Secure External Sharing in Microsoft 365 and Azure AD – Series

This post is part of the Secure External Sharing Series.

Now that we have enabled external sharing in Office 365 and SharePoint Online, it’s time to secure external sharing capabilities! There are couple of ways to secure external sharing and ensuring that external users can only access an inviting organisation’s content that they have been invited to and not have access to any other assets or content.

I have lined up few blog posts in a series format that will cover different areas across Microsoft 365 (aka Office 365) and Microsoft Azure – which, if not configured, can give your external users access to services and content that they should not be accessing.

Stay tuned – subscribe to RSS – for post updates or email newsletter (for regular updates and zero spam) to get updates as I post blog posts.

Open SharePoint Online Email Links in SharePoint Mobile App



This morning, saw an update in the iOS App Store for Microsoft SharePoint App and I am so pleased to see this update that it triggered me to publish this post.

You may think, what triggered me off?

Ok, so let’s summarise the issue here and before you update the Microsoft SharePoint App, try out the this scenario below.

Continue reading “Open SharePoint Online Email Links in SharePoint Mobile App”

Who will approve my Provider-Hosted SharePoint Add-in request?

We had an interesting situation at one of our projects. The build team had created their first Provider-Hosted SharePoint Add-in and were ready to upload in the pre-production environment’s add-in catalog. As the build team did not have access to manage the add-in catalog, the operations team deployed the add-in.

Uploading a SharePoint Add-in to a corporate add-in catalog is as easy as uploading any file to a SharePoint document library. You fill out a pop-up form in which you supply the local URL of the add-in package and other information, such as the name of the add-in. (Reference Link)

However, SharePoint Add-in was not available for the users in the Your Add-ins page. This is a page from where users, can install an add-in and this recently uploaded add-in was not listed!

What’s going on? The SharePoint Add-in deployed without errors. And the Operations team that deployed the SharePoint Add-in are the SharePoint Administrators of the SharePoint Online admin centre.

Right, so what happened? This is what happened! There was no issue with the add-in or the deployment.

Operations team were assigned SharePoint Administrator permissions by the Global Administrators/Tenant Administrators. Prior to the operations team being assigned permissions, tenant administrators had provisioned App Catalog Site.

As we can see, administrator of the app catalog site collection was set at the time of creation of site collection, being the primary site collection administrator.

This is the user (site collection administrator) who was getting email notifications for any add-in that was deployed and for the add-in to be approved for publishing. And then the add-in would be available in the Your Add-ins page.

So the fix to this, was to change the primary site collection administrators to be someone from the operate team and also add secondary site collection administrator for the app catalog site collection!

Once this was set, the site collection admins from the operate team got email notifications for the add-ins to be approved to be published!