What we don’t know about SharePoint online externalization

Sriram Varadarajan
Enterprise Architect
Published On :   03 Dec 2016
Visit Count
Today :  1    Total :   2310
Plan, Migrate, Secure, Report
SharePoint & Office 365 Tool. Simple & Easy to Use. 15-Day Trial!

Sharegate: Kick-Ass Tool
Think Your SharePoint & Office 365 Are Secure ? Find Out Now!

We all know that a SharePoint online site can be externalized, how to externalized a Site Collection is beyond the scope of this blog, we will go one step further and shall talk on to whom we can externalized the site.

Can we externalize a SharePoint online site collection to all?

If your answer is yes, then I’m sorry!!! Sad smile

For those of you who have said yes, BYB you’re not wrong too MS has changed it for some security reason, without much announcement.

Earlier as long as you externalized a site collection, you should be able to invite any users to access to your site.

But now, assume we want to share an invite to a user called ABC at Contoso.com here is what we should know.

1. If Contoso have registered their domain as contoso.com within O365 then they would need to enable ABC as a valid account so the external sharing invite can be accepted.

2. If ABC attempts to register a live account as ABC.ABC@Contoso.com when the domain is registered in O365/Azure AD then he will receive an error.

3. If the Contoso.com is NOT registered in O365 then the external user can, in theory, register their corporate email as a live account (but this is not recommended!) as in the future if Contoso comes to 0365 it will fail.

4. If Contoso.com use a different UPN and SMTP address them the external invite must match the UPN as this is what will be held in the Azure AD. In this example ABC.ABC@contoso.com much be the UPN Address for the external invites to be accepted.

5. If external customer UPN does not match external sharing invite then ABC will not be able to accept.

Issues on this approach

1. There are many situations when customers could have an O365 domain but users do not have email in their environment

2. Not recommending customer corporate live account as live accounts, clearly there would be legal ramifications if we invited users with personal email addresses.

3. This facility has been working fine (and seen as a big improvement over the on-prem sharing) but now with the tightening of the rules – which is what seems to have happened – this will mean the death of such sharing that has been such a success. And if we insist users to engage with their own IT departments to understand/check whether they organization holds a 0365 account is really going to be painful to the users.

What made MS to change this approach ?

Please refer to this article to know more on what made MS to change this process.

SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.

KWizCom Forms App