define your office 365 external sharing strategy · 4/24/2018 · define your office 365 external...
Post on 09-Jun-2020
3 Views
Preview:
TRANSCRIPT
(#)http://eum.co
Define Your Office 365 External Sharing Strategy
Tuesday, April 24, 2018
12:00 - 1:00 PM
(#)http://eum.co
• President, Extranet User Manager and Envision IT
• SharePoint MVP
• Partner Seller, Microsoft Canada
• peter.carson@extranetusermanager.com
• http://blog.petercarson.ca
• www.extranetusermanager.com
• Twitter @carsonpeter
• VP Toronto SharePoint User Group
Peter Carson
(#)http://eum.co
Sales
• e: logan.guest@extranetusermanager.com
• p: (647) 265-8256
Logan Guest
(#)http://eum.co
Agenda
Introductions
Extranet Considerations
Office 365 External Sharing OOTB
Administering External Sharing
Extranet User Manager Features
Demo and Customer Scenarios
Wrap Up and Q&A
(#)http://eum.co
Private by default
(#)http://eum.co
Office 365 Groups
Matt Wade - http://icansharepoint.com/everyday-guide-office-365-groups/
(#)http://eum.co
What is an Extranet
• An extranet is a website that is accessible to
users outside of the corporate network, which
allows organizations to share information and
collaborate with their customers, partners,
and/or vendors in a secure and easy-to-use
environment
• It may be delivered in a number of ways:
