Define Your Office 365

External Sharing Strategy

Tuesday, April 24, 2018
12:00 - 1:00 PM

(#)
http://eum.co
Peter Carson

• President, Extranet User Manager and

Envision IT
• SharePoint MVP
• Partner Seller, Microsoft Canada
• peter.carson@extranetusermanager.com
• http://blog.petercarson.ca
• www.extranetusermanager.com
• Twitter @carsonpeter
• VP Toronto SharePoint User Group

(#)
http://eum.co
Logan Guest

Sales
• e: logan.guest@extranetusermanager.com
• p: (647) 265-8256

(#)
http://eum.co
Agenda
Introductions

Extranet Considerations

Office 365 External Sharing OOTB

Administering External Sharing

Extranet User Manager Features

Demo and Customer Scenarios

Wrap Up and Q&A

(#)
http://eum.co
Private by
default

(#)
http://eum.co
Office 365 Groups

Matt Wade - http://icansharepoint.com/everyday-guide-office-365-groups/

(#)
http://eum.co
What is an Extranet

• An extranet is a website that is accessible to

users outside of the corporate network, which
allows organizations to share information and
collaborate with their customers, partners,
and/or vendors in a secure and easy-to-use
environment
• It may be delivered in a number of ways:
• As an extension of the public website
• As a secure portion of the corporate intranet
• As a standalone extranet

(#)
http://eum.co
http://eum.co
Styles of Extranets

One to Few One to Many

• Collaborative • Publishing
• SharePoint Online (Office 365) or on • Secure website
premises • May also have a public (anonymous) section
• Typically invitation only • Self-registration is common
• Collaborating on documents • One way push of private content out
• File upload and download • Limited feedback
• Editing • Like and comment
• Various file types • File upload
• Often project focused • Profile management

(#)
http://eum.co
Five Considerations for your Extranet

1. Who will be accessing the extranet? Is • Members • Board of Directors

there a member database to interface
• Customers • Citizens
with?
• Vendors • Researchers
• Suppliers • Tenants
• Volunteers • Partners

(#)
http://eum.co
Five Considerations for your Extranet

1. Who will be accessing the extranet? Is there a Invitation Only

member database to interface with?
• Smaller, known set of users
2. Self-registration option or invitation only?
• Managed centrally or delegated
Who approves new registrations?

Self Registration
• Onboarding hundreds or thousands of external
users
• Approval workflows
• Auto-approvals
• Delegation

(#)
http://eum.co
Five Considerations for your Extranet

1. Who will be accessing the extranet? Is there a • Email and password

member database to interface with? • Self-service password reset
2. Self-registration option or invitation only? • Office 365 / Azure AD
Who approves new registrations?
• Microsoft Account
3. How will your extranet users authenticate?
• Google
• Facebook
• LinkedIn
• Twitter

(#)
http://eum.co
Five Considerations for your Extranet

1. Who will be accessing the extranet? Is there a • Accessing published content

member database to interface with?
• Collaborating on specific documents
2. Self-registration option or invitation only?
• Accessing team or project sites
Who approves new registrations?
• Becoming full-fledged members of Office 365
3. How will your extranet users authenticate?
Groups
4. What interactions are your external users
going to have?

(#)
http://eum.co
Five Considerations for your Extranet
1. Who will be accessing the extranet? Is there a
member database to interface with?
2. Self-registration option or invitation only?
Who approves new registrations?
3. How will your extranet users authenticate?
4. What interactions are your external users
going to have?
5. What applications will be accessible?
• Office 365 - SharePoint Online, OneDrive for
Business
• Office 365 Groups – Teams, Planner, Yammer
• Other Office 365 Apps - Power BI, Stream,
PowerApps, Flow
• SharePoint On Premises
• Third Party SaaS Applications
• Custom Applications – On Premise or Cloud
(#)
http://eum.co
Office 365 External Sharing OOTB

1. Who will be accessing the extranet? • Any type of external user

2. Self-registration option or invitation only? • Invitation only
3. How will your extranet users authenticate? • Office 365 / Azure AD, Microsoft Account
4. What interactions are your external users • Any interactions
going to have?
• Office 365 only
5. What applications will be accessible?

