Office 365 SharePoint External Users License and Security

Reading Time: 4 minutes

 

Overview

Microsoft Says: An external user is someone outside of your organization who can access your SharePoint Online sites and documents but does not have a license for your SharePoint Online or Microsoft Office 365 subscription. External users are not employees or onsite agents for you or your affiliates.

You do not need to buy licenses for adding external users to SharePoint Online. Also, you can add unlimited external users. Microsoft Text: “There is no limit to the number of external users you can invite to your SharePoint Online site collections

Making Employees as External users: It is possible to do but it would be illegal if the company’s employees are accessing the Tenant with external users instead of paying for a SharePoint license.

We have three ways to access/login by external users

  • Microsoft Office 365 Microsoft account or Organizational account
  • Microsoft Account with any email id (free)
  • Anonymous users (access to individual documents via guest link – not recommended for security issues, because the link could be potentially forwarded to anyone else).

All External users will need to register their email with Microsoft but not necessarily a LiveID.

Key Points to know

  • Access is granted to the desired level, it can be removed at any time by the user administration page of Office 365.
  • If they are external users, they don’t need a SharePoint Online license and they can take full advantage of SharePoint Online features.
  • You should be able to add the external users to a group, they are utilized the same as your internal users from a security perspective.
  • The only things that you cannot do with external users is make them as site owner. The role of site collection admin is open to external users as well as full control but the site owner role is not. When you create a new site collection attempt to add an external user as site owner it will not allow.
  • External users cannot install office desktop products from the tenant, everything else works the same as licensed user.
  • External user can edit documents in Office Web Apps (Browser)
  • External user can download/upload documents
  • External user can edit/upload/download/check-in/check-in as per the granted permission without license.
  • We can Share by
  • List Item / File / Folder / Library / List
    • When you share to an external users, they do not get added to your tenant.
    • They either access it using a pass code emailed to them while accessing or they access it as anonymous (if shared as anonymous)
    • Share SharePoint files or folders in Office 365
    • Mi roosft Text “People who are invited to access documents using anonymous guest links will only be able to view or read files in the relevant Office Online. They will not be able to open files in a corresponding desktop version of the Office program”
  • Site
    • External users are only added to your tenant under guest, if you share a site and only after they accept your invitation.
    • After sharing sites to external user (to microsoft account) From this contact is created regular cloud account com#EXT#@yourtenant.onmicrosoft.com, Refer below image.
    • You can’t share sites anonymously
    • Share SharePoint Site in Office 365

Multi-factor authentication

Yes we can enable multi-factor authentication for external users.

Security and Governance

Microsoft is updated the behavior and governance of access by external users in Microsoft Office 365. An external user will see only the content that is shared with that user or with groups to which that user belongs. External users will no longer see content that is shared with Everyone, All Authenticated Users, or All Forms Users. By default, content that is granted permissions to these groups will be visible only to your organisation’s users.

Administrators can change the default behaviour to enable external users to see content that’s with Everyone, All Authenticated Users, or All Forms Users.

Microsoft Articles

  1. How to govern access of external users in Office 365
  2. How to determine resources to which all external users have access.

Sharing and security

If you have confidential information that should never be shared with external users, consider having one or more site collections where external sharing is turned off where you keep your confidential information. Create additional site collections as needed to use for external sharing. This helps you to manage security risk by preventing external access to sensitive information.

Audit Reporting

One of the key IT benefits is to be able to audit usage, including being able to see who is inviting whom and when an external user logs in to access the content.

Click here to see your tenent activity report including external users.

FAQ’s

  1. Any limit to add external users to your tenent?
    • You get unlimited external sharing , there is no limit to the number of external users you can invite to your SharePoint Online site collections.
    • Even one user with any E type license, the number of external users is unlimited.
  1. Can I just create a group and add all the external users email addresses?
    • Yes
  1. Do all the users need to have a live ID?
    • Not necessarily
  1. What is the easiest way to share with approx 100+ external users?
    • Azure B2B

Find more details here

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-o365-external-user

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-api

https://www.youtube.com/watch?v=AhwrweCBdsc

  1. Do external users required license?
    • No, they can take full advantage of SharePoint Online features without license.
  1. Can they use search?
    • Yes, External users cannot use Enterprise Search however, they are allowed to get content via Cross Site Collection Publishing which is based on Search. The Cross Site Collection Publishing is a specific set of data that is being surfaced by Search so that is why it is allowed for External users.