In earlier posts, we have seen how you can block Azure Portal access for Guest Users aka External Users, use Azure Portal roles to allow users, including guest users to invite guest users from partner organisation and restrict non-administrators of the Azure Active Directory from accessing the Azure Active Directory Administration Portal.
Recap of this series:
- Block Azure Portal for External User
- Azure Portal Roles for External Sharing
- Restrict User Access to Azure AD Administration Portal
- Secure External Sharing in SPO (this post)
This post circles back to SharePoint Online and how you can secure external sharing (guest access) to SharePoint Online – at different service levels.
- Azure Active Directory Controls
- Office 365 Admin Center
- SharePoint Admin Center
Azure Active Directory (AAD) Controls
AAD is the top tier from where you can restrict Guest User access to Azure AD / Office 365.
Conditonal Access Policy – Block Guest Users from SharePoint Online
After setting up the Conditional Access Policy to Block Guest Users from SharePoint Online, this is the message a guest user gets after receiving the invite, completing the onboarding process and logging in to the shared SharePoint Online Site.
Office 365 Admin Center
AAD controls are only available if you have purchased the Enterpirse Mobility Suite (EMS) subscription. If you don’t have the EMS subscription, your top-tier by default will be the Office 365 Admin Center.
- Once you have logged in to your tenancy with Global Administrator permissions, browse to https://portal.office.com/adminportal/home#/settings/security
- In the security and privacy page, you will see the Sharing option. If external sharing has not been enabled in your Office 365 Admin Center, then the configuration should show Off.
- Click Edit and in the new dialog window
- Select the slider to enable Sharing and Save
You will note in the window above another link to change the external sharing settings for SharePoint. This is covered in the post below.
SharePoint Admin Center
- Once you have logged in to your tenancy with Global Administrator permissions, browse to https://[tenant]-admin.sharepoint.com/_layouts/15/online/SiteCollections.aspx
- Browse to Sharing link from the quick launch bar (on left hand side)
- In the External Sharing page, located in your tenancy at https://[tenant]-admin.sharepoint.com/_layouts/15/online/ExternalSharing.aspx you should see this page and the options selected by default – if external sharing has never been enabled and configured in your tenancy.
- To start with, start with the 3rd option under Sharing outside your organisation
- Click Save
- Review the information that pops up in the dialog box and click OK
That’s it! With this post, we wrap up the series on External Sharing with SharePoint Online and Securing External Sharing SharePoint Online.