• As an extension of the public website
• As a secure portion of the corporate intranet
• As a standalone extranet
http://eum.co
(#)http://eum.co
Styles of Extranets
One to Few
• Collaborative
• SharePoint Online (Office 365) or on premises
• Typically invitation only
• Collaborating on documents
• File upload and download
• Editing
• Various file types
• Often project focused
One to Many
• Publishing
• Secure website
• May also have a public (anonymous) section
• Self-registration is common
• One way push of private content out
• Limited feedback
• Like and comment
• File upload
• Profile management
(#)http://eum.co
1. Who will be accessing the extranet? Is there a member database to interface with?
• Members
• Customers
• Vendors
• Suppliers
• Volunteers
Five Considerations for your Extranet
• Board of Directors
• Citizens
• Researchers
• Tenants
• Partners
(#)http://eum.co
1. Who will be accessing the extranet? Is there a member database to interface with?
2. Self-registration option or invitation only? Who approves new registrations?
Invitation Only
• Smaller, known set of users
• Managed centrally or delegated
Self Registration
• Onboarding hundreds or thousands of external users
• Approval workflows
• Auto-approvals
• Delegation
Five Considerations for your Extranet
(#)http://eum.co
1. Who will be accessing the extranet? Is there a member database to interface with?
2. Self-registration option or invitation only? Who approves new registrations?
3. How will your extranet users authenticate?
• Email and password
• Self-service password reset
• Office 365 / Azure AD
• Microsoft Account
Five Considerations for your Extranet
(#)http://eum.co
1. Who will be accessing the extranet? Is there a member database to interface with?
2. Self-registration option or invitation only? Who approves new registrations?
3. How will your extranet users authenticate?
4. What interactions are your external users going to have?
• Accessing published content
• Collaborating on specific documents
• Accessing team or project sites
• Becoming full-fledged members of Office 365 Groups
Five Considerations for your Extranet
(#)http://eum.co
1. Who will be accessing the extranet? Is there a member database to interface with?
2. Self-registration option or invitation only? Who approves new registrations?
3. How will your extranet users authenticate?
4. What interactions are your external users going to have?
5. What applications will be accessible?
• Office 365 - SharePoint Online, OneDrive for Business
• Office 365 Groups – Teams, Planner, Yammer
• Other Office 365 Apps - Power BI, Stream, PowerApps, Flow
• SharePoint On Premises
• Third Party SaaS Applications
• Custom Applications – On Premise or Cloud
Five Considerations for your Extranet
(#)http://eum.co
1. Who will be accessing the extranet?
2. Self-registration option or invitation only?
3. How will your extranet users authenticate?
4. What interactions are your external users going to have?
5. What applications will be accessible?
• Any type of external user
• Invitation only
• Office 365 / Azure AD, Microsoft Account
• Any interactions
• Office 365 only
Office 365 External Sharing OOTB
(#)http://eum.co
Ignite – Office 365 External Sharing
https://myignite.microsoft.com/sessions/53864
(#)http://eum.co
Scenario: simple external sharing
Make it easy for themDon’t make them sign-in
Don’t make them create an account
Let them forward it to whoever they want
Sales materials Sales materials
(#)http://eum.co
Shareable Links
• Link works for anyone who has it
• Can be read-only or editable
• Can set an expiration date
• Recipients decide who else gets access
• Guaranteed to open for anyone who receives it, on any device
• Share with anyone easily via email, chat, social, etc. No frustrating errors or sign-in/up
(#)http://eum.co
(#)http://eum.co
Notification of anonymous link creation
• Protect your stuff by knowing when it’s been shared
• See what was shared
• Remove access if desired
(#)http://eum.co
Link for Only People in Your Organization
• Transferrable, revocable secret key
• Added security: users must also be signed in to the organization
• Allows recipients to forward within your organization
• Blocks external people from accessing
(#)http://eum.co
(#)http://eum.co
Scenario: Secure External Sharing
• I want an external partner to review my secret document
(#)http://eum.co
How to:
• Send a link that works for only specific people
• A non-transferable, revocable secret key
• Users must prove they’re the intended recipient
• Internal users and guest users must be signed in to their existing account
• External users verify with a one-time passcode
(#)http://eum.co
(#)http://eum.co
(#)http://eum.co
External Sharing at the Site Level
• Invite external users or groups at the site, list, or library level
• Managed through regular SharePoint permissions
• External users need to sign in
(#)http://eum.co
Sign-in Experiences
User Type Experience
Existing Office 365 or Azure AD user Logs in with their Azure AD credentials to accept the invitation
Business email not in Azure AD Azure AD tenant is created behind the scenesUser creates a passwordCan provide their name and countryAzure AD manages the password reset requirementsTenant can be converted to a fully managed Azure AD tenant later
Consumer email (Gmail, Hotmail, etc.) Account is converted to a Microsoft account in the background
(#)http://eum.co
Admin controls for external sharing
(#)http://eum.co
Control WHO can share to external users
• Everyone
• Only specific people
• No one
Control WHICH external users can be shared with
• Anyone
• Only authenticated users
• Only authenticated users except specific domains
• Only authenticated users in specific domains
• No one
Control WHAT can be shared externally
• Anything
• Only specific sites
• Only files without sensitive content
Control HOW externally shareable links can be used
• Default
• Enabled, but not default
• Mandatory expiration date
• Block externally-shareable edit links
• Disabled
Managing external sharing
(#)http://eum.co
Four Places to Configure External Sharing
Office 365 AdminSharePoint Admin
Site Collection AdminPowerShell
(#)http://eum.co
Office 365 Groupsand
External Sharing
(#)http://eum.co
Office 365 Groups
Matt Wade - http://icansharepoint.com/everyday-guide-office-365-groups/
(#)http://eum.co
External users in Office 365 Groups
• Receive mails sent to the Group email address
• Have access to the Group’s files and folders in OneDrive
• Have access to the Group’s site in SharePoint
• Participate in team chat in Teams
(#)http://eum.co
Adding External Users to Groups
(#)http://eum.co
Styles of Extranets
One to Few
• Collaborative
• SharePoint Online (Office 365) or on premises
• Typically invitation only
• Collaborating on documents
• File upload and download
• Editing
• Various file types
• Often project focused
One to Many
• Publishing
• Secure website
• May also have a public (anonymous) section
• Self-registration is common
• One way push of private content out
• Limited feedback
• Like and comment
• File upload
• Profile management
(#)http://eum.co
Extranet User Manager Features
(#)http://eum.co
• Register
• Set Password
• Manage your profile
• Change your password
• Reset forgotten password
End User Components
(#)http://eum.co
• Delegated access for the business owners and external users
• Search, add, edit, and import users and groups
• Used by administrators to configure the system
• General settings
• Open ID Connect and WS-Federation
• Email templates
• Office 365
• Azure AD B2B
Admin Components
(#)http://eum.co
Branded Experience
• Maintain your corporate brand throughout the entire user experience• Registration• All end-user pages
(#)http://eum.co
Delegated User Management
• Management of the Extranet users is delegated to the business
• IT doesn’t need to manage accounts
• Can also be delegated securely to the external organizations themselves
(#)http://eum.co
Self-Registration
• Fully customizable registration experience
• Self service profile page• Fields can be added or removed• Can be integrated into back-end
systems• Customizable approval workflow• Full Visual Studio source code
project provided
(#)http://eum.co
Forgotten Password
• Request a password reset by email
• Passwords themselves are never sent through email• One-time use, time
expiring token sent
(#)http://eum.co
Multi-Factor Authentication
• Second factor authentication through a email or text message
• Configurable rules for triggering• Also used for email revalidation
(#)http://eum.co
Works with SharePoint 2010, 2013, 2016 and Office 365
• Does not need to be installed on the SharePoint Server
• PowerShell script setups up the trust
• Office 365 supported through Azure B2B
(#)http://eum.co
Adaptive Design
• Leverages the Bootstrap framework
• All end-user pages adapt to smartphone, tablet, or desktop experiences
(#)http://eum.co
Azure Hosted or On Premise
• Can be installed on an on premises server• SharePoint Server• IIS Server
• Hosted in Azure• Secure multi-tenant hosting• Managed by Envision IT• 7x24 monitoring and remediation
(#)http://eum.co
Extranet User Manager Demo
(#)http://eum.co
Customer Case Study: Associated Engineering
The Problem:
Associated Engineering work with multiple
external parties on projects of various sizes
They require efficient collaboration and
communication is key.
