For quite some time, SharePoint Online has been the easiest way share data securely folks partners from other companies. For anyone unfortunate enough to have attempted this on-premises there are no firewall ports to open, no custom member and role providers or custom claim augmentation services to tear your hair out with. Sharing with external folks just works.
Until now I’ve always had just a little bit of consternation around the fact that if I enabled Sharing outside my company anyone with sharing rights can share with anyone they like. As an example, a contractor on your team can share with their personal gmail account or any other account they choose so long as it is associated with a Microsoft Account or a Work and School Account.
Recently 2 additional options have appeared (not in all my tenants so still rolling out)
- Allow sharing only with the external users that already exist in my organizations directory. This option leverages Azure B2B when as an admin, you can preload authorized external users into your Azure Active Directory. The big advantage here is that they are using a federated sign-in. So if their company terminates them, they can no longer sign into your site as well.
- Limit external sharing by domain. This enables on a site collection by site collection basis to control who this data can be shared with. For example if i have a site for collaboration with Microsoft i can enable sharing to only take place with Microsoft on this site collection. This prevents users from accidentally inviting someone who shouldn’t have access to the site.
Really excited about this innovation and with it, the ability to prevent a whole class of accidental data leaks