Monday, July 1, 2013

SharePoint Online External Users Walkthrough and Common Scenarios


SharePoint Online provides the ability to do external sharing. A lot of organizations want to enable their employees to do external sharing. SharePoint Online can do this while at the time ensure that document sharing is done on a managed platform that the enterprise can control. Compliance and governance are the biggest things organizations what to control. If you want to do some reading up on the new features of Office 365 on compliance, read my blog here - By doing your external sharing on SharePoint Online empowers organizations to do it in a safe manner.

Additionally if you are familiar with implementing extranets on SharePoint on-premise, SharePoint Online has a unique solution for this which is not available on-premise. I wrote blog on all the features and capabilities of SharePoint Online external users here – The big difference is if you want to do authenticated sharing, you do not need to create and manage the external users on AD or a customer LDAP directory. As you will see you can leverage Microsoft IDs (formally called LiveID) to authenticate users. As long as the external user has a Microsoft Account, they can be invited in. These external users using their Microsoft IDs can be managed just like any other using in SharePoint Online. You can give them permissions, place them into SharePoint Online user groups, give them granular permissions, etc.

In this blog I am going to actually show you the steps as I have talk to a lot of people about this capability.

Creating a Site Collection for External Users

Setting up external is really simple. If you are a SharePoint Online tenant administrator, just go manage the Site Collections and select sharing.


You will be presented with a screen that will allow you to pick how you want to do your external sharing. You can select to have external sharing through an invitation. You have a section option that allows you to sharing using invitations and supporting anonymous guest links. I will be talking about anonymous later in this blog.

Once you do that, you are ready to go.

Personally I recommend customers to think this through how you want to enable external sharing. Some organizations may not care and set up all SkyDrive Pro sites to do external sharing. Other organizations may only create on site collection for external sharing and have a controlled process to give users permission to share externally. Luckily with SharePoint Online, you have the flexibility to create a configuration that is going to best meet your needs.


Sharing Scenario 1 (No Microsoft Account)

In this scenario you have an external user and you only have an email address for that person. However you are unsure if the user has a Microsoft Account. No problem.

First invite the person with their email address. In this case it is a Yahoo email address.

I can write a write a personalized message and even associate them to a SharePoint Online user group if I want.


Once you hit send the external user will be sent an email address. You have the ability to revoke the invitation. Note that invitation that is sent is only good for 7 days, if the external user does not accept, it will have to be resent.


Next the external user (Martin in this case), will receive an email.


When the external users clicks the link they will be taken to this web page. In the case, the external users does not have a Microsoft Account created yet.

All the need to next is click in the link at the bottom saying “Create a Microsoft Account, it’s quick and easy”.


Next the external user will be taken to a Sign Up screen where they need to put in some basic information and create a password. It is good if they create the Microsoft Account with the email address they were invited with. They do have the option later to associate other email addresses to the Microsoft Account.


Then once he is done, the external users just needs to go back to their email and verify the Microsoft Account that they just created.


The external user needs to verify their new Microsoft account.




Here is Microsoft Account page. Here is where they can add other email address aliases to be associated to this Microsoft Account.


Now the external user has finished creating their brand new Microsoft Account, they can now accept the invitation from the SharePoint Online site.

Back in their email, they can just click the link again.


This time, the external user needs to select the Microsoft Account option and log in with the account they just created.


He puts in his Microsoft Account email address and password.


Now Martin has access to the SharePoint Online site. Pretty easy. This could have been done at the document level too.


Sharing Scenario 2 (External User has Microsoft Account)

In this scenario you have an external user you want to invite into SharePoint Online. In this case Bart Smith already has a Microsoft Account. This is very simple.

First invite Bart using the Share feature. All the same information I discussed earlier apply.


Again, we can then check here to see that the invitation has been sent to Bart.


Now back in Bart’s email we can see the invite has showed up.


Bart then selects the Microsoft Account option.


Skipped the screen but Bart will log in using his Microsoft Account username and password. If he has saved in his browser, he will just come right in.

Bart then has access to the site. Easy.


Scenario 3 (Existing Microsoft Account but Different Email Address)

Now let’s say Jack Smith is an external user that needs to be invited in. Jack Smith has a personal email address ( that is associated to a Microsoft Account.

However Jack would like to use his work email address instead ( to be invited in. There are two options, Jack could create a new Windows Account using the steps I described in scenario 1.

The second option would be to simply have Jack just add his email address to his existing Windows Account.

First Jack would have to log into his Windows Account and then select Add or Change Aliases links.


Then Jack needs to add his work email address.


He then needs to verify that this is an email address to be added to his Windows Account.


Sends an email confirmation.


Then in his work email address he selects the verification link.


Now his work email address has been added to his Microsoft account.

Now all Jack has to do is follow the steps in Scenario 2 to get access to the SharePoint site using his work email address. When Jack logs into the SharePoint Online site that was shared with, he can use his work email address to log in instead of his personal email address.


Scenario 4 (Anonymous Sharing)

The last option I will show you is doing an anonymous share of a document. You may recall in the beginning of this blog I showed that you have the option to decide if you are going to support anonymous sharing of files. Again this is up to the organization. Some organizations are totally fine with it, while others do not find that acceptable.

If you are going to do it, you need to make sure you select the option in the Site Collection configuration.

When this is done, the first difference is this. First go to the document that you want to share.


Once you press Share you will see a new link that says “Require sign-in”. Uncheck this option if you want to share the document anonymously. That is it.

The user(s) you share with will get a link in email so they can access the file without creating a Windows Account.


Additionally if you want to email the anonymous document to people afterwards, no problem.

You will now see a link that says “Open to anyone with a guest link”.


You will be presented with this which will give you the link that you can embed into your own email. Or you can just press the Share button again. It should be really easy.


In Closing

Hopefully this showed you just how easy it is to share document securely with external users.

No comments: