Upcoming change:Updating default sharing setting for Office 365 Group connected SPO site collections

Microsoft

[UPDATE] - Per feedback recieved here and elsewhere, our plan is to only turn on the external sharing setting for a group's site collection ONLY IF the tenant allows for Office 365 Groups to have guest members.  I've made changes to this post below to capture, and added emphasis to call them out.  Your feedback is welcome.

 

Hi all,

We would like to inform you of an upcoming change we are planning on making to the default value of the external sharing setting for Office 365 Group connected SPO site collections.  Currently, the default sharing setting for these site collections is to allow sharing with external users already in your organization's directory.

 

Since Office 365 Groups allow for guest members by default, we heard feedback from many customers that it was odd to allow for the addition of external guests as group members but not allow for external sharing of SharePoint resources.

 

Based on your feedback, we are updating the external sharing setting to allow sharing with authenticated external users ONLY IF the tenant allows for Office 365 Groups to have guest members.

 

Once updated in a tenant, all new group site collections will be created with the setting for external sharing enabled ONLY IF the tenant allows for Office 365 Groups to have guest members.  No change to default external sharing will occur if guests in Office 365 groups are not permitted.  We will not retroactively change the setting for existing site collections.

 

To change the value of the sharing capability for older site collections, you can use the following PowerShell cmdlet:

 

Set-SPOSite -Identity https://contoso.sharepoint.com/sites/site1 -SharingCapability ExternalUserSharingOnly

Of course as always, SharePoint will always respect the more restrictive sharing setting when comparing the site collection's setting with that of the tenant.  For example, if you disable external sharing at the tenant level, sharing with external users will be blocked for a group's site even if its sharing setting allows for external sharing.

 

I'll update this post when we start rolling this update out, but wanted to solicit feedback or concerns from anyone about this change.  Please post below - we're happy to answer your questions.

 

Thanks
Tejas

54 Replies

@Tejas Mehta wrote:

[..] Currently, the default sharing setting for these site collections is to allow sharing with external users already in your organization's directory.

 

Since Office 365 Groups allow for guest members by default, we heard feedback from many customers that it was odd to allow for the addition of external guests as group members but not allow for external sharing of SharePoint resources.

 

Based on your feedback, we are updating the external sharing setting to allow sharing with authenticated external users. [..]

 

 


I am totally not getting it. Quoted above (emphasis mine):

You say that by default it is already set to allow sharing with external users. Then you say that it is odd that it doesn't allow sharing. And then you are updating the setting to allow sharing with external users!!

 

Am I missing something entirely here?

 

@Abhimanyu Singh

The current default is 

ExistingExternalUserSharingOnly

The new default will be

ExternalUserSharingOnly

This means that you will be able to invite new external users while sharing.

I'm afraid no one setting is going to work for every customer. After this we will have to add switching it back to external sharing with people in our directory. 

 

For Groups sites we already have concerns at the lack of customisation options. . 

 

 

Being able to specify a template to a Sharepoint site when it is created by groups looks to be a required feature. To allow each organisation to configure the sites as it requires. Obviously there are reasons certain things cannot be configured or they will break. Having some options would be useful though. 

 

For example

Giving group owners full control permission to a site and not allowing a restruiction in permission levels. I realise they need full control to add members permissions. However it also gives them the ability to modify the site away from corporate settings and worse add infopath forms.

 

Just my $00.02.  

Thank you @Tejas Mehta, I've been bugging @Sahil Arora about this for some time now :)

really(!!!) wish you would bring back anonymous access to SP sites!!! This seriously hampers many ability to use my tenant as a means of providing information to my local, non-technical, community, most (if not all) do not and will not ever have a Microsoft account.

I don't think this is going to happen when providing access to a full SPO Site...you can shared anonymously files and folders, but IMHO it's enough....justs remember SPO Sites are not websites in the sense that anyone from the Internet can access them

You stated that this is for group sites in SP. What about those group sites created via Teams & Planner?  Does Teams and Planner get the external access as well?

Does this mean when I share a single document with an external user, they become a member of the Office 365 Group? Does this mean they will also receive conversations? Or is it that the document and only the document is shared with the external user?

@Darrell Webster wrote:
Does this mean when I share a single document with an external user, they become a member of the Office 365 Group?

No. A Group member can be designated only using the relevant UI or PowerShell.

 


@Darrell Webster wrote:
Does this mean they will also receive conversations?

No. Only members receive conversations.

 


@Darrell Webster wrote:
 Or is it that the document and only the document is shared with the external user?

Exactly. Moreover, not only Group documents can be shared with external users, but also folders and even the whole associated site.

Hi Tejas,

 

Have a query here. In SP admin center settings if the "Sharing outside your organization" is set to 'Don't allow sharing outside your organization', whether this will be overwritten when this change is in place.

 

Thanks And Regards,

Shinu

Our premium Customer wants option to select from current behavior and the coming changed behavior.

Actually they are pushing on a HotFix to do this. 

The current behavior meets there needs

I am having major issues with Online edit of Excel documents. As of this Tuesday about 30 of my Excel workbooks are no longer even viewable online let alone editable. The Excel workbooks that are can no longer scroll to the left or right other than with arrow keys. I have spent hours on the phone with Microsoft tech support with no results or answers. Was there any update done this monday or early Tuesday? 

Allan, you might have better luck in the Excel community here, but really should continue working with Microsoft support to resolve this issue. Derailing every thread you see a Microsoft employee on with your unrelated question/issue is probably not in the spirit of this community at all.

Hi David,

I appreciate your point but I disagree that it's unrelated. This is not an excel problem and that has been established. It's due to some change made behind the scene to SharePoint. I apologies that this may not be the best place to get answers to the problem but it's as close as I can get to speaking with someone with knowledge or access to what is occurring behind the scenes in sharepoint. If you can point me in a better direction in terms of speaking to someone involved in the development/updates to sharepoint I would appreciate it?

As for derailing every thread... as far as I know this is the only thread I have "derailed", if you have knowlege of anyone else using my log in I would appreciate being pointed in that direction as well.

My question is really about the differences between needing to have someone in the organization directory, and authenticated external users. Currently, we set our external sharing site collections to authenticated external users indicating they either work for our company and have their email address, or they are an extenal user who needs to set up a Microsoft Account if they do not already have one that they are using with the email address. We have found that recently, external users are having issues accepting invites to external sharing site collections if they are not already in our directory--not sure how they got into our directory in the first place since we did not add them.

 

1. Was that automatic when they signed up for the free Microsoft Live account and accepted the invite?

2. If you set the option for users in the Organization Directory, who adds them? The tenant admin?

3. Why would external users not be able to accept invitations to site collections if they sign up for the free account--but are no listed in our Organizational Directory?

Pretty large leap to say that SharePoint Online is broken on all Excel files when you're the only one reporting the issue ;) If support is not helping, I would encourage you to escalate or look at the higher level support services like Premier Support: https://www.microsoft.com/en-us/microsoftservices/support.aspx

 

Not trying to call you out, but this thread is not about your issue and randomly demanding Microsoft Product Group employees help you on your individual issue is just going to convince them to come here less when we would all prefer they come here and share with us more. If you feel this community is in fact the best place to discuss your issue, I would encourage you to start a new thread specifically about your issue and see if anyone else has experienced this or can help you.