The ability for authorized users to collaborate and share files and folders in M365 has been extended to participants external to Michigan Medicine.  One of the access permission options for files and folders within OneDrive and SharePoint is through the creation and use of Shareable Links. Shareable Links are used for situations when you want to grant access to a given file or folder to people who do not otherwise have direct access to the content. 

Create a link for secured sharing.

To secure your content and get a link that only works for the people you invite (internal or external), follow the steps below...

1, Open OneDrive or the SharePoint site that contains content you want to share.

2. From OneDrive or SharePoint, go to the document library where you want to share files.

3. Pick the file or folder you want to share by moving your cursor over the name of the file or folder and clicking the circle selector that appears to the left of the item's name.

4. Select Share at the top of the page. Then click the gear icon to open the Sharing settings window.

5. From Sharing settings, select People you choose.

Note: The Anyone sharing option is not supported and has been restricted for use in our Michigan Medicine tenant.

6. Once you have set all your sharing settings and permissions, select Apply to close the Sharing settings window.

7. In the Name, group or email field, start typing the email addresses (internal or external) of people you want to share with. Include a message below the Name, group or email field, if you want.

8. Select Send.

An external recipient of the sharing link will then need to verify their identity before they can view or edit the content.

External recipient doesn't have a Microsoft account.

The external recipients won't need a Microsoft account. To access the content, both OneDrive and SharePoint will send a one-time verification passcode to the external user's email address to verify their identity. After they receive the code, they enter it into the verification screen to open the file. The content is secured, and the link won't work if it's forwarded to others – it only works for people you specified when you shared. 

External recipients can select the "Keep me signed in" option on the verification screen. Selecting the option, allows the verified link recipient to access the shared content for 7 days without re-entering a verification code.  After the 7th day, a new verification code will be required.

Expiration for External Users

External user access expires after 90 days.  This is a Michigan Medicine tenant level setting. Once external users reach their assigned expiration date, they'll lose access to the shared content.  The external user's access can be extended prior to their expiration date, or they can be re-invited if their access has expired.

Note: The Site Collection Administration role is required to extend external user access and receive expiration notifications. The role can be assigned to authorized site owners, upon request.

How to Extend Access for External Users

When an external user is nearing expiration, Site Collection Admins will receive an email notification with details about the accounts that will lose access to the SharePoint items within the site they manage.

Use the following steps below to extend expiring external user access:

• Select Manage access from the email received – This will navigate you to the SharePoint Site

• Alternatively, you could navigate directly to the SharePoint Site and select Manage located on the top banner of the site.

• Or, from the gear icon (site settings), select Site Permissions.  Then, from the Permissions window, select Manage (under Guest Expiration)

• Once on the Access Expiration page, select the external user(s) that you want to extend and select Extend.
  You can also extend users in bulk by selecting all users

On the confirmation dialog box, select Yes, extend.

Sensitive Content and Data Loss Prevention (DLP)

Attempts to share sensitive documents with external users is not allowed.

OneDrive / SharePoint Online

In OneDrive for Business and SharePoint Online, as a user you may share files and documents with internal and external users. However, based on our organizational settings you might violate corporate policy with the resulting action being a notification or blocking of your documents / files from being shared.

In some cases, Michigan Medicine administrators have set policies that will block you from sharing a file containing sensitive content, in such a case you will get a message stating that the file can't be shared and a "No entry" sign presented.