Sharing in Office 365 has come a long way in the past few years. Microsoft has been taking users feedback seriously and as a result released many new features and improved the user experience.
In this three-part series I will cover Sharing in Office 365 and Microsoft Teams from different perspectives: end users to understand how to best use the sharing options; administrators to understand the sharing model and settings; governance to have the right measures in place to protect the company's information based on policies and regulations.
In part 1 we will explore the different sharing options, what they mean and when to use them, so that you can still get your job done, follow best practice and comply to your company's policies.
Let's start with a common denominator for most of the services in Office 365. Where is the content stored?
Apart from a few exceptions, the vast majority of content in Office 365 services is stored in SharePoint. Some examples:
So hopefully this is enough to convince you that Microsoft SharePoint is the storage king in Microsoft Office 365. Why am I bringing this up? Because when dealing with Sharing in Office 365, all the security and permission concepts of SharePoint still apply. Let's start with a refresher, or simple SharePoint security 101:
Security is based on the concept of inheritance. By default when files are created or uploaded to a location in SharePoint they inherit the permission of the parent, say a document library, who in turn inherits permission from the site, who inherits the permission from the site collection contained in.
If we need to restrict access to a library to a small group of people, we "break" the inheritance. This means that if permissions are changed at the site level, they won't affect the library and its files. From now on the library manages its permission separately, in other words it has unique permissions.
Now that we understand the basics let's see the different types of Sharing available in Office 365.
Unless you have been living under a rock in the last few years, you are likely to be familiar with the Office 365 sharing window. It's being standardised across most Office 365 workloads and desktop apps, Windows Explorer, and you will find exactly the same on mobile devices when using OneDrive, PowerPoint or the new Office mobile app.
The first thing to note is that there is a type of sharing selected by default, in this case is People in your Organisation. This will depend on a couple of settings that we'll see in Part 2, but it's also important to know that you can select another option. In fact there are four options in total. Let's see each one in details and when to use them
The name is quite self-explanatory, and as you'd expect you type in a recipient's email address and they'll get access straight away. Its properties are:
Sharing window on mobile
As you can guess this grants access to internal users only.
This might not be as intuitive as the previous ones. With this option you grant access to specific recipients, including external users. The main difference is that new external recipients need to verify their identity via one-time passcode they receive in their mailbox as part of the process. The link cannot be forwarded to others, and the access can be revoked anytime (stop sharing the link). If you share with an internal user, only the recipient will be granted access, not everyone in the organisation.
There can be external users that have been manually added to the organisation's directory by an administrator, and therefore have exiting access in the organisation. Another scenario is when external users were initially allowed and disabled at a later stage. Users that received sharing invitation during that time would still be in the organisation's directory unless an administrator have manually removed them.
In my experience this is the least understood sharing option and often people are unsure if or when they should use it.
The main concern is that end users that haven't received proper training, will try to use this option (especially if it's set by default) by typing in an external recipient's email address, and will receive a message that it cannot be shared (because this person did not have previous access). The frustrated user that wants to get the job done will then select another option like Specific People and will always share it this way. This is why educating users is a crucial part of technology adoption and cascading effects like satisfaction, motivation, productivity
This option can be useful:
Microsoft Teams - If the new Sharing experience in Microsoft Teams is not yet available in your tenant, to achieve the same result, you can select a file and use the Open in SharePoint option, then from there you can share the file. For more information see this Blog post in the Microsoft Tech community
Now to tie all this back in to the inheritance concept, you might be surprised to know that apart from People with existing access all the other options do break the inheritance of the file/object that is shared (more on this in a moment)
Manage Access is a handy little feature that allows a file owner to manage sharing and permissions, specifically:
Note: Original permissions can only be restored via Advanced Settings (delete unique permission)
Send Link Dialogue
This comes down to a compromise in my view. Breaking inheritance at the file level can impact future access, for example if new users or groups are added to the library or site, they won't be able to access those uniquely 'permissioned' files. On the other hand having an agile sharing function allows end user to get their job done without resorting to third party tools and potentially exposing company's sensitive information. There is more to it, as we will see in Part 3, because this relates to Change Management, and to have established a proper governance, where your services are configured according to the organisation's policies.
Another great feature that has been recently launched is Request Files. If your company has allowed Anyone in your OneDrive, you can use this neat function to collect files from multiple external parties without them see each other's files.
News, trends, insights and opinions
about the modern workplace