Overview of Sharing in SharePoint 2013 and SharePoint OnlineGaurav Doshi and Mary DavidProgram Managers, SharePoint team

SPC183

Before we start..What will we cover in this talk?Talk – 1 hour

Demo – 30 minutesOverview of sharingExternal sharing Administrative controls

Technical deep dive - 30 minutesQ&A – 15 minutes

Feedback channelsTwitter handle: #spc183Evaluation on MySPC

Vision for Sharing in SharePoint 2013

Share easily Share responsibly

Share with anyone

Overview of Sharing UX

Demo

Overview of Sharing UX

Sharing is simpleSharing & Shared with dialogsNew people picker

No roadblocksAccess Requests

Sharing is always at your fingertipsSharePointOffice clientsOffice Web Apps

Recap - New Sharing UX

Sharing with external users

Demo

Sharing with external users

SharePoint Online OnlyExternal Access

Sites or documents can be shared with external users External users sign in using Microsoft Account or Office365 Account Once inside, external users are treated just like internal users

Guest LinksDocuments can be shared using Guest Links View or edit Guest LinksWhoever gets the link can access the contentDocuments will open in Office Web Apps

Recap - Sharing with external users

Management of External Sharing

Demo

Management of External Sharing

Mary David

Administrative controlsOffice 365 Enterprise3 options to configure Guest Links & External Access

Switch at company level, separate switch for each site collection & My Sites

DefaultsBoth Guest Links and External Access ON at company levelON for pre-created site collections (My Sites, Team Site, Public)Newly created site collections have External Sharing OFF

Office 365 Small business1 switch for both Guest Links & External Access

Switch at company level – no separate switch per site collection

DefaultsGuest Links & External Access ON at company level

Office 365 Enterprise OnlyReporting: Enumerate/Search external users

Get-SPOExternalUser -PageSize 10

Delete external usersRemove-SPOExternalUser -UniqueIDs@(“10037FFE801@live.com”)

Administrative controls with PowerShell

Technical Deep Dive

Sharing basicsNew People PickerSite sharingDocument & Folder sharing

Access requestsExternal Sharing

External Access & InvitationsGuest Links

Sharing Web ServiceSharing with “Everyone”

Technical deep dive

New people picker

Auto-fill control:Suggestions as you type

A client side cache of recent names(minimum 1 character to search; prefix matching on first/last/email)

Query results from claim providers(minimum 3 characters to search; prefix matching on first/last/email)

Emails addresses accepted when external sharing enabled

Very easy to add to a pageNo check name/address book functionalityConfigurability

Old people picker configurations still supported (ex. Site members only)New configurability around UI (ex. Caching)Old people picker still around and supported

DefaultsEdit permissions via “Site Members” group

Picking a different permissionOnly groups are presented under “Show options”First group/default = SPWeb.AssociatedMemberGroupOther groups are alphabetically listed

Permission inheritancePermission inheritance is not broken If a SPWeb inherits permissions, new users will be added to first uniquely permissioned parent scope

Site sharing

Edit/View Choice

Permission inheritance

Folder sharing – Just like document sharing

Document & folder sharing

Break inheritance

Copy permissions/groups from Site to

Document

Grant permissions to recipient on the

document

Send email notification to

recipient

Does recipient already has

permissions?

Yes

No

Edit/View map to two SPWeb properties(Default is edit)

StandardReaderRoleDefinitionId

StandardEditorRoleDefinitionId

Two scenariosUser without permissions requests for permissionsUser without “Manage Permissions” shares with new users

How to enable itOutgoing email setting at Farm level“Access request email” setting at web

Access Request ListExists in every uniquely permissioned web Stores every access request & invitation as a list itemOnly users in Associated Owners group can access the list Recipients are notified only after Owners approve

Access Requests

Access denied

Access Requests (cont.)

User gets Access Denied

Requests access

Sharing without “Manage Permissions”User shares a

site with a recipient who doesn’t have

access

Access request created

Admin notified of pending access

request by email

Approves access request

from access request

list

User is notified by email with a link to

the resource

SharePoint Online onlyWho can invite?

