SharePoint External Sharing Best Practices
Are you looking to share some of you content in SharePoint with external users? It is definitely doable right out of the box, but in all honesty, way too confusing in current version of SharePoint (2013) to do it right. There are too many settings to configure, lots of ways to share content (entire sites, folders or individual files) and various levels of authentication (from requiring external users to sign in to anonymous guests viewing your shared files). All of this creates confusion for those who setup security and those who need to access the content externally. I have been doing this for a while and I will be honest – it is a headache! Microsoft promised to simplify SharePoint external sharing in the next version of SharePoint (2016), but for now we will have to deal with it. Here are some best practices/things you will need to keep in mind when setting up SharePoint external sharing.
SharePoint External Sharing best practices
Best Practice # 1: Consider putting all your sites that are meant for external sharing in a separate site collection
For example, by default, you get 1 site collection with SharePoint called “yourcompany.sharepoint.com”. Don’t put your external sharing sites there. That site collection is meant for your internal stuff, like department or project sites. Instead, create another site collection called “yourcompany.sharepoint.com/sites/external”. This way you can shut off external sharing altogether for the first “Internal” site collection and prevent an “oops” moment when your users accidentally share an internal department site externally. To learn more about site collections, check out my other 2 blog posts:
Best Practice # 2: Resist the urge to share content by individual files or folders
I know what you are thinking. You want it to work just like DropBox. But SharePoint is no DropBox. In SharePoint, the best practice is to share at the site level. Yes, there might be situations when special cases and are required. However, keep in mind that every time you share files individually, you stop inheriting permissions from the parent site or document library. With lots of those “unique” permissions – it will have a hit on SharePoint performance. Not to mention from administrative/management standpoint – you will have hundreds or potentially thousands of files – all with separate permissions. Good luck figuring out who has access to what in your SharePoint environment. An administrative nightmare.
Best Practice # 3: Disable anonymous sharing
Will you ever hand your wallet to the person who you don’t know or have never seen in your life? If you want to share a document with the whole world and have no idea who clicked on it or viewed it – there is a place for that – your public website. Everything else belongs in SharePoint. At the end of the day, you need to be in control of your documents. If you allow anonymous sharing of documents, you will have no way of knowing who accessed it. With authentication, you can see who has access to what and adjust their security or access at any time.
Best Practice # 4: Test and Monitor regularly
I can’t stress this enough. Anytime you set up security or in our case external sharing, test it first. Share it with a test external user, login as a test user and see what content you have access to. Adjust permissions privileges accordingly. Don’t overshare. Likewise, monitor the content regularly and disable external sharing to the content you no longer need to share. I am repeating myself, but at the end of the day, you want to be in control of your data. It is your intellectual property, so guard it as if you would your company’s other assets.