SharePoint on premises pilot quickly became
production
Lack of high-availability and disaster
recover became a significant risk.
(#)http://eum.co
Customer Case Study: Associated Engineering
The Results
External Partner Access through Azure AD B2B
Over 1,000 external users
High-Availability & Disaster Recovery in Office 365
Delegated User Management with Extranet User Manager
Project Site Creation Automation
(#)http://eum.co
(#)http://eum.co
Extranet User Manager Overview
• Delegated management of external users
• Self-registration, approval workflows, profile, and password management
• Search, add, edit, and import users and groups
• Supports on premise and O365, as well as custom and SaaS applications
(#)http://eum.co
Customer Case Study: OACAS Member Portal
OACAS is the Ontario Association of Children's
Aid Societies
https://oacas.sharepoint.com
The Challenge:
• 8,000 members across 50+ member organizations
• Provincially funded training resources to be delivered through SharePoint and Desire2Learn
• Previous portal limitations
• No search
• No CMS required web designers to update
• IT needed to manage infrastructure
• No single sign-on to D2L
http://eum.co
(#)http://eum.co
Customer Case Study: OACAS Member Portal
OACAS is the Ontario Association of Children's
Aid Societies
https://oacas.sharepoint.com
The Results:
• Cloud hosted solution in Office 365 and D2L
• Auto-approval of most accounts on-boarded 500 new users per day at peak
• SSO between Office 365 and D2L
• Responsive design for mobile support
• Licensing provided through Office 365 for Nonprofits
http://eum.co
(#)http://eum.co
Customer Case Study: OntarioMD goes to the cloud with Extranet User Manager
OntarioMD is a government funded
Not-For-Profit for 14K Ontario physicians
www.ontariomd.ca
The Challenge:
• Needed a new corporate website and portal
• Reduce the cost of current hosting
• Easy to maintain site for 14,000 physicians and staff
• Seamless migration of content, functionality, and user accounts
• Hosted and managed solution
http://eum.co
(#)http://eum.co
Before and After
• Previously on a 10 year old Oracle WCI platform
• OntarioMD was already an Office 365 customer
• Proposal was to leverage SharePoint Online as the Content Management System
• Azure Web Apps used to host the public website and Extranet
www.ontariomd.ca
(#)http://eum.co
Financial Result
• New operating costs LESS than the annual Oracle maintenance fees!
• Decommissioning of dedicated hosting environment
• OntarioMD infrastructure
• Azure Web App Licensing
• Two Standard S2 2 core 3.5 GB RAM servers
• Load balanced
• Patched and maintained by Microsoft
• $219.60 x 2 per month USD
• https://azure.microsoft.com/en-gb/services/app-service/web/
• Extranet User Manager Licensing
• Enterprise Edition - $1,070 USD / month
(#)http://eum.co
Customer Case Study: OntarioMD goes to the cloud with Extranet User Manager Solution
www.ontariomd.ca
(#)http://eum.co
Summary
One to Few
• Documents or Folders
• Anonymous Links
• Specific People – One time use codes emailed
• SharePoint permissions
• Sites
• SharePoint permissions
• Office 365 Groups
• Invite through Outlook
One to Many
• Associated Engineering
• Site provisioning
• Manage Azure B2B users through EUM
• Web part to show project team members
• OACAS
• Self-registration and auto-approval
• Single sign-on to Office 365 and DesireToLearn
• OntarioMD
• Content authoring and approval in Office 365
• Cost effective hosting in Azure
• Self-registration and delegated user management
(#)http://eum.co
Wrap-Up Points
• There are a lot of different ways to share in Office 365
• OOTB works well for small groups and specific documents or sites
• Make sure you understand where to enable it, and where not to
• Governance is important
• To scale you need processes
• Site request form
• Provisioning of sites and permissions
• Consistent way to manage external users
top related