Presentation is loading. Please wait.

Presentation is loading. Please wait.

External Sharing in Office 365

Published byMarianne Kjersti Holte Modified over 4 years ago

Similar presentations

Presentation on theme: "External Sharing in Office 365"— Presentation transcript:

1 External Sharing in Office 365
Cory Williams Teams Technical Specialist For the TEAMS EXTERNAL SHARING VIDEO check out

2 Diamond Platinum Gold Silver

3 What Services Service Authenticated* Anonymous Office 365 Groups
Microsoft Teams SharePoint OneDrive for Business Yammer Microsoft Forms Sway *Those invited to your organization

4 Control External Sharing in Office 365
9/22/ :50 PM Control External Sharing in Office 365 Multiple administrative control points exist for the sharing of information (by various types of users) Inside Outside Azure Active Directory (AAD) B2B settings Owners Unauth’d guests Admin Office 365 Tenant-level settings Automation, tooling and control processes Other (related) control technologies Control Groups settings Teams settings SharePoint Online (SPO) settings OneDrive for Business (ODfB) settings Members Auth’d guests Guest access to Microsoft Teams can be managed through four different levels of authorization, as follows: Azure Active Directory: Guest access in Microsoft Teams relies on the Azure AD business-to-business (B2B) platform. Controls the guest experience at the directory, tenant, and application level. Microsoft Teams: Controls Microsoft Teams only. Office 365 Groups: Controls the guest experience in Office 365 Groups and Microsoft Teams. SharePoint Online and OneDrive for Business: Controls the guest experience in SharePoint Online, OneDrive for Business, Office 365 Groups, and Microsoft Teams. Examples: Don’t allow guest users in Teams Enable guest access in AAD, Teams and Groups but disable on selective Teams containing sensitive/confidential information. Specify specific settings for individual SPO sites, including those connected to Teams and Groups. Group specific settings Site collection settings External sharing Guest access/external sharing can also be impacted by other Office 365 and AAD control capabilities (e.g. DLP and CA/MFA) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Control External Sharing in Office 365
Azure Active Directory (AAD) B2B settings Office 365 Tenant-level settings SharePoint Online (SPO) settings OneDrive for Business (ODfB) settings Groups settings Teams settings Group specific settings Site collection settings Least Restrictive Most Restrictive

6 Policies for Guest Access - Best Practices
User managed Guest inviter role - Setup a policy so that users with this role can only invite guest This can be set using user AD properties such - Title, Job Description Guest Inviter Role Domain managed Admins can create an allow/deny list of external partner domains that can be added as guests. Allow or block specific domains IT managed Admin can be approved and added to groups.. Add guests through B2B portal and turn off sharing for tenant Add no one to guest inviter role IT approved list of domains Reach Title = Manager Guests Guests User Guests Only IT admin Group-Level Manage guest access at the individual Group level  Update settings for a specific group

7 Group Guest Access Benefits Guidance
9/22/ :50 PM Group Guest Access Benefits Enables safe teamwork outside the firewall Works with any addresses Based on common Azure B2B platform Guidance Enable guest access! Govern using: allow/block guest domains guest inviter role terms of use access reviews Track guest user activity via audit logs Documentation Guest access in Office 365 groups Guest access in Office 365 groups – Admin Help Azure AD access reviews Guest inviter role Azure Active Directory Terms of Use feature Google Federation © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Business to Business (AAD)
By default, all users and guests in your directory can invite guests even if they're not assigned to an admin role. External collaboration settings let you turn guest invitations on or off for different types of users in your organization. You can also delegate invitations to individual users by assigning roles that allow them to invite guests. Azure Active Directory (AAD) B2B settings Azure Portal > Azure Active Directory > User settings> Manage external collaboration settings

9 Azure Active Directory (AAD) B2B settings
LinkedIn Integration Send s and coauthor and share documents with many of your first-degree LinkedIn connections right from Outlook on the web, OneDrive, SharePoint, Word, PowerPoint, and Excel Online by just typing a name in the “To” or “CC” field when composing a new message or sharing a document. This sends the or document to their primary address with LinkedIn and is only available if your organization allows external sharing. Azure Active Directory (AAD) B2B settings Azure Portal > Azure Active Directory > User settings

10 Office 365 Sharing Settings
Azure Active Directory (AAD) B2B settings Office 365 Tenant-level settings Microsoft 365 admin center > Settings > Security & Privacy

11 Office 365 Groups Lets you and your team collaborate with people from outside your organization by granting them access to group conversations, files, calendar invitations, and the group notebook. Access can be granted to a guest—for example, a partner, vendor, supplier, or consultant—by any group owner. Azure Active Directory (AAD) B2B settings Office 365 Tenant-level settings Groups settings Microsoft 365 admin center > Settings > Services & add-ins > Office 365 Groups

12 Microsoft Teams - Dependencies
Guest Access authorizations Azure Active Directory: Guest access in Microsoft Teams relies on the Azure AD business-to-business (B2B) platform. Controls the guest experience at the directory, tenant, and application level. Microsoft Teams: Controls Microsoft Teams only. Office 365 Groups: Controls the guest experience in Office 365 Groups and Microsoft Teams. SharePoint Online and OneDrive for Business: Controls the guest experience in SharePoint Online, OneDrive for Business, Office 365 Groups, and Microsoft Teams.

