VMware

Unlocking the Secrets of External Sharing in Microsoft Community Hub

External Sharing in Microsoft Teams: Understanding the Rules and Exceptions

As an administrator, managing external sharing in Microsoft Teams can be a daunting task, especially when it comes to understanding the rules and exceptions. In this blog post, we’ll delve into the details of external sharing, explore the different scenarios, and provide insights into how it all works.

New and Existing Guests

Let’s start with the basics. When you set your tenant to “New and existing guests” in the External Sharing settings in the SharePoint Admin Center, you’re allowing external users to access and edit files shared with them. But what about unknown external users? Can they still access and edit files? The answer is yes, but with some caveats.

Unknown External Users

When you share a file with an unknown external user, they won’t be able to download the file directly from Teams. However, if they have a Microsoft account and are signed in to the same Azure Active Directory (AAD) as your tenant, they can access and edit the shared file. This is because the file is stored in SharePoint Online, which uses AAD for authentication and authorization.

Guest Users

Now, let’s talk about Guest Users. When you share a file with a Guest User, they can access and edit the file, but they won’t be able to download it directly from Teams. However, if they have a Microsoft account and are signed in to the same AAD as your tenant, they can access and edit the shared file.

Exceptions to the Rules

There are some exceptions to the rules we’ve discussed so far. For instance, if you share a file with an external user who is not signed in to AAD, they won’t be able to access or edit the file, even if they have a Microsoft account. Additionally, if you share a file with an external user who is not a Guest User, they won’t be able to access or edit the file, period.

How it All Works

Now that we’ve covered the different scenarios and exceptions, let’s take a step back and look at how everything works together. When you share a file in Teams, it’s stored in SharePoint Online, which uses AAD for authentication and authorization. This means that only users who are signed in to AAD can access and edit the shared file.

If an external user is not signed in to AAD, they won’t be able to access or edit the shared file, even if they have a Microsoft account. However, if they are signed in to AAD and have been granted permission to access the file, they can view and edit the file.

Conclusion

Managing external sharing in Microsoft Teams can be complex, especially when it comes to understanding the rules and exceptions. By understanding how SharePoint Online and AAD work together, you can better manage external sharing and ensure that your files are secure and only accessible by authorized users.

Remember, when sharing files with external users, always consider the following:

1. Only share files with users who need access to them.

2. Use the correct permissions to control access to shared files.

3. Be aware of the exceptions to the rules we’ve discussed in this post.

By following these best practices and understanding how external sharing works, you can ensure that your files are secure and only accessible by authorized users.