Author Archives: Kelsey Epps

Manage External Sharing at the Site Collection Level – Office 365 (SharePoint Online)

Office 365 with SharePoint Online allows you to have granular level control of your data and how it’s shared internally and externally. In the previous post, Manage External Sharing at the Tenant Level – Office 365 (SharePoint Online), I showed you the tenant level options; the post below, I will highlight a how to do this at a site collection level.

Please keep in mind that you will need to do your own internal security assessment and fit these settings to your organization.

For more detailed information about all the external sharing scenarios in SharePoint Online, please use the Microsoft KB below.

https://support.office.com/en-us/article/Manage-external-sharing-for-your-SharePoint-Online-environment-c8a462eb-0723-4b0b-8d0a-70feafe4be85?ui=en-US&rs=en-US&ad=US

Login to the Office Admin Center

On the left navigation menu, click Admin Centers

Click SharePoint

  • You need the correct permissions to access SharePoint Admin center and make the changes

Click Site Collections

Select the Site Collection you want to change the sharing on

Click Sharing

Set the Sharing Settings

Sharing Outside your organization – Select the option that meets your security requirements. If you have tenant level settings that are more restrictive than the default options, the lesser options will not be available.

  • Don’t allow sharing outside your organization – Prevents all users for all sites from sharing with external users. This option is typically set when organizations cannot share any content externally.
  • Allow sharing only with the external users that already exist in your organization’s directory – Allow sharing only for external users that are in the organizations directory. External users who do not already exist in your organization’s directory are prevented from accessing data. This is the most secure method to share data externally since the external users accessing the data must reside in the organizations directory. This gives the ability for checks and balances to be put in place because a typical user is not allowed to add external users to the organizations directory. Typically this goes through an approval work flow and is strictly governed.
  • Allow users to invite and share with authenticated external users – External users who have received sharing invitations are required to sign-in with a Microsoft account to access the content. This method is a little less secure than the one above, but it’s more secure than the one below. This gives the ability for external sharing governed by the user sending the links.
  • DEFAULT – Allow sharing to authenticated external users and using anonymous access – Allow site users to share sites with people who sign in as authenticated users, but you also want to allow site users to share documents through the use of anonymous guest links, which do not require invited recipients to sign in. You can also specify, in number of days, when the links will expire. This is the least secure and default option in SharePoint Online.

Additional Settings

  • Limit external sharing using domains – This option gives you granular level control to the domains you want or don’t want to allow sharing with.

Click Save

Manage External Sharing at the Tenant Level – Office 365 (SharePoint Online)

Office 365 with SharePoint Online allows you to have granular level control of your data and how it’s shared internally and externally. In the post below, I will highlight a few of the common settings and highlight the default settings. Please keep in mind that you will need to do your own internal security assessment and fit these settings to your organization.

For more detailed information about all the external sharing scenarios in SharePoint Online, please use the Microsoft KB below.

https://support.office.com/en-us/article/Manage-external-sharing-for-your-SharePoint-Online-environment-c8a462eb-0723-4b0b-8d0a-70feafe4be85?ui=en-US&rs=en-US&ad=US

Login to the Office Admin Center

On the left navigation menu, click Admin Centers

Click SharePoint

  • You need the correct permissions to access SharePoint Admin center and make the changes

Click Sharing

Sharing Outside your organization – Select the option that meets your security requirements.

  • Don’t allow sharing outside your organization – Prevents all users for all sites from sharing with external users. This option is typically set when organizations cannot share any content externally.
  • Allow sharing only with the external users that already exist in your organization’s directory – Allow sharing only for external users that are in the organizations directory. External users who do not already exist in your organization’s directory are prevented from accessing data. This is the most secure method to share data externally since the external users accessing the data must reside in the organizations directory. This gives the ability for checks and balances to be put in place because a typical user is not allowed to add external users to the organizations directory. Typically this goes through an approval work flow and is strictly governed.
  • Allow users to invite and share with authenticated external users – External users who have received sharing invitations are required to sign-in with a Microsoft account to access the content. This method is a little less secure than the one above, but it’s more secure than the one below. This gives the ability for external sharing governed by the user sending the links.
  • DEFAULT – Allow sharing to authenticated external users and using anonymous access – Allow site users to share sites with people who sign in as authenticated users, but you also want to allow site users to share documents through the use of anonymous guest links, which do not require invited recipients to sign in. You can also specify, in number of days, when the links will expire. This is the least secure and default option in SharePoint Online.

Default Link Type

  • Direct – Accessible only to users who already have permission to access the document
  • Internal – Accessible only to users within your organization
  • DEFAULT – Anonymous access links – Accessible by anyone

Additional Settings

  • Limit external sharing using domains – This option gives you granular level control to the domains you want or don’t want to allow sharing with.
  • Prevent external users from sharing files, folders, and sites they don’t own – I would highly recommend that you check this box. This prevents external users from sharing data they don’t own or that they should not be sharing.
  • External users must accept sharing invitations using the same account that the invitations were sent to – I would highly recommend that you check this box. This locks access down to the account where the invite was sent.

This screen shot is the default sharing settings for SharePoint Online

This screen shot is how I setup my own SharePoint Online external sharing.

Restrict Syncing to Specific Domains – OneDrive for Business (Office 365)

OneDrive for Business now can restrict syncing of files to managed computers. This is done by configuring OneDrive for Business to sync with only specified domains. Use the process below to enable this option and add specified domains.

