Sharepoint Online External Users:

  • Article

You always wanted to be able to allow users external to your company to collaborate on documents pertaining to common projects.

You want to be minimize the administrative work that this requires.

And, you want to do this in your Online environment.

The solution is External Users Sharing. However, you also may have questions as to: what can (or can't) an external user do ? How do I remove external users from accessing the site or the tenant? And so on.

Here a collection of (I hope) clarifications from multiple resources:

1. External sharing is turned on by default for your entire SharePoint Online environment (sometimes referred to as a tenant) and the site collections in it. You may want to turn it off globally before people start using sites or until you know exactly how you want to use the feature.

What is an external user?

An external user is a person who has been granted access to your SharePoint Online site, but who is not a licensed user within your organization. External users are users who are not employees, contractors, or onsite agents for either you or your affiliates.

What (and how) can you Share?

  • You can share an entire site/web by inviting external users to sign in to your site using a Microsoft account or a work or school account.
  • You can share individual documents by inviting external users to sign in to your site using a Microsoft account or a work or school account.
  • You can post or send users a guest link that they can use to view individual documents on your site anonymously.

What can the external users do?

  • Use Office Online for viewing and editing documents. If your plan includes Office Pro Plus, they will not have the licenses to install the desktop version of Office on their own computers.

 

  • Perform tasks on a site consistent with the permission level that they are assigned. For example, if you add an external user to the Members group, they will have Edit permissions and they will be able to add, edit and delete lists; they will also be able to view, add, update and delete list items and documents.

 

  • External users inherit the use rights of the Office 365 customer who is inviting them to collaborate on a site. That is, if an organization purchases an E3 Enterprise plan, and builds a site that uses enterprise features, the external user is granted rights to use and/or view the enterprise features within the site collection they are invited to.

 

  • See other types of content on sites. For example, they can navigate to different sub sites within the site collection to which they were invited. They will also be able to do things like view site feeds.

What can't the external users do?

  • External users cannot create their own personal sites (what used to be referred to as My Sites). This means that they do not have their own OneDrive for Business document library.
  • External users cannot see the company-wide newsfeed. They also cannot edit their own profile, change their photo, or see aggregated tasks.
  • External users do not add quota to the overall tenant storage pool (this is determined by licensed users only).
  • External users cannot be an administrator for a site collection. However, you can designate an external user as a designer for your Public Website. This restriction also does not apply to scenarios where you have hired a partner to help you manage Office 365.
  • By default, external users cannot access the Search Center and will not be able to execute searches against “everything.”
  • Access site mailboxes

 

  • Use eDiscovery. This requires an Exchange Online license.

 

  • By default, name resolution is scoped to the site collection where the external users are located (i.e. they will not be able to perform name lookup searches across all the user accounts base within your tenant)

 

What is the rule of thumb when sharing a site externally?

(or how do I make sure the external partners do not "see" each other unless I want them to )

The best ways to safely share content with external partners are to create a new site collection or create a sub site under your team site. A new site collection completely isolates external content from your internal team site. However, only an Office Admin can create it. If you don’t have an easy way to create a new site collection, you can create a sub site under your team site. Either way, external partners feel more comfortable with their own site, which to them is just like another web site on the internet.

 

How do I revoke the user's access to the site?

If a site has been shared with an external user, and you want to revoke that user’s access to the site, you can do so by removing that individual’s permissions for the site.

You can see whether a document has been shared via guest link by checking the properties menu for the document (in the Sharing Dialog)

See also:

Revoke sharing privileges for external users

How do I delete an external user from my tenant ?

Use the Windows PowerShell for Sharepoint Online :

Remove-SPOExternalUser

What more can I do in PowerShell about external users?

Set-SPOTenant. RequireAcceptingAccountMatchInvitedAccount

If this parameter is set to true:

The RequireAcceptingAccountMatchInvitedAccount parameter ensures that the user who receives the invitation is also the user who accepts it.

If this parameter is not set or is set to null:

The sharing email can be forwarded and accepted by anyone.