In earlier posts, we have seen how you can block Azure Portal access for Guest Users aka External Users, use Azure Portal roles to allow users, including guest users to invite guest users from partner organisation and restrict non-administrators of the Azure Active Directory from accessing the Azure Active Directory Administration Portal.

Recap of this series:

1. Block Azure Portal for External User
2. Azure Portal Roles for External Sharing
3. Restrict User Access to Azure AD Administration Portal
4. Secure External Sharing in SPO (this post)

This post circles back to SharePoint Online and how you can secure external sharing (guest access) to SharePoint Online – at different service levels.

1. Azure Active Directory Controls
2. Office 365 Admin Center
3. SharePoint Admin Center

Azure Active Directory (AAD) Controls

AAD is the top tier from where you can restrict Guest User access to Azure AD / Office 365.

Conditonal Access Policy – Block Guest Users from SharePoint Online

After setting up the Conditional Access Policy to Block Guest Users from SharePoint Online, this is the message a guest user gets after receiving the invite, completing the onboarding process and logging in to the shared SharePoint Online Site.

Permission issues

Office 365 Admin Center

AAD controls are only available if you have purchased the Enterpirse Mobility Suite (EMS) subscription. If you don’t have the EMS subscription, your top-tier by default will be the Office 365 Admin Center.

• Once you have logged in to your tenancy with Global Administrator permissions, browse to https://portal.office.com/adminportal/home#/settings/security
• In the security and privacy page, you will see the Sharing option. If external sharing has not been enabled in your Office 365 Admin Center, then the configuration should show Off.

Sharing – control access

     

• Click Edit and in the new dialog window
• Select the slider to enable Sharing and Save

Enable Sharing and Save

 

 

You will note in the window above another link to change the external sharing settings for SharePoint. This is covered in the post below.

SharePoint Admin Center

• Once you have logged in to your tenancy with Global Administrator permissions, browse to https://[tenant]-admin.sharepoint.com/_layouts/15/online/SiteCollections.aspx
• Browse to Sharing link from the quick launch bar (on left hand side)
• In the External Sharing page, located in your tenancy at https://[tenant]-admin.sharepoint.com/_layouts/15/online/ExternalSharing.aspx you should see this page and the options selected by default – if external sharing has never been enabled and configured in your tenancy.

Sharing outside of your organisation

• To start with, start with the 3rd option under Sharing outside your organisation

• Click Save
• Review the information that pops up in the dialog box and click OK

 

Enable external saving

That’s it! With this post, we wrap up the series on External Sharing with SharePoint Online and Securing External Sharing SharePoint Online

About the Author: 

Alpesh is an IT Pro with 15 years of commercial experience across the Microsoft technologies stack. In recent years, his focus has been on Cyber Security and how client data can be secured and proactively monitored and managed – with Microsoft Enterprise Mobility Suite, Azure AD and Data Loss Prevention. In recent projects, Alpesh was the Infrastructure Architect for a hybrid platform that leverages on SaaS, PaaS and IaaS. A multi forest environment comprising of 50K+ global user base, Alpesh has lead a team of specialists to build IaaS platforms, designed and delivered DR for Azure PaaS and IaaS platform components and enabled Extranet for Partners leveraging on Azure B2B and SharePoint Online. In his role, he has built great relationships with the client’s Cyber Security team and Network team to deliver this complex platform.  Alpesh is a public speaker on Office 365, SharePoint and Azure technologies and has presented at Microsoft Tech.Ed & various community events. Alpesh is also a contributing author in Microsoft SharePoint Unleashed 2010 and Microsoft SharePoint Unleashed 2013 books published by Pearsons.

Reference: 

Nakar, Alpesh (2018). Secure External Sharing in SharePoint Online – Series. Available at: https://alpeshnakar.com/secure-external-sharing-in-sharepoint-online-series/ [Accessed 24 October 2018]