(#)
http://eum.co
Ignite – Office 365 External Sharing

https://myignite.microsoft.com/sessions/53864

(#)
http://eum.co
Scenario: simple external sharing

Sales materials Sales materials

Make it easy for them

Don’t make them sign-in
Don’t make them create an account
Let them forward it to whoever they want

(#)
http://eum.co
Shareable Links
• Link works for anyone
who has it
• Can be read-only or
editable
• Can set an expiration date
• Recipients decide who
else gets access
• Guaranteed to open for
anyone who receives it, on
any device
• Share with anyone easily
via email, chat, social, etc.
No frustrating errors or
sign-in/up

(#)
http://eum.co
 (#)
http://eum.co
Notification of anonymous link creation

• Protect your stuff by knowing when it’s been

shared

• See what was shared

• Remove access if desired

(#)
http://eum.co
Link for Only People in Your Organization
• Transferrable, revocable
secret key
• Added security: users
must also be signed in to
the organization
• Allows recipients to
forward within your
organization
• Blocks external people
from accessing

(#)
http://eum.co
 (#)
http://eum.co
Scenario: Secure External Sharing
• I want an external partner to review my secret document

(#)
http://eum.co
How to:
• Send a link that works for
only specific people
• A non-transferable,
revocable secret key
• Users must prove they’re
the intended recipient
• Internal users and guest
users must be signed in to
their existing account
• External users verify with a
one-time passcode

(#)
http://eum.co
 (#)
http://eum.co
 (#)
http://eum.co
External Sharing at the Site Level

• Invite external users or

groups at the site, list,
or library level
• Managed through
regular SharePoint
permissions
• External users need to
sign in

(#)
http://eum.co
Sign-in Experiences
User Type
Existing Office 365 or Azure AD user
Business email not in Azure AD
Consumer email (Gmail, Hotmail, etc.)
Experience
Logs in with their Azure AD credentials to accept the invitation
Azure AD tenant is created behind the scenes
User creates a password
Can provide their name and country
Azure AD manages the password reset requirements
Tenant can be converted to a fully managed Azure AD tenant later
Account is converted to a Microsoft account in the background
(#)
http://eum.co
Admin controls for
external sharing

(#)
http://eum.co
Managing external sharing

Control WHO can share Control WHAT can be shared externally

to external users • Anything
• Everyone • Only specific sites
• Only specific people • Only files without sensitive content
• No one
Control HOW externally shareable links can be used
Control WHICH external users can be shared with • Default
• Anyone • Enabled, but not default
• Only authenticated users • Mandatory expiration date
• Only authenticated users except • Block externally-shareable edit links
specific domains • Disabled
• Only authenticated users in specific domains
• No one

(#)
http://eum.co
Four Places to Configure External Sharing

PowerShell
Site Collection Admin
Office 365 Admin
SharePoint Admin

(#)
http://eum.co
Office 365 Groups
and
External Sharing

(#)
http://eum.co
Office 365 Groups

Matt Wade - http://icansharepoint.com/everyday-guide-office-365-groups/

(#)
http://eum.co
External users in Office 365 Groups

• Receive mails sent to the Group email

address

• Have access to the Group’s files and

folders in OneDrive

• Have access to the Group’s site in

SharePoint

• Participate in team chat in Teams

(#)
http://eum.co
Adding External Users to Groups

(#)
http://eum.co
Styles of Extranets

One to Few One to Many

• Collaborative • Publishing
• SharePoint Online (Office 365) or on • Secure website
premises • May also have a public (anonymous) section
• Typically invitation only • Self-registration is common
• Collaborating on documents • One way push of private content out
• File upload and download • Limited feedback
• Editing • Like and comment
• Various file types • File upload
• Often project focused • Profile management

(#)
http://eum.co
Extranet User Manager
Features

(#)
http://eum.co
End User Components

• Register
• Set Password
• Manage your profile
• Change your password
• Reset forgotten password

(#)
http://eum.co
Admin Components

• Delegated access for the business

owners and external users
• Search, add, edit, and import users and
groups
• Used by administrators to configure
the system
• General settings
• Open ID Connect and WS-Federation
• Email templates
• Office 365
• Azure AD B2B

(#)
http://eum.co
Branded Experience

• Maintain your corporate brand

throughout the entire user
experience
• Registration
• All end-user pages

(#)
http://eum.co
Delegated User Management

• Management of the Extranet

users is delegated to the business
• IT doesn’t need to manage
accounts
• Can also be delegated securely to
the external organizations
themselves

(#)
http://eum.co
Self-Registration
• Fully customizable registration
experience
• Self service profile page
• Fields can be added or removed
• Can be integrated into back-end
systems
• Customizable approval workflow
• Full Visual Studio source code
project provided

(#)
http://eum.co
Forgotten Password

• Request a password reset

by email
• Passwords themselves
are never sent through
email
• One-time use, time
expiring token sent

(#)
http://eum.co
Multi-Factor Authentication
• Second factor authentication
through a email or text message
• Configurable rules for triggering
• Also used for email revalidation