13 Microsoft Teams

14 Microsoft Teams – Guest Access
Azure Active Directory (AAD) B2B settings Office 365 Tenant-level settings Groups settings Teams settings Microsoft Teams & Skype for Business Admin Center > Org-wide settings > Guest access

15 Microsoft Teams – Guest Access Options

16 SharePoint & OneDrive for Business
Azure Active Directory (AAD) B2B settings SharePoint and OneDrive have the most configuration options around how content is made accessible. OneDrive settings are dependent on SharePoint Online settings. Office 365 Tenant-level settings Groups settings Teams settings SharePoint Online (SPO) settings OneDrive for Business (ODfB) settings

17 SharePoint & OneDrive for Business
Whitelist Domains globally or per site collection Require to use same account Don’t allow guests to share items they don’t own Azure Active Directory (AAD) B2B settings Office 365 Tenant-level settings Groups settings Teams settings SharePoint Online (SPO) settings OneDrive for Business (ODfB) settings Site collection settings

18 SharePoint & OneDrive for Business
Roadmap Item – tentatively scheduled for Q3 2019 Site access for new external guests will automatically expire in this many days (default to 30) Azure Active Directory (AAD) B2B settings Office 365 Tenant-level settings Groups settings Teams settings SharePoint Online (SPO) settings OneDrive for Business (ODfB) settings Site collection settings

19 SharePoint & OneDrive for Business
File and Folder Links Only people in your organization

20 SharePoint & OneDrive for Business
Who can share outside your organization This setting respects the global setting first but enables you to choose specific security groups. Options: Let only users in selected security groups share with authenticated external users Let only users in selected security groups share with authenticated external users and using anonymous links

21 SharePoint & OneDrive for Business
Additional Settings Default link permissions – View or Edit Require recipients to continually prove account ownership when they access shared items (does not apply to anonymous links Notification Settings for Owners Other users invite additional external users to shared files External users accept invitations to access files An anonymous access link is created or changed

22 SharePoint & OneDrive for Business
Users on unmanaged devices will have browser-only access with no ability to download, print, or sync files. They also won't be able to access content through apps, including the Microsoft Office desktop apps. When you limit access, you can choose to allow or block editing files in the browser.

23 Yammer - Options External Conversation External Group External Network
Disabling External Messaging – Use Exchange Mailflow Rule

24 Yammer – External Conversation
You can add external participants to conversations in Yammer so that you can work with the people you need, even if they aren't in your Yammer network. For example, you can add external participants to a discussion or use instant messaging to quickly get a response. External participants can view and download files that have been uploaded to the conversation, and upload files. You'll be able to see when a conversation includes an external participant, and you can remove an external participant when you need to.

25 Yammer – External Groups
You can create a group that includes external users, called an external group. You must create the group as an external group - you can't change an existing internal group to be an external group. The group admin can add external users to the group. In public external groups, other users in the group can suggest that adding an external user, but the group admin has control over whether that user is added, and has to approve the addition of the external member. In private external groups, only the admin can add external members.

26 Yammer – External Network
If you have permission, you can create an external Yammer network to collaborate with people outside your company, such as customers, suppliers, and partners. People with external addresses must be invited into or request access to an external network. When they join the external network, they can only see content posted specifically to that external network. That means they will not have access to your home network. Recommend: Only Admins Require Admin approval

27 Sway Sway is an app from Microsoft Office that makes it easy to create and share interactive reports, personal stories, presentations, and more.

28 Microsoft Forms Microsoft Forms is a simple, lightweight app that lets you easily create surveys, quizzes, and polls. It can be used to create quizzes, collect feedback from employees and customers, or plan events.

29 Group Specific Settings
Azure Active Directory (AAD) B2B settings Office 365 Tenant-level settings Groups settings Teams settings SharePoint Online (SPO) settings OneDrive for Business (ODfB) settings Group specific settings Documentation Update settings for a specific group - Azure Active Directory cmdlets for configuring group settings 

30 Guest inviter role policy
Documentation:

31 Control who can be invited
9/22/ :50 PM Control who can be invited Documentation: Allow/Block guest access to Office 365 groups © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 9/22/ :50 PM Data Loss Prevention With a data loss prevention (DLP) policy in the Office 365 Security & Compliance Center, you can identify, monitor, and automatically protect sensitive information across Office 365. If a folder is shared with an external user and files within that folder have DLP applied the external user will not see those items. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 Sensitivity Labels With sensitivity labels, you can classify and help protect your sensitive content, while making sure that your people’s productivity and ability to collaborate isn’t hindered. Encryption Watermarks Protection across Office Apps (platforms/devices) Endpoint Protection (via Intune) General Classification

34 Audit Logs Use the Office 365 Security & Compliance Center to search the unified audit log to view user and administrator activity in your Office 365 organization. Numerous Actions can be audited Export Connect to Flow SIEM Integration (check with your SIEM vendor)

