The ability for authorized users to collaborate and share files and folders in M365 has been extended to participants external to Michigan Medicine.  One of the access permission options for a file or folder in OneDrive and SharePoint is through the creation and use of Sharing Links. Sharing Links are used for situations when you want to grant access to a given file or folder to people who do not otherwise have direct access to the content. 

Create a link for secured sharing.

To secure your content and get a link that only works for the people you invite (internal or external), follow the steps below...

1, Open OneDrive or the SharePoint site that contains content you want to share.

2. From OneDrive or SharePoint, go to the document library where you want to share files.

3. Pick the file or folder you want to share by moving your cursor over the name of the file or folder and clicking the circle selector that appears to the left of the item's name.

4. Select Share at the top of the page. Then click the gear icon to open the Sharing settings window.

5. From Sharing settings, select People you choose.

Note: The Anyone sharing option is not supported and has been restricted for use in our Michigan Medicine tenant.

6. Once you have set all your sharing settings and permissions, select Apply to close the Sharing settings window.

7. In the Name, group or email field, start typing the email addresses (internal or external) of people you want to share with. Include a message below the Name, group or email field, if you want.

8. Select Send.

An external recipient of the sharing link will then need to verify their identity before they can view or edit the content.

External recipient doesn't have a Microsoft account.

The external recipients won't need a Microsoft account. To access the content, both OneDrive and SharePoint will send a one-time verification passcode to the external user's email address to verify their identity. After they receive the code, they enter it into the verification screen to open the file. The content is secured and the link won't work if it's forwarded to others – it only works for people you specified when you shared. 

External recipients can select the "Keep me signed in" option on the verification screen. Selecting the option, allows the verified link recipient to access the shared content for 7 days without re-entering a verification code.  After the 7th day, a new verification code will be required.

Expiration for External Participants

External participant access expires after 90 days.  This is a Michigan Medicine tenant level setting. Once external participants reach their assigned expiration date, they'll lose access to the shared content.  You can extend external participant access prior to the expiration date or re-invite the user again, if their access has expired.

Extend access for an external participant.

When an external participant is nearing expiration, you can renew their access. Their access will be extended for the number of days that your administrator has configured.

1. On the site, click Settings, and then select Site permissions.
2. Under Guest Expiration, select Manage.
3. On the Access Expiration page, select the user that you want to extend and select Extend.

    

   
4. On the confirmation dialog box, select Yes, extend.

Sensitive Content and Data Loss Prevention (DLP)

Attempts to share sensitive documents with external users is not allowed.

OneDrive / SharePoint Online

In OneDrive for Business and SharePoint Online, as a user you may share files and documents with internal and external users. However, based on our organizational settings you might violate corporate policy with the resulting action being a notification or blocking of your documents / files from being shared.

In some cases, Michigan Medicine administrators have set policies that will block you from sharing a file containing sensitive content, in such a case you will get a message stating that the file can't be shared and a "No entry" sign presented.