(#)
http://eum.co
Works with SharePoint 2010, 2013, 2016 and Office 365

• Does not need to be installed

on the SharePoint Server
• PowerShell script setups up the
trust
• Office 365 supported through
Azure B2B

(#)
http://eum.co
Adaptive Design

• Leverages the Bootstrap

framework
• All end-user pages adapt to
smartphone, tablet, or desktop
experiences

(#)
http://eum.co
Azure Hosted or On Premise

• Can be installed on an on premises

server
• SharePoint Server
• IIS Server
• Hosted in Azure
• Secure multi-tenant hosting
• Managed by Envision IT
• 7x24 monitoring and remediation

(#)
http://eum.co
Extranet User Manager
Demo

(#)
http://eum.co
Customer Case Study:
Associated Engineering

The Problem:
Associated Engineering work with multiple
external parties on projects of various sizes
They require efficient collaboration and
communication is key.
SharePoint on premises pilot quickly became
production
Lack of high-availability and disaster
recover became a significant risk.

(#)
http://eum.co
Customer Case Study:
Associated Engineering

The Results

External Partner Access through Azure AD B2B

Over 1,000 external users

High-Availability & Disaster Recovery in Office 365

Delegated User Management with Extranet User Manager

Project Site Creation Automation

(#)
http://eum.co
 (#)
http://eum.co
Extranet User Manager Overview
• Delegated management of
external users
• Self-registration, approval
workflows, profile, and password
management
• Search, add, edit, and import
users and groups
• Supports on premise and O365,
as well as custom and SaaS
applications

(#)
http://eum.co
Customer Case Study:
OACAS Member Portal

OACAS is the Ontario Association of Children's

Aid Societies
https://oacas.sharepoint.com

The Challenge:
• 8,000 members across 50+ member organizations
• Provincially funded training resources to be delivered
through SharePoint and Desire2Learn
• Previous portal limitations
• No search
• No CMS required web designers to update
• IT needed to manage infrastructure
• No single sign-on to D2L

(#)
http://eum.co
Customer Case Study:
OACAS Member Portal

OACAS is the Ontario Association of Children's

Aid Societies
https://oacas.sharepoint.com

The Results:
• Cloud hosted solution in Office 365 and D2L
• Auto-approval of most accounts on-boarded 500 new
users per day at peak
• SSO between Office 365 and D2L
• Responsive design for mobile support
• Licensing provided through Office 365 for Nonprofits

(#)
http://eum.co
Customer Case Study:
OntarioMD goes to the cloud with Extranet User Manager

OntarioMD is a government funded

Not-For-Profit for 14K Ontario physicians
www.ontariomd.ca

The Challenge:
• Needed a new corporate website and portal
• Reduce the cost of current hosting
• Easy to maintain site for 14,000 physicians and staff
• Seamless migration of content, functionality, and user accounts
• Hosted and managed solution

(#)
http://eum.co
http://eum.co
Before and After

• Previously on a 10 year old Oracle WCI platform

• OntarioMD was already an Office 365 customer
• Proposal was to leverage SharePoint Online as the Content
Management System
• Azure Web Apps used to host the public website and Extranet
www.ontariomd.ca

(#)
http://eum.co
Financial Result

• New operating costs LESS than the annual Oracle maintenance fees!
• Decommissioning of dedicated hosting environment
• OntarioMD infrastructure
• Azure Web App Licensing
• Two Standard S2 2 core 3.5 GB RAM servers
• Load balanced
• Patched and maintained by Microsoft
• $219.60 x 2 per month USD
• https://azure.microsoft.com/en-gb/services/app-service/web/
• Extranet User Manager Licensing
• Enterprise Edition - $1,070 USD / month

(#)
http://eum.co
Customer Case Study:
OntarioMD goes to the cloud with Extranet User Manager Solution

www.ontariomd.ca

(#)
http://eum.co
Summary

One to Few One to Many

• Documents or Folders • Associated Engineering

• Anonymous Links
• Specific People – One time use codes
emailed
• SharePoint permissions
• Sites
• SharePoint permissions
• Office 365 Groups
• Invite through Outlook
• Site provisioning
• Manage Azure B2B users through EUM
• Web part to show project team members
• OACAS
• Self-registration and auto-approval
• Single sign-on to Office 365 and DesireToLearn
• OntarioMD
• Content authoring and approval in Office 365
• Cost effective hosting in Azure
• Self-registration and delegated user management

(#)
http://eum.co
Wrap-Up Points

• There are a lot of different ways to share in Office 365

• OOTB works well for small groups and specific documents or sites
• Make sure you understand where to enable it, and where not to
• Governance is important
• To scale you need processes
• Site request form
• Provisioning of sites and permissions
• Consistent way to manage external users

(#)
http://eum.co