Who is an external user in Office 365 SharePoint Online environment?
“An external user is someone ‘outside’ of your organization who can access SharePoint Online sites and documents but does not have a license for your SharePoint Online or Microsoft Office 365 subscription. External users are NOT employees, contractors, or onsite agents for you/ your affiliates.”
Types of External Users:
- Microsoft Office 365 User (Different Tenant)
- Microsoft Account(Live, Hotmail, Outlook etc.,)
- Guest users/Anonymous users(Accessing individual documents via guest link)
How to enable External Sharing feature in Office 365 SharePoint Online:
- Via SharePoint Online Admin Center or
- SharePoint Online Management Shell
External Sharing via SharePoint Online Admin Center
- Turn ON External sharing GLOBALLY in the TENANT via SharePoint admin Center > settings > External sharing
- Turn ON External sharing for that INDIVIDUAL site collection.
External Sharing Options:
- Don’t allow sharing outside the organization
- Users will NOT be able to share sites or content with users who do NOT have LICENSES to your Office 365 subscription.
- External sharing CANNOT be turned on for ANY site collection
- Allow external users who accept sharing invitations and sign in as authenticated users
- Users with FULL CONTROL permission CAN share sites with external users
- ALL external users will be required to sign-in ONLY with a MICROSOFT ACCOUNT before they can view content
- Invitations for content share once accepted CANNOT be shared/used by others to gain access. It’s very specific to account that got the invitation.
- Allow both external users who accept sharing invitations AND guest links
- External users required to sign in before viewing content on a shared site
- Full Control users of a site can choose to require Sign-in/ share via guest link for anonymous document access.
- Users who are sharing a document in the site can grant permission to view/edit based on their permission level
- Guest Links: (PUBLIC documents).Allows external users to view or edit content WITHOUT SIGNING-IN. CAN be shared/ invitation forwarded to ANYONE with the link to access the document
Turn ON External sharing in the tenant DOES NOT MEAN that site collections underneath are automatically shared. We NEED to enable PER site collection as required.
External Sharing via SharePoint Online Management Shell
SharingOptions in Command Line corresponding to GUI options of SP Online Admin Center:
- Disabled
- ExternalUserSharingOnly
- ExternalUserAndGuestSharing
To GET and SET the External sharing options via PowerShell:
- Connect-SPOService https://xyz-admin.sharepoint.com
- GET the site collection and assign it in a variable and verify the Sharing capability$SC=Get-SPOSite https://xyz.sharepoint.com (root collection)$SC.SharingCapability
- SET external sharing for site collections viaSet-SPOSite -Identity https://xyz.sharepoint.com/sites/collection -SharingCapability ExternalUserAndGuestSharing
- Get ExternalUsers for the site collection and filter them as well as export to .csv/.txt file
- Get-SPOExternalUser -SiteUrl https://xyz.sharepoint.com/sites/collection -Filter @Hotmail.com > ExternalUsers.CSV
Get-SPOExternalUser gets ALL external users in the tenant. - Get-SPOExternalUser -SiteUrl https://xyz.sharepoint.com/sites/collection
- Get-SPOExternalUser -SiteUrl https://xyz.sharepoint.com/sites/collection -Filter @Hotmail.com > ExternalUsers.CSV
Once we enable External Sharing using either one of the above mentioned methods, we can share our sites with users outside of our organization.
Sharing a site with non microsoft/ external organization account like xyz@qwe.com will
Send site invitation to xyz@qwe.com
Upon clicking the URL for the shared site, we get redirected to
Although External Sharing seemed to work with ANY email account, we require either
- Office 365 Account (or)
- Microsoft Account(Hotmail, live, outlook) Accounts work
for sharing Site with external users.
What to do if we don’t have either? Stay tuned for update! 🙂
