Sharing files is a key component to facilitating successful collaboration. But this can prove to be tricky when it comes to working with external users. Sharing your information out to external users can pose the threat of putting your data and your organization at risk.

With Microsoft 365’s robust security features, external sharing is easier, safer and more collaborative. We recently did a webinar in partnership with Extranet User Manager (EUM) all about external sharing that you can watch here.

About Extranet User Manager

Extranet User Manager is a Toronto based company, established in 2008. Their goal is to make Microsoft simple by creating solutions for seamless external collaboration. A big focus of Extranet User Manager is to ensure external document sharing is secure.

What is Unstructured Sharing in Microsoft 365?

The common misconception with unstructured sharing is that it is not secure, but that just isn’t the case. Unstructured sharing involves sharing documents with a few to a few dozen external people and secure link sharing to sites, libraries and documents. External sharing in Microsoft 365 widely supports ad-hoc collaboration.

Microsoft 365 Tools for Unstructured Sharing

The three main tools in Microsoft 365 for unstructured sharing are:

  1. OneDrive for Business

You can use the ‘request files’ feature with OneDrive for Business. This asks colleagues and external users to upload files to a folder, and from there uploaders can only see their own content.

An example of when you’d use OneDrive for Business for external sharing is if you need to create something quickly and share it with a few people.

  1. SharePoint

You can facilitate external sharing through shareable links in SharePoint Online. With SharePoint Online, you can enable edit and/or read access to colleagues or external users. From there, you can modify granularity of access.

  1. Microsoft Teams

You can collaborate seamlessly across team and organization boundaries without switching tenants, which is often cumbersome so things in other tenants get missed. External users can also be added to Shared Channels without being guests in the host tenant. The shared channel shows up in your activity feed so you never have to worry about missing a notification.

Invite External Users with Azure AD/Entra

You can also invite external users into your Microsoft 365 with Azure AD/Entra. However, we don’t often recommend this because it is highly manual (i.e. users have to be invited one at a time or with a bulk import) and User Guest Inviters have limited capabilities.

Structured Sharing with Microsoft 365

If you’re in a situation where you need to share with hundreds or thousands of external users, unstructured sharing doesn’t work well. In this case, a structured sharing approach within Microsoft 365 bodes better. Structured sharing also tends to work better when the external users represent many different groups, for example projects, committees, customers, partners or vendors.

Microsoft 365 Structured Sharing Options

There are few options for structured sharing in Microsoft 365:

  1. Build your own tool

Using open code, you can build your own portal. This is often done by integration through the Graph API which lets you control all the sharing. However, this option is a lot of work, especially if you’re not experienced.

  1. Entra ID (Azure AD)

With Entra ID, you can build out workflows and self-registrations to define the onboarding process. This will require some branding and customization, so similar to the building your own tool, this can be difficult and time consuming. Another thing to note about using Entra ID is that it is not easy for external people. This feedback comes up on a regular basis.

  1. Extranet User Manager

Working with EUM simplifies the entire process. Its fully brandable and customizable and provides an Admin portal for creating and managing users and groups

Securing Protected Information with Sensitivity Labels in Microsoft 365

Sensitivity labels are available out-of-the-box and can be manually or automatically applied. These can be leveraged in conditional access policies and can also enforce rights management and encryption. The nice thing about sensitivity labels is the labels travel with the content, regardless of location to ensure consistency when sharing. An example of when to use sensitivity labels could be with personal health information.

External Sharing in Microsoft 365

For more information about structured and unstructured sharing, as well as a detailed demo from EUM of external sharing in action, be sure to watch the webinar recording.

As an expert in cloud security, Klarinet Solutions is here to help, so don’t hesitate to reach out if you have any more questions!


Leave a Reply

Webinar: Is Your Organization Ready for Copilot?
iscover how to embrace the power of Copilot in Microsoft 365 while avoiding the threat to information security, privacy, and compliance.