Hey everyone,
I've done some digging into external access on SharePoint and, to be honest, the consensus is pretty clear: it's usually a bad idea due to security and user management issues. But my boss still wants me to find a way to make it work, despite my concerns.
Our company uses SharePoint for various projects, and while internally everything's fine, there's a need to share some data with external partners. I found out that while we can't share entire sites with outsiders, it is possible to share folders within those sites. Previously, settings were pretty much open, but the IT team tightened things up when they found out.
Here are some potential solutions I've come across so far:
1. **Best option:** Just avoid external access entirely and use a third-party service like Dropbox or Google Drive. Some folks are already using Box, but I hear we're running into user limits and storage caps.
2. **Easiest (but definitely not my recommendation):** Allow external sharing across all SharePoint sites and hope users don't share sensitive info, which seems risky.
3. **Create a dedicated external sharing site:** This could work if we set it up right and migrate current access over.
4. **Set up guest accounts for all external users:** This might lead to chaos with management and cleanup since we wouldn't be notified of changes when employees leave. It sounds like a nightmare for ongoing maintenance!
Honestly, I'd prefer to propose a strict no-external-access policy to keep everything secure. Before any changes, I plan to inform senior management about the risks, so I can say I warned them if anything goes wrong later.
I'd really appreciate hearing from anyone who has navigated this challenging landscape and your thoughts on effective strategies to implement such changes.
5 Answers
Honestly, why complicate things? If you're already planning to set up an external service, you can use SharePoint for the same function without the added hassle. Just create a dedicated site for external sharing and go with solution #2. It keeps everything in one place!
If a project needs external access, make sure you mark that specific site for it. Otherwise, keep the remaining sites off-limits. This keeps things contained and minimizes risk.
I recommend only allowing external sharing on specific sites needed for projects and using guest accounts for added security. This helps you control what’s visible to outsiders. You might also consider converting those external-facing sites into 365 groups for easier permission management. That way, you'll keep the external access neatly organized!
I prefer to keep external sharing very limited. For specific projects, I create guest accounts and set password protection and expirations for access to keep things secure. It makes management more straightforward since access can be controlled tightly.
The challenge here really hinges on your company's sharing needs. While alternatives exist, they won’t necessarily stop potential data leaks. If sticking with SharePoint, opt for guest access only, enforce multi-factor authentication for guests, and restrict guest invitations to IT approval. You can also use access reviews to keep track of who has access and ensure no stale accounts are lingering around.
Totally agree! We have a script that checks for any permission mishaps regularly, just to avoid issues. It's crucial to limit sharing to avoid problems down the line.