How Does External Sharing Work in Microsoft 365?

Post Date: 11/17/2020
feature image

This post highlights some of the topics discussed in our webinar “Solving The Microsoft 365 Guest User Puzzle.” Watch the full demo session here!


External collaboration is a necessity for modern businesses. Business users have been doing it for years via tools like email, but organizations start to get a bit warier when it comes to more complex collaborations.

There’s a fear that if you let people into your Microsoft 365 tenant, you’ll be more open and exposed than you might be otherwise. While there’s a kernel of truth in that, you just need to have a good guest management program to make it work.

In our recent webinar headed by Dux Raymond Sy and John Peluso, the two went through a series of demos explaining how to enable external collaboration and Office 365 governance safely and efficiently. We’ll go over a few of their key points in this post, but for in-depth demos and explanations be sure to watch the recording!

The Case for External Collaboration in Microsoft 365

It’s safe to say that data security is more of a concern now than ever before. In a year when ransomware attacks have quadrupled, there’s reason for organizations to be especially concerned about allowing external users access to their tenants. Some of the most common concerns we hear include:

  1. By “letting them in,” you make it easy to over-share outside the organization.
  2. “I don’t trust my users to be careful when sharing, especially externally.”
  3. “My security team will never go for it.”
  4. “Once an external person is in, how do I get them out?”

In reality, however, organizations are already sharing externally; it’s just a matter of how you do it. Are you leaving it up to your users to decide when and how external collaboration takes place? Once your data leaves your system, what control do you have over it? Do you know what your external users are doing with your data? These are all questions worth asking.

Though the vast array of external sharing settings can seem overwhelming and a bit disjointed at first, the different layers of settings are in place so you can put together a guest access program that makes sense. For Microsoft Teams-specific collaboration, this guide by Microsoft is an invaluable resource.

Guests in Groups and Teams

What we have in the modern versions of Azure Active Directory and Microsoft 365 is a new model that leverages a technology called Azure Active Directory B2B. This feature allows users to create a reference (think of it as a clone of sorts) that acts as the guest user when working in an external environment. The directory knows it’s a guest, but since it’s just a reference to an account in another domain, there are some great benefits. These include:

  1. Since it isn’t the actual user, the external organization doesn’t have to “own” that user’s password or authentication
  2. If an external agency requires authentication, the clone can go back to its organization and be authenticated (even two-factor authentication is possible)
  3. If the user leaves their company, their guest user reference automatically loses access to the external organization.

Better yet, no special licensing is needed for Azure B2B; one paid license gives you five guest accounts to be used for situations like these. If you have one paid Microsoft Teams license, for instance, you can have up to five guest accounts with the same license. It’s a generous ratio that makes external collaboration that much easier.

Have questions about external sharing in M365? Check out this post: Click To Tweet

Why is collaborating with guest users in Microsoft Teams so important?

Especially coming from SharePoint, we tend to think of collaboration as being centered around documents. While there’s some merit to this, there’s also so much more that can be accomplished. With Teams, the beauty is that all the communications around a project are contained in one central place.

In departments like marketing, for instance, there’s a ton of back and forth in terms of meetings, approvals, designs, videos, etc., and doing all that through email chains just isn’t efficient. Or perhaps you’re collaborating with an internal team and they’ve already brought in someone to work with from outside the organization.

There are plenty of use cases for leveraging Teams internally and externally that goes beyond typical document collaboration. For more on when to use Microsoft Teams for collaboration, reference our guide here.

microsoft 365

How can you manage all of this at scale with minimal burden on your IT/operations teams?

Consider these key considerations:

How do you want to onboard new external collaborators? Will they be controlled or subject to approval? Open to owner invites? Manual or automated?

Who do you want to share with, and where? Do you need to collaborate externally? If so, what does that collaboration look like?

How will you handle the lifecycle of guests? Monitoring, reporting, need for access, off-boarding…how will this happen?

Watch the full webinar to learn how to tackle these questions, see in-depth demos, and more! 


For more on guest user access be sure to subscribe to our blog!

As the former Content Marketing Specialist for AvePoint, Brent led the strategy and direction of all AvePoint's blog properties.

View all posts by Brent Middleton
Share this blog

Subscribe to our blog