File Collaboration

Overview

On Boarding Office 365

We need development environment, let’s sign up o365 developer sandbox subscription, https://developer.microsoft.com/microsoft-365/dev-program. If you already have github account, you may use federation to sign up.

Create Site

From https://<value>.sharepoint.com/ site, click “Create site”, then select “team site” template.

External Sharing Security Configuration

Share a File Using Verification Code

Share a file with an external user by sending link to user’s email, this user does not have any entries in my organization’s AAD.

Enable SharePoint Online Integration With AAD B2B

Configure email one-time passcode from AAD tenant for guest user. (https://portal.azure.com AAD blade) This is perquisite to enable SharePoint Online integration with AAD B2B, since the feature does not even require a work/school account or MS account.

Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Scope CurrentUser
Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version

Connect-SPOService -Url "https://$env:o365value-admin.sharepoint.com"

Set-SPOTenant -EnableAzureADB2BIntegration $true
Set-SPOTenant -SyncAadB2BManagementPolicy $true

Validate SharePoint and AAD B2B Integration

  • Logon to SharePoint site https://<value>.sharepoint.com/sites/FileCollaboration/Shared%20Documents/Forms/AllItems.aspx using admin account
  • Select a file and share
Note: if you got blocked, ensure to allow hotmail.com domain.

Enable Guest User MFA

To further secure file sharing, let’s mandate MFA. You must disable security default before creating AAD conditional access policy.

Conclusion

Without code development we are able to securely share file with external users utilizing MS office 365 SaaS offering and AAD B2B.

References

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cloud Journey

Cloud Journey

All blogs are strictly personal and do not reflect the views of my employer, focus on cloud networking, cloud security and API security.