Wednesday, September 27, 2017

Setting Up Office 365 Extranet

     While trying to configure a 2016 hybrid SharePoint environment, I wanted to explore the features of a O365 Extranet. Having never set one up before, I turned to Microsoft for articles on how to simply set it up. I found many articles on what they were and why they would be useful, even pitfalls to avoid. However, I never came across a step by step guide, or if I did, it seemed like it was written pretty early in the lifecycle and Microsoft had already made changes to the product that made the article null and void. So, I ended up spending vast amounts of time getting my environment set up and configured as securely as possible. It is possible that I am spoiled as Extranet Collaboration Manger for On Prem takes about 10 minutes using the helpful wizard. What you find below are the notes of the steps that I took. Hopefully you find these instructions and are able to get your o365 extranet configured in much less time than it took me!

     I should note that before enabling external sharing for SharePoint, you'll have to make sure it's enabled for your Office 365 tenant as a whole. This can be found under the Security & Privacy tab of your Settings menu within your Tenant Admin Console. There, you can control external sharing globally first.

  1. From the Tile screen click on admin
  2. Next click on Security & privacy link in the left Nav

3. Click the Edit button and ensure that “Let users add new guests to the organization” is set to.
4. From your Office 365 home screen, navigate to your Admin center

  1. From the Admin center, choose the "Admin Centers" tab on the left-hand side and then "SharePoint .” This will take you to the SharePoint admin settings page, where you can configure external sharing.

  1. Click the "Sharing " link to view all of the sharing options.

The image you see is not the default image but the settings that were chosen for our specific environment.

Here are the available options that you can choose from when configuring external sharing:

"Don’t allow sharing outside of your organization."

This option will turn off sharing to anyone outside your organization – Very well named

"Allow sharing only with the external users that already exist in your organization’s directory."

This option tells your SharePoint environment that only existing users can be granted access to content in your tenant. But you may be saying to yourself that you do not want external users in your Azure AD. When an External User is added to your organization, They are added to your Azure Active Directory, just as a guest.  In the below image you can see two users that were invited and added as Guest users in my Azure AD.

An admin can manually create these external users in their Azure Active Directory via the Azure Portal, but SharePoint will not facilitate the creation of new users through its' sharing interface. For some, this option may be desireable as you may want your SharePoint Admin to create all the external users. If you want to delegate some onboarding to internal users, keep reading.

"Allow users to invite and share with authenticated external users."

Enabling sharing with authenticated external users means allowing your employees to invite new guest users to your directory and share specific content with them, without an administrator’s direct approval.

"Allow users to invite and share with authenticated external users and using anonymous access links."

Authenticated external users can be invited to log in and view or edit documents, but anonymous users can also be shared with if the owner of the document chooses to share an anonymous link. Be VERY careful with this option. For the most part, I think you will want to avoid this option.
Depending on which option you chose, you should now be able to browse out to a SharePoint site and click the Share option on the page and start your external collaboration.

No comments: