External Sharing Best Practices

Tuesday, April 30 th, 2019 Presenter: Amanda Schulz

Welcome!
Today’s webinar will begin
shortly.
Please post all questions in
the Skype chat window and
we will answer them at the
end of the webinar during the
Q&A session.
Webinar Objectives

Users will understand:

• How to share externally
• Things to consider when deciding to enable
external sharing on a site
• Best practices to make the most of your
external collaboration and avoid common
pitfalls

John Deere | SharePoint Online External Sharing Best Practices

Steps to share externally

1. Site Owner: enable external sharing on a SPO site (requires

approval from site owner’s manager)
• New site (be sure to select no template on page 1 and
external collaboration on page 2)
• Existing site (settings wheel > site details)
2. Site Owner: send an invitation to the external user email address
• Add the external user to a SharePoint group (recommended)
• Share a site, document, folder, library, etc. (harder to manage)
3. External user: Use the original link shared with them to access the
SharePoint site
4. Once external user’s permissions are set, internal SharePoint
users can share just as they would with internal users (depends on
access of external user)

John Deere | SharePoint Online External Sharing Best Practices

Considerations for enabling external sharing

Enabling external sharing on a site immediately activates Information Rights

Management (IRM) on all lists and libraries on that site.
• To edit IRM-protected files, you need to download them
• Co-authoring is not possible with IRM. Only one person can edit at
a time as you need to check out and download documents to edit
them
• IRM protects most Microsoft file types, but not Microsoft Project
• IRM-protected .pdf files require a PDF reader to be opened
• If external sharing is disabled for a site, the site owner has to
manually remove external users and IRM on each list and library.
• There are more advanced IRM settings at the library level that
should be considered for more sensitive content
• The file format for Protected PDF files (.ppd) is not supported.

John Deere | SharePoint Online External Sharing Best Practices

Considerations for enabling external sharing (cont.)

Instead of enabling external sharing on an existing site, it is best to create a

new site for your external sharing purposes if…
• Your existing site is not in SharePoint Online
• Your existing site is in SharePoint Online, but
contains sensitive information
• You need to share externally with multiple companies
but the content should not be shared across them
• Your existing site has many internal purposes and
users and applying IRM would disrupt collaboration
and productivity.

We have not yet started complex site migrations to SPO, so if

you have a large, complex site on prem and need external
sharing, the best solution is a new site specifically for that, and
save the migration for later.

John Deere | SharePoint Online External Sharing Best Practices

So when should you just enable an existing site?
Enable external sharing on an existing SPO site if…

• It was specifically created for the project that you need

external sharing for
• The external users need access because of a merger or
acquisition and don’t yet have Deere accounts
• It does not contain sensitive information
• Only a small number of external users require access

Keep all of these points in mind when deciding whether to

enable external sharing on an existing site or just create a
new site for your external sharing purposes.

John Deere | SharePoint Online External Sharing Best Practices

Use SharePoint Groups for external users

Active Directory groups are the best way to grant access to internal users, but
because they cannot be used for external users, SharePoint Groups are key.
• Create SharePoint groups specifically for external users by company, project, or access
required
• Create document libraries based on project or company
• Name groups and libraries something descriptive
• Begin or end with “EXT” for external
• Include company and/or doc lib names
• Examples: “EXT Company A”, “EXT Project KT Read Only”
• Be sure to send an email to the external users when you add them to a group – this is the
link that they must use to gain access to the site
• Sometimes the email goes to the external user’s junk mail. If the user can’t find the
email with the original link, you can forward the copy that you also received

John Deere | SharePoint Online External Sharing Best Practices

Working with multiple companies

Working with external users from multiple companies can become challenging
to manage access.
• If content needs to be shared, use one site but create different
SharePoint groups for each company, even if they are
accessing the same document libraries
• It is easier to manage access and share links by document
libraries versus folders, so a best practice is to use doc libs
whenever possible.
• If content should not be shared, create multiple sites; one for
each company with different content to be shared.
• Keep in mind that there is no extra cost for additional
SharePoint sites, and separating content at the site level is less
risky than at the document library or folder level.

John Deere | SharePoint Online External Sharing Best Practices

Miscellaneous info and tips
• Only a site owner can grant external users access to a site, but once the
permissions have been set using a SharePoint group on a document library or
other parts of a site, anyone can send links to documents and libraries
• If an external user does not have a Microsoft account through work, they will
need to create one using the “No account? Create one!” link when they click
on the link that you send them. Then they will need to create an RMS for
Individuals account using the same email address that was used to share the
site with them.
• External users can be reviewed using SECOR for your site, but you will only
see email addresses.
• We have no way of verifying if external users are still valid, so it is a best
practice to validate their continued need for access on a regular basis
• After external sharing need is over, delete the site to ensure removal of
external access

John Deere | SharePoint Online External Sharing Best Practices

Common issues related to IRM

• Documents that are IRM-protected should only be shared via a link (use "Copy link"). If you try
to email the document (even to someone who has the appropriate access) they will not be able
to open or edit.
• If you want to move a doc from library A to B, you must first turn off IRM, then move it, then turn
IRM back on. If not, last person that edited document is the only person that can modify the file
in the new location.
• Sometimes external users are unable to edit downloaded documents that have been shared
with them due to IRM conflicting with SP Designer, Visio, or MS Project – it should be a last
resort to uninstall to see if it resolves the issue.
• To access IRM-protected documents from a non-Deere asset, Microsoft Office 2016
Professional Plus and/or Microsoft’s Active Directory Rights Management Services Client 2.1
may be required.

View all in more detail at our External Sharing Common Issues page

John Deere | SharePoint Online External Sharing Best Practices

Where to find more information and help

• SharePoint Online Guide

• External Sharing Guide
• Cloud Access Security FAQs
• Coach your users through the external
sharing experience – Microsoft’s guide that
you can send to users
• RMS for Individuals - only if the external user
had to create a Microsoft account
• SharePoint 101 Yammer group - Post your
questions here!

John Deere | SharePoint Online External Sharing Best Practices

 Questions?

John Deere | SharePoint Online External Sharing Best Practices