Login to the Office Admin Center

On the left navigation menu, click Admin Centers

Click OneDrive

Click Sync

Click Allow syncing only on PCs joined to specific domains

Click Add Domains

Add the domain(s) in which you want to add to the list

Check Block sync on Mac OS if that’s required

  • This will prevent Mac OS users from syncing entirely

Click Save

User Level Calendar Publishing Office 365 (Exchange Online)

How many times have you received a meeting request, from someone outside your organization and it’s during a time where you are already booked. Then you play the back and forth game trying to find a time. Did you know that Office 365 allows you to publish your calendar so that external users can view it? The setting is contained in OWA (Outlook Web App), but you can link to it from Outlook

Open this link OWA Calendar Publishing or click below through Outlook

Open Outlook

Click on your Calendar

Click Publish Online

Click Publish this calendar

  • If you already have it published online and don’t know it, or just want to make changes; click Configure this published calendar…

Once you click above, you are redirected to OWA Calendar Publishing

Calendar Publishing

Select your calendar

  • If you have multiple calendars setup, chose which one you want to publish. Your default calendar should be selected

Select the permission level. I generally only publish my calendar with ‘Availability Only’

  • Not Shared (Default)
  • Availability Only (Shows all your meetings in blocks, no details are given)
  • Limited Details (Shows all your meetings, with the subject of the meetings)
  • Full Details (Shows all your meetings in full detail)

Click Save

You will be provided with two links. I generally share the HTML view in a signature so that others can click and see when I am free.

HTML to view your calendar

ICS to add your calendar to Outlook

Here is a view of the HTML version with ‘Availability Only’ selected

Managing Office 365 Release Preferences

Office 365 provides the ability to have your tenant or users in your tenant be bumped up the line for new feature releases. Think of this as dropping a rock in water and watching the wave rings move outward. The closer you are to the center, you can get the new features first. Microsoft has this concept of Standard Release and First Release. In Standard Release, you get all the new features at a slower pace. In First Release, you get all the new features before Standard Release. If you opt in for First release, you can have your whole tenant (all users) get the newest updates or you can select users in your tenant. A good use case for the complete tenement being on First Release would be your lab environment. You want to see all the newest updates/features roll out here first, so that you can test how they function and the impacts on your user base. A good use case for select users being on First Release, would be a group of power users or pilot users in your production tenant. This gives the ability to see the new updates/features to a group of friendly users before they hit the rest of the production users.

For more information on Office 365 Release Preferences, see the KB below.

https://support.office.com/en-us/article/Set-up-the-Standard-or-First-Release-options-in-Office-365-3B3ADFA4-1777-4FF0-B606-FB8732101F47

Office 365 Release Preferences

In this example, I will show how to enable first release for select users in a tenant. First release for everyone, is pretty much self-explanatory.

Login to the Office Admin Center

On the left navigation menu, click Settings

Click Organizational Profile

Click Edit on Release Preferences

In the flyout, select First release for selected users

Click Next

Click Yes when asked ‘Are you sure you want to change to first release for select people?’

Click Add People

Select the users

Click Save

Click Close

A list of users under First Release will now be displayed

Click Close

You can add/remove users by coming back into this menu and clicking +Add Users or –Remove Users

Disable LinkedIn Contact Sync in Office 365 (Exchange Online)

Office 365 gives users the ability to synchronize their LinkedIn contacts to Office 365. Those contacts are listed as contacts in People in Office 365. Many security conscious organizations want to prevent data leakage and the accidental forwarding of emails outside the organization. The though is that if these contacts are not synchronized, then the chances of accidental forwarding will not happen. I will leave it up to you to decide, but I have had partners ask for this to be disabled.

To learn more about this feature, visit the site below.

https://support.office.com/en-us/article/Manage-LinkedIn-contact-sync-in-your-organization-8097C125-8628-4453-8138-BAEC6438863F

Disable LinkedIn Contact Sync in Office 365 (Exchange Online)

Login to the Office Admin Center

On the left navigation menu, click Admin Centers

Click Exchange

In the Exchange Admin Center, click Permissions on the left navigation menu

Click Outlook Web App policies

Double click OwaMailboxPolicy-Default policy

  • If you have more than one policy, you may have to edit all the policies. Chances are that if you have more than one policy you also know what all those policies are for and will edit accordingly.

On the Outlook Web App policies window, click Features

Uncheck LinkedIn Contact Sync

Click Save

The user experience now changes and the option to connect to social networks is now removed.

BEFORE

AFTER

Disable Outlook Web App (OWA) Offline Cache Mode – Office 365 (Exchange Online)

By default Office 365 (Exchange Online) allows users to enable an offline cache of all their email when using OWA. As you can imagine this doesn’t fit all corporate security models because OWA can be accessed anywhere and then the email can be cached on any computer. This post will cover how to edit the default Outlook Web App policy so that you can disable this feature.

For more about the user side of the experience and how to turn on/off at that level, please reference the Microsoft KB below.

https://support.office.com/en-us/article/Using-Outlook-Web-App-offline-3214839c-0604-4162-8a97-6856b4c27b36

Disable Outlook Web App (OWA) Offline Cache Mode at the organizational level

Login to the Office Admin Center

On the left navigation menu, click Admin Centers

Click Exchange

In the Exchange Admin Center, click Permissions on the left navigation menu

Click Outlook Web App policies

Double click OwaMailboxPolicy-Default policy

  • If you have more than one policy, you may have to edit all the policies. Chances are that if you have more than one policy you also know what all those policies are for and will edit accordingly.

On the Outlook Web App policies window, click Offline Access

Check Never

Click Save

Now when we try to enable offline access for OWA under the user account, the user is blocked from doing so.