35 eDiscovery Quickly finding and retaining for further investigation specific information in , documents, instant messaging conversations, and other content locations used by people in their day-to-day work tasks. External user activities in the network are available with eDiscovery searches. Advanced eDiscovery is available for deeper analysis and management following standard EDRM processes

36 Conditional Access (CA)
Factor how your cloud apps are accessed into your access decisions whether that be the from a user’s network location, a managed device, client app, and more. Examples Sign-in frequency Browser Persistence MFA from untrusted networks Require Terms of use Block legacy authentication

37 Conditional Access App Control
Context-aware session policies Control access to cloud apps and sensitive data within apps based on user, location, device, and app SAML, Open ID Connect, & on-prem apps Support for Microsoft and non-Microsoft web apps, including on-prem apps onboarded via Azure AD App proxy Enforce granular monitoring & control for risky user sessions Data Exfiltration: Block download, Apply AIP label on download Block print Block copy/cut Block custom activities: (e.g., IMs with sensitive content) Data Infiltration: Block upload Block paste

38 Cloud App Security Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that operates on multiple clouds. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services. 1. User uploads a sensitive file to a cloud app 2. A classification label is automatically applied to protect the file 4. External user is not able to access the file due to classification and protection 5. Admin receives event alerts 3. User tries to share sensitive file with external users

39 Cloud App Security Detect and remediate overexposed files and anomalies Create policies to generate alerts and trigger automatic governance actions Be notified to identify and investigate policy violations and related activities Automatically remediate with built-in actions incl. notify  owner, notify admin, make private, quarantine, etc. Automatically label and protect existing sensitive information and when new files are uploaded

40 Access Reviews (AADP P2)
Enable organizations to recertify group memberships, application access, and privileged role assignments.

41 #SPSCLT19 Speaker Survey Session 2

42 Thank You!

Download ppt "External Sharing in Office 365"

Similar presentations

Microsoft Ignite /17/2017 2:11 PM

Microsoft Ignite /17/2017 2:11 PM
A Guide to Getting Started

A Guide to Getting Started
Welcome to the Exchange 2013 Webcast Archiving, eDiscovery, & Data Loss Prevention.

Welcome to the Exchange 2013 Webcast Archiving, eDiscovery, & Data Loss Prevention.
In addition to Word, Excel, PowerPoint, and Access, Microsoft Office® 2013 includes additional applications, including Outlook, OneNote, and Office Web.

In addition to Word, Excel, PowerPoint, and Access, Microsoft Office® 2013 includes additional applications, including Outlook, OneNote, and Office Web.
123456789101112…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Module 7 Planning and Deploying Messaging Compliance.

Module 7 Planning and Deploying Messaging Compliance.
A Guide to Getting Started BCPS – Office of Instructional Technology.

A Guide to Getting Started BCPS – Office of Instructional Technology.
What’s New Data Loss Prevention 14. Information is Everywhere Brings Productivity, Agility, Convenience ……and Problems Copyright © 2015 Symantec Corporation.

What’s New Data Loss Prevention 14. Information is Everywhere Brings Productivity, Agility, Convenience ……and Problems Copyright © 2015 Symantec Corporation.
ITS Lunch & Learn November 13, 2015. What is Office 365? Office 365 is Microsoft’s software as a service offering. It includes hosted email and calendaring.

ITS Lunch & Learn November 13, What is Office 365? Office 365 is Microsoft’s software as a service offering. It includes hosted and calendaring.
One Drive for Business: More Than a File Share Erica Toelle

One Drive for Business: More Than a File Share Erica Toelle
Microsoft Exchange Server 2013 Security Mick Tomlinson– Technical Instructor New Horizons.

Microsoft Exchange Server 2013 Security Mick Tomlinson– Technical Instructor New Horizons.
Microsoft Virtual Academy Chris Oakman | Managing Partner Infrastructure Team | Eastridge Technology Curtis Sawin | Technical Solutions Professional |

Microsoft Virtual Academy Chris Oakman | Managing Partner Infrastructure Team | Eastridge Technology Curtis Sawin | Technical Solutions Professional |
OneDrive for Business: Administration, Security and Compliance

OneDrive for Business: Administration, Security and Compliance
ArcGIS for Server Security: Advanced

ArcGIS for Server Security: Advanced
Intro to the Office 365 Security & Compliance Center

Intro to the Office 365 Security & Compliance Center
SharePoint 101 – An Overview of SharePoint 2010, 2013 and Office 365

SharePoint 101 – An Overview of SharePoint 2010, 2013 and Office 365
Secure your complete data lifecycle using Azure Information Protection

Secure your complete data lifecycle using Azure Information Protection
Cloud App Security vs. O365 Advanced Security Management

Cloud App Security vs. O365 Advanced Security Management
LOCAL CLOUDINESS Dino Buljubašić Rijad Smajlović

LOCAL CLOUDINESS Dino Buljubašić Rijad Smajlović

Similar presentations

Ads by Google