Internal site access in SharePoint is easily managed through group membership, while external access is managed using additional sharing controls. The decision of whether to allow external access is important in the context of managing security.

External access can be controlled at the organization (tenant) or site level, and by default, it is enabled organization-wide. Blocking sharing at the site collection level will prevent anyone, including site owners, from sharing content with users outside the Microsoft 365 tenant, while blocking sharing at the tenant level will prevent users administering any site collection from being shared.

When a user sends an invitation to access data, and when the recipient is external to the organization, SharePoint creates an Azure Business-to-Business (B2B) guest account in the home organization’s Azure AD. The external recipient will receive a sharing invitation email containing a link to complete their Azure account signup or provisioning. If you remember from Chapter 5, this process of accepting the invitation is also known as invitation redemption.

The permissions are displayed as two sliders in the SharePoint admin center, as shown in Figure 12.33:

Figure 12.33 – The SharePoint admin center sharing controls

It’s important to note that while the SharePoint and OneDrive for Business sliders can be managed independently, the OneDrive slider cannot be more permissive than the SharePoint slider.

Teams guest access

Teams also has guest and external access settings. Let’s look at each of those settings areas.

Guest access

Guest access controls how people outside your organization interact with teams and channels. Using the settings on the Guest access page, you can control the features guests can use:

Figure 12.34 – The Guest access page

The Guest access page can be accessed through the TAC under Users | Guest access. In addition to a general Allow guest access in Teams toggle, there are three feature areas that can be used to manage how guests use various parts of Teams:

• Calling: Under the Calling area, there is a single toggle, Make private calls, that controls whether guests have the ability to make PC-to-PC calls.
• Meeting: The Meeting area features three settings to manage how guests can use meetings:
  • IP video: This toggle controls whether guests can turn on their cameras in meetings.
  • Screen sharing mode: This toggle controls what level of sharing guests can use. The options are Entire screen, single application, or Not enabled.
  • Meet Now: The Meet Now toggle determines whether guests can start ad hoc meetings.
• Messaging: The options in this area control how guests can participate in 1xN chats as well as channel conversations:
  • Edit sent messages: Controls whether guests are able to edit messages after sending them.
  • Delete sent messages: Controls whether guests can delete messages after sending them.
  • Delete chat: Controls whether guests can delete 1:x conversations.
  • Chat: Determines whether guests can participate in a chat.
  • Giphy in conversations: Controls whether guests can have access to Giphy in conversations.
  • Giphy content rating: If this is enabled, this dropdown lets you select the content rating to allow or disallow GIFs. The available values are Allow all content, Strict, and Moderate.
  • Memes in conversations: This setting controls the use of memes in conversations.
  • Stickers in conversations: This setting manages the use of stickers in conversations.
  • Immersive reader for messages: This setting enables guests to toggle the immersive reader.