Skip to main content

Sharing files with external stakeholders

Dale
Updated

Dietitians Australia uses Microsoft's SharePoint cloud storage service to share files across the organisation – the obvious Data and Management shares we use there are strictly 'internal'. We cannot share any files or folders in those locations with anyone who is not a Dietitians Australia licensed Microsoft account holder with permission to access those SharePoint sites.

When we share content internally via links, files are usually in the Data share and all colleagues with a DA-Microsoft login have access, so permissions aren't usually an issue.

For externally sharing files too big for email, or sharing a whole folder of files, or sharing files for online collaboration, we have a separate site:

Click here for the DA External site


Data should only be shared externally with trusted parties.

After granting share permissions, we have no control over what people do with our files.

Here's a summary of what you need to know about our External share...

  • This article empowers colleagues to manage their own External folders, files, and permissions.
  • Files uploaded to the External share are not linked to DA's Data or Management SharePoint sites.
  • Edits made to files in the External share are only made in those copies of the files.
  • External sharing automatically includes all DA colleagues, it is not restricted within DA.
  • SharePoint no longer allows broad external sharing using a single link that works for all parties.
  • Sharing permission is granted on an individual basis using a list of email addresses.
  • Those invited to a share will need to click a button in an email and verify their address to get access.
  • Permission can be view only, with editing rights, no downloading, or only for review (comments).
  • You an apply different permissions to different external stakeholders within one sharing setup.
  • Sharing should be time-limited, only long enough to suit your stakeholders' needs.
  • You should prepare a short 'sharing message' to include with the automated share email link.
  • Stakeholder comms can inform them they'll receive a separate email with personalised share link.
  • You should tidy your team's External folder to delete content no longer needed for sharing.

Adding permissions to an external share

There are a few steps here but it's only because they're detailed, the process is straightforward.

  1. Prep a list of email addresses for people you want to share with and decide their level of access.
  2. Open the 'DA External Share' site in a browser.
  3. Navigate to a folder for your team's shares and either find or create a subfolder for your task.
  4. Click the three dots next to the folder and choose 'Manage access' from the popup menu.
  5. Click on the Links tab.
  6. Click 'Create and share a new link' for new shares, or click the cog to extend an existing share.
  7. Ensure the setting is 'Can view' or 'Can edit', or other permission as appropriate.
  8. Paste in custom message text (example below) to include in the email Microsoft sends invitees.

    This Microsoft-generated email is the result of a Dietitians Australia colleague sharing a file with you. As a security measure, the "Open" button link only works for your email address. When you open this link (preferably in a Private or Incognito browser window), you will be asked to verify your email address by having Microsoft send you a code then entering it in your browser to gain access.

  9. Paste in the first email address to share with and click on the match in the drop down to add the address:

    Adding a name.png

  10. To keep the invite list private, click Send after entering just one invitee, and repeat steps 9. and 10. for each individual you're sharing with. Or...
  11. If it's appropriate for a larger group to see each others' email addresses in the invite, click Add more, paste in the next email address, and click the match in the drop down as in step 9. 

    Adding multiple names.png

    Repeat to add more invitees and click Send when you have finished building your 'group' of invitees.

Invitees will receive an email like the one below:

Email with link.png


Please note:

The steps for setting up sharing for individuals are standard, but what's changed recently is that invitees now verify their email address to gain access – it's a simple 2FA. Here's an outline of their experience:

  • The link on the 'Open' button in this email is tied to the invitee's email address. After clicking it, a browser window will open and Microsoft will offer a Send Code button.
  • After clicking Send Code, stakeholders will need to copy and paste an 8-digit code from the verification email into their browser to gain access to the shared content.
  • This all works best if the stakeholders use a Private or Incognito window, so Microsoft doesn't confuse their email-specific access with any other active Microsoft account.
  • Anyone struggling to gain access should be asked to right-click and copy the Open button link from their email, launch a Private/Incognito browser window, and paste the web address into that browser (or another browser not used day-to-day).

The simple email verification ensures only intended recipients get to see the file, which offers all parties some peace of mind that business-sensitive content and member data is not subject to widespread use of unsecured links. Dietitians Australia being security-conscious is a good thing! We cannot stop individuals from sharing sensitive data once they have gained access, but we can stop unsecured access.

If using other file sharing services, please remain security conscious. Other services may have their own method of limiting access just to intended parties, so some verification may exist for those too, and if not then our data is less secure.

Was this article helpful?

0 out of 0 found this helpful
Return to top

Comments

0 comments

Article is closed for comments.

Powered by Zendesk