Share with Anyone | Office 365 Groups

Share with Anyone | Office 365 Groups

Sharing anonymously with Office 365 groups is disabled by default. And no matter what tenant settings you apply in the SharePoint Admin Center or in the Settings module in the Office 365 Admin Center, you will not be able to share with ‘Anyone’. This is by design and though you may not like it, it’s purpose is to ensure that external guests or even group members can’t just create anonymous sharing links to your data.

The difference between sharing with Anyone and sharing with a Specific Person is that sharing with Anyone or Anonymously does not require authentication. It’s open and public access that anyone with the sharing link can access. You can read more about the specifics on sharing with SharePoint here.

However, for those of you who still want this ability, below are some steps to enable this feature using PowerShell. Follow the steps below to enable sharing with Anyone in your Office 365 group.

  1. Download and install the SharePoint Online Management Shell tool. This will allow you to connect to SharePoint online through PowerShell.
  2. Open and run the SharePoint Online Management Shell and type the following:
    • $userCredential - Get-Credential
      • Please note that you will be prompted for your Office 365 admin credentials, and if you have Multi Factor Authentication enabled, click here for those instructions.
  3. Now that you are connected and authenticated, you will need to run the command below.
    • Connect-SPOService -Url https://yourcompany.sharepoint.com -Credential $userCredential
      • Please note that you must replace the above url with your tenant ID which is embedded in your SharePoint (365 Group) address. It will look like this: https://yourcompany.sharepoint.com.
  4. Now that you are connected to your SharePoint Online tenant, you can now change the property to enable Anonymous sharing with Anyone in your 365 Group. Run the following command against the group site.
      • set-sposite -identity https://yourcompany.sharepoint.com/teams/365group -sharingcapability ExternalUserAndGuestSharing

     

  5. Congratulations! That’s it. Refresh your browser and the Anyone sharing should be available now.

You can read more about how to work with SharePoint Online via PowerShell using the links below.

Let me know if this has helped your tenant.

Setup Email Encryption in Office 365

Setup Email Encryption in Office 365

So this is really going to be easy. You will enjoy paying just $2 a month for your entire company to have hosted email encryption. NOTE: Commands are italicized.

Here is a summary of what we are going to do. (assuming you use Office 365 already)

  1. Purchase Azure Information Protection and assign the license to any user.
  2. Connect to Exchange Online via PowerShell.
  3. Run a few commands in PowerShell.
  4. Create a Rule inside of Office 365 to encrypt messages.

Step 1 | Purchase Azure Information Protection

To purchase a new subscription in Office 365, login to https://portal.office.com, go to the App Chooser in the top left hand corner and select Admin.

AdminCtrO365

Next, go to the Billing section and select Purchase services. There you can find and subscribe to the Azure Information Protection Plan 1 for $2.00 per user per month. NOTE: You only need 