Long story short, I had an acquired company that needed to access a Team (in Microsoft Teams) before we have that acquired company moved into our Office 365 tenant and before we have AD accounts for those individuals in our domain.
So we had a few options, we could create AD accounts for all those folks at the acquired company that would need to access teams or we could let them use their existing Office365 credentials to access our tenant. Due to the fact that we’re going to be moving their email and all of their Office365 content into our tenant in the next few months as well as the technical abilities of these individuals we decided it would be easier for them to get “Guest” access in teams and use their existing Office365 credentials on their legacy tenant/domain.
My team went to work on testing the access between someone on our tenant and someone on the acquired company’s tenant and we found it was super easy to enable Guest access in Teams, add the external (guest) users to the team, and for them to see the team. The problem was that once they were able to see the team, they had an error saying they didn’t have access when they click on the “Files” in the team. So my team did what every IT team does, they scoured the internet for other folks with the same issue and poked around in all the million places in an Office 365 admin portal where permissions for something like this would likely be. Unfortunately after way too many hours of digging they couldn’t find anything that pointed us in the right direction. Until… we click on the “Open in SharePoint” link from one of our teams accounts and tried that same link on the acquired company’s account. When we did that, we received a wonderful error that told us exactly where the issue was:
When we saw this we jumped for joy because this told us the real problem which was “External sharing is disabled” in SharePoint. We figured there must be a TechNet article that would help us resolve quickly.
Unfortunately, the first site we found didn’t help. It directed us to the Office 365 admin portal -> settings -> services & add-ins -> Sites. On this page there is a toggle to “Let users share SharePoint Online and OneDrive for Business content with people outside the organization”. We turned that on , selected “New and existing external users” from the list of “users can share with” and hit save. but the page threw an error and it wouldn’t save. So we tried all the other options and none of them would let us save. Thanks a lot Microsoft, well tested tool you have there.
From there we figured there must be a legacy SharePoint admin portal page that would let us do the same thing, that would stinking work.
So we went to Sharepoint admin center -> Sharing.
On that page there is a section for “sharing outside your organization”. All we had to do was select “Allow users to invite and share with authenticated external users” (see screenshot below) and hit OK at the bottom of the page. Logged the acquired company user out of office 365, logged them back in, and magically they could see all the files no problem.
But we couldn’t stop there. Obviously there are some major security concerns with that option so we went back to that same SharePoint admin center page and further down on the page you can limit external sharing to specific domains. We put in all the domains for our recent acquisitions (see screenshot below), checked the box to limit sharing with those domains, and clicked on the “Prevent external users from sharing files, folders, and sites that they don’t own” and “External users must accept sharing invitations using the same account that the invitations were sent to” checkboxes to ensure we had some basic security to prevent abuse. (see screenshot below)
That was all there was to fixing this issue for us.
As usual, feel free to steal this fix and post it on your own site but please be respectful and at least link back here as a reference.