Solutions for External Access (part 3 of 3)

By Ashwin Venugopal -

 






To read part 1, please click here
To read part 2, please click here








Office 365 External Sharing & Azure AD B2B Collaboration

The collaboration between external sharing in Office 365 (OneDrive, SharePoint Online, Unified Groups, etc.) Azure AD B2B are technically the same thing and all the external sharing (except OneDrive/SharePoint Online) , including guests in Office 365 Groups, already use the Azure AD B2B collaboration invitation APIs for sharing.

How does Azure AD B2B differ from external sharing in SharePoint Online?

They generally differ in following ways:
  • OneDrive/SharePoint Online can add users to the directory after they have redeemed their invitations, hence you can't see them in Azure AD portal before redemption, but, if another site invites a user in the meantime, a new invitation is generated. Whereas in Azure AD collaboration, the users are added immediately on invitation so that they are shown everywhere. 

  • The redemption experience in OneDrive/SharePoint Online is entirely different from that in Azure AD B2B collaboration, but when a user redeems an invitation, the experiences look alike. 

  • You can pick Azure AD B2B collaboration invited users from OneDrive/SharePoint Online sharing dialog boxes where the invited users can also be shown in Azure AD after they redeem their invitations.

  • The licensing requirements are different because for each paid Azure AD license up to 5 guest users can access your paid Azure AD features. 

If you want to manage external sharing in OneDrive/SharePoint Online with Azure AD B2B collaboration, then set it as such that it will allow sharing with the external users already existing in your organization's directory. 

Microsoft Teams External & Guest Access

You communicate with the people outside your organization in the following ways:
  • External access (federation)-It allows you to find, call, an chat with the users in other domains. (for example, contoso.com).

  • Guest access- It allows you to add individuals to your teams as guests with the help of their email address. You can also collaborate with the guests as you would with any other users in your organization. 

You can use both external and guest access if you want - one doesn't preclude the other.

External Access

You can readily use it if you want the external users in the other domains to find, call, chat, and set up meetings with you. You have to choose external access to communicate with the external users who are still on Skype for Business (online or on-premise) or Skype. 

External access is turned on by default in Teams i.e. your organization can communicate with all external domains. It can turned off or specify which domains to include (or exclude) by Teams admin and guest access is considered a better way for the external users to have access to teams and channels.

Guest Access

It can be used to add an individual user to a team, where they can chat, call, meet, and collaborate on organization files with the help of Office 365 apps like Word, Excel, or PowerPoint. 
  • Guests are added to your organization's AD.

  • If you want to communicate with  guests, then, they have to be signed in to the Teams with the help of their guest account i.e. the guest may have to sign out of their own Teams account to sign in to your Teams account.

  • Guest users can have access to more resources in Teams (like files, teams, and channels) than external-access (federated) users. 

  • The Teams admin can control everything that a guest can (or can't) do in the Teams admin center. 

If you want to turn on guest access in your organization, then, start with the Guest access checklist.



















To read part 1, please click here
To read part 2, please click here































Comments

Post a Comment

Popular posts from this blog

Deployment (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Microsoft Monitoring Agent (MMA) MMA is used across multiple Microsoft solutions and has undergone a few name changes as its features and functionality have evolved. If it is being considered to be used, then following areas should be covered during a Microsoft Sentinel deployment project: Consider the timelines and the strategy for a migration to AMA (Azure Monitor Agent) before the MMA end-of-life.  Consider the central deployment and management methodology for MMA. Determine which endpoints are in scope for deployment as these affect the log ingestion volume significantly.  Azure Monitor Agent (AMA) Organizations with MMA as the main Microsoft Sentinel agent should start planning the migration to AMA as soon as possible to avoid a rushed migration. One of the main advantages of AMA is the ability to control the log collection policy centrally and apply different policies against different...
Read more

Deployment (Part 1)

By Ashwin Venugopal -
Image
  To read part 2, please click  here To read part 3, please click  here Azure Resources Microsoft Sentinel needs following resources to be created: Subscription (if a dedicated subscription(s) will be used) Resource group(s) Log Analytics workspace(s) Automation rules/playbook Alert rules Workbooks Microsoft Sentinel offers hundreds of alert rules, workbooks, and automation playbook templates along with hunting scripts. The templates can be used to activate/deploy schedule alerts, create customized dashboards, create automation playbooks and perform threat-hunting activities. Generally, once deployed, the resources created have to be adjusted to match the existing environment, configure local credentials, etc. Methods of deployment: Manual- Administrator can manually configures the Microsoft Sentinel resources with the help of Azure portal. Any manual process has the inherent risks of human operator error, lack of compliance with potential change control procedures, and u...
Read more

Deployment (Part 2)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 3, please click  here Microsoft Sentinel Content Hub Content in Microsoft Sentinel includes any of the following types: Data connectors offer log ingestion from different sources into Microsoft Sentinel. Parsers give log formatting/transformation into ASIM formats, supporting usage across various Microsoft Sentinel content types and scenarios. Workbooks provide monitoring, visualization, and interactively with data in Microsoft Sentinel, highlighting meaningful insights for users.  Analytics rules give alerts that point to relevant SOC actions via incidents.  Hunting Queries are used by SOC teams to proactively hunt for threats in Microsoft Sentinel. Notebooks help SOC teams in using advanced hunting features in Jupyter and Azure Notebooks. Watchlists support the ingestion of specific data for enhanced threat detection and reduced alert fatigue.  Playbooks and Azure Logic Apps Custom Connectors provide featu...
Read more