritize future work. Thanks!

 

Stephen Rice

OneDrive Program Manager II

0 Likes
Reply
David Pilcher

‎Jun 21 2018 10:43 AM - edited ‎Jun 21 2018 10:44 AM

‎Jun 21 2018 10:43 AM - edited ‎Jun 21 2018 10:44 AM

Re: Change to ODB/SPO sharing dialog specific people option

I will look for something to upvote, but I have a memory of using "Specific People" on the personal site.  I remember the Require Sign-In option too.

 

Passwords, as we know are not secure either and can still be forwarded.  I find it weird that under "Manage Access" I can see specific people listed as well as public links for some items...

 

Capture.PNGIgnoring the share link here, can only Alan see the file or not?

 

It's very concerning from a privacy standpoint.  As consumers move into the cloud it is vital that companies like Microsoft protect customer data very securely and when a user shares data with someone that only that person can access the data.  Trust is hard to gain but lost overnight...

 

0 Likes
Reply
Stephen Rice

‎Jun 21 2018 11:00 AM

‎Jun 21 2018 11:00 AM

Re: Change to ODB/SPO sharing dialog specific people option

@David Pilcher,

 

Yes, passwords can be forwarded as well but the idea behind it is to add a second layer. If a link has a password on it, the user will have to accidentally forward both the link and the password. I totally understand the desire for the specific people option though and it is something the team has talked about in the past.

 

As for the case below, Alan likely is accessing via a link and if he passes it on to someone else, that person will show up in Manage Access with a note saying that they "accessed via Alan's link" or something like that.

 

Overall, OneDrive places privacy & customer data protection as one of our core principles and we certainly know that it requires consistent dedication on our part for you to trust us. In the sharing case, we evolved the sharing dialog to be as clear as possible so that users know that when they share, the link will work for anyone who has the link and we've continued to add additional features like link expiration and link passwords to make them stronger and more secure. I'm happy to pass your feedback along to the rest of the team as well.

0 Likes
Reply
David Pilcher

‎Jun 21 2018 11:12 AM

‎Jun 21 2018 11:12 AM

Re: Change to ODB/SPO sharing dialog specific people option

I've just been doing some testing and have to say I'm stunned.  And disappointed.  The answer is Alan is not the only one who can see my data...

 

I set up a test OneNote document and shared it to a friend and then we've forwarded and used the link in other ways:

 

1) While it shows an individual is being shared to (if they have an MSA account), it is a public link

2) Access can be permitted by ANYONE with that link (even a private browsing window just shows the data with no login request)

3) There is NO visibility that random people/PCs are accessing this data

 

This is a massive breech of trust..  I have some very private household information (e.g. tax/bills/legal etc.) being shared with my wife in OneNote (via OneDrive) and clearly OneDrive is not protecting this at all, while giving the impression that information is only being shared with specific people.

 

 

All I can say is wow.  I'm stunned.

1 Like
Reply