External file sharing is always a struggle to get right in Microsoft 365. Based on factors like company culture, industry and relationship to partner companies, there are a huge amount of variables that will influence the exact policy and controls that are required to tailor the relevant features.
I can’t stress enough how much setting this up right, as early as possible will save time in the long run. Providing a flexible, secure and scalable solution to external collaboration is a key factor to setting up any Office 365 tenant. Luckily, there are a myriad of features available in Office 365 to help provide the governance we need.
When we need to protect key specific information types we have Microsoft Information Protection and Data-Loss Prevention. When we need to protect Identity and Authorization, we have things like B2B, Identity Governance, Identity Protection and Conditional Access. The list goes on.
Each of these features (which mostly require licensing) are fantastic at meeting complex requirements but are not a replacement for a good baseline configuration of the toolset. One of the most important pieces of configuration we can get in place for our tenant with regards to file sharing and collaboration are the base sharing settings in the SharePoint Online Admin Center.
These settings control who we allow our users to share with, which users we allow to share externally and what controls apply to our guest users who are shared information.
A new addition to these controls is due in Jan 2021is the ability to set an admin level expiration on all OneDrive and SharePoint sharing links to Guests. This is a nice feature to have and will help to avoid perpetual access to externally shared data.
This setting will be disabled by default on roll-out so it is worth considering if it will fit into your configuration and planning communication to users.