Only users with “Manage Permissions” can invite external users

Invitation redemption First redeemer gets accessHistory of redemptions maintained in the Access Request List

AccessIf a document is shared – Access is limited to document onlyIf a site is shared – Access is limited to everything within site

External Access & Invitations

How does it work?

Security validationsCheck if External Access is enabledCheck if invitation is validCheck if redeemer is the same

Features blocked for authenticated guestsSkyDrive Pro, Newsfeed, Following, Sites hub, Site Mailbox

External Access & Invitations (cont.)

External user invited

This creates invitation in

Access Request List

Invitation email sent to

guest with invitation URL

Guest clicks URL.

Verification of validity of

invitation and if external access is enabled.

Guest signs in with Microsoft

Account or Office 365 Account.

Verification of redeemer.

Guest added to SharePoint

Online Directory

Service & to site collection

Guest gets permissions on the object

& is redirected to it

SharePoint Online OnlyWho can create Guest Links?

Only users with “Manage Permissions” on a file can invite users to it via a Guest Link

Guest Link redemptionWhoever gets the link can access the contentOffice documents open in Office Web Apps, other files trigger download

AccessGuests get View or Edit access only to the document shared

Guest Links

How does it work?

Security validationsCheck if Guest Links are enabledCheck if the link is a valid link

Site secretDoes the document exist?

Check if this link has been disabled

Guest Links (cont.)

User shares a document using Edit or View link

Hidden user created and

granted permissions on the document.

Inheritance broken.

Guest receives email with Guest Link.

Clicks on the link.

Verification:Are Guest Links enabled? Is this

a valid link? Does the document

exist?

User impersonates

the hidden user and is

redirected to the document in

web apps.

Web service to share from Office client & appsAllows web service access to…

Share documents with internal usersInvite authenticated guests to documentsCreate Guest LinksGet permissions on a document

LimitationsPrimarily designed for SkyDrive Pro

Limited functionality for team site documentsOnly supported if the user has “Manage Permissions” permission

Sharing web service

Two special “everyone” claims“Everyone”

New name for “All authenticated users”Available in SharePoint as well as SharePoint OnlineMaps to “All authenticated users in the tenancy, including external users” in SharePoint Online

“Everyone except external users”Available in SharePoint Online only

“Shared with Everyone” folder in SkyDrive Pro

SharePoint: “Everyone” has access to this folderSharePoint Online: “Everyone except external users” has access to this folder

No customizations available

Sharing with “Everyone”

RecapShare easily

Share responsibly

Sharing & Shared with dialog, people pickerNo roadblocks with access requests

External Access & Guest LinksSharePoint Online only

Administrator controlsPowerShell (Office365 Enterprise)

Share with anyone

Q&A

Ask the ExpertsWednesday, Nov 14 6:15 - 8:15PM Bayside C

SPC216 Best Practices for Configuring SharePoint Online and Office 365 Identities

Thursday, Nov 15 9:00AM - 10:15AM Lagoon ABGHSPC105 Getting the Most out of SharePoint Online for Small Businesses & Professionals

Tuesday, Nov 13 9:00 – 10:15AM Lagoon CDIJ

Related sessions

Evaluate this session now on MySPC using your laptop or mobile device: http://myspc.sharepointconference.com

MySPC

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Appendix

Three ways to get Shared with dialog

Share with everyone

Share a document

Share from Office Client or Web Apps

Access Requests

InheritanceContoso Team Site Owners

Contoso Team Site Members

Contoso Team Site Viewers

Inherits permissions from site

Sharing a fileContoso Team Site Owners

Contoso Team Site Members

Contoso Team Site Viewers

1. Breaks inheritance2. Copies the 3 site groups3. Adds the people you share the file with

Inherits permissions from site

Why you should use groups…Contoso Team Site Owners

Contoso Team Site Members

Contoso Team Site Viewers

1. Share a file, which breaks inheritance2. Add someone directly to the site3. They don’t have access to the file

Inherits permissions from site