Forum Discussion
MicrosoftSharing to an external Office 365 Group
Came across an interesting scenario today and wanted to get this group's opinion (and perhaps yours cfiessinger)
The relevant configuration items: We have external sharing requiring authentication (no anonymous guest links) turned on in our tenant, and our allow/whitelist configured for a very small number of external domains. We also have Set-SPOTenant RequireAcceptingAccountMatchInvitedAccount set to True (https://technet.microsoft.com/en-us/library/fp161390.aspx), requiring external invitations be accepted by only the email address to which they were sent.
The scenario: If a user wants to share a file via SharePoint Online/OneDrive for Business with an external Office 365 Group, I don't believe this will work properly with our current setup. A user would want to do this to provide permissions to files to this external Office 365 Group that they trust in an automated fashion even as members of this external Office 365 Group join and leave over time.
I realize we could probably change our settings and/or reduce our security posture to enable this scenario, but chances of our security team allowing that are basically nonexistent. This would also technically not be granting permissions to just the members of this external Group, but instead allowing anyone who got the link to the file to access it.
Also, to be clear, I'm not asking for full blown cross-tenant federation. Although I would gladly accept it if offered. :smileyhappy:
There's a specific Guest feature coming for Groups. Guests are invited and must confirm with matching account.
On http://fasttrack.microsoft.com/roadmap, searching for "guest", under In development:
"Guest access support will enable teams using Office 365 Groups to easily collaborate with external team members (members that are not part of their organization/tenant). Guest users will have access to all of the groups assets: inbox, files, calendar and notebook. We'll introduce a number of administration controls to help you manage guests in Groups."
- Jim Knibb
There's a specific Guest feature coming for Groups. Guests are invited and must confirm with matching account.
On http://fasttrack.microsoft.com/roadmap, searching for "guest", under In development:
"Guest access support will enable teams using Office 365 Groups to easily collaborate with external team members (members that are not part of their organization/tenant). Guest users will have access to all of the groups assets: inbox, files, calendar and notebook. We'll introduce a number of administration controls to help you manage guests in Groups."
While investigating this topic, I came accross this Microsoft article that seems to indicate it is possible to share externally. Am I interpreting this incorrectly, or maybe the article is meant for the future release of the feature?
- cfiessinger
Eric while the documentation is live the features has not been rolled out yet but should imminently in early September, expect a blog post on the Office blog and a message center announcement within your tenant once the rollout starts so thanks for your patience and please stay tune.
- But we are talking here about "Groups guest"..is this a feature that you are thinking about it?
- David Rosenthal
Thanks for all the replies everyone!
Really looking forward to the guest features coming to Office 365 Groups, but that isn't quite the use case I was referring to in the original post.
I want to share a file via the Office 365 external sharing mechanism with an external Office 365 Group - A Group that exists in a completely separate tenant. I want to do this to take advantage of automated permissions based on Group membership, as well as all the collaboration features that come with the sharing mechanism in Office 365 (co-authoring, version control, permissions control, etc etc) as compared to simply attaching a file to an email.
I understand all the technical reasons why this doesn't work currently, but as more and more separate companies that may be partners onboard to Office 365 this could become a powerful feature to help ease EXTERNAL collaboration with dynamic groups of people instead of just individuals.
- Jim Knibb
I see. You want to keep the file in your tenant and share to people in another tenant by specifying only a Group that is controlled by the other tenant. If that tenant changes the Group's membership, you want the updated list of members to be who can access the file in your tenant.
The Guests feature will let you put the file in a Group in your tenant and specifically list individuals (by email address) in the other tenant. If the list of people in the other tenant changes, you have to edit the membership in your Group.
Or, the Guests feature will also let the other tenant create a Group and add you as the guest. Then you can add the file to their Group and they can change the Group's membership (and thus permissions to the file). You still have an independent copy of the file in your tenant.
Does either Guest scenario work for you? I can get feedback to the engineering team if you need the summary of what I think you're asking.
- Office 365 Groups are internal only ... at the moment!
So I'm guessing what you are referring to as an External Office 365 Group, is really a group that's on a different Office 365 tenant (and so external to you).- Let's say that an Office 365 Group is an Azure AD Object that I don't see how could be used in another Office 365 tenant...
- Mmm...the main issue here is the concept of "External Office 365 Group"...I don't see how this scenario can be supported in any way...I only see you could share information with the Group e-mail but them when the group receive the invitation, group members are not going to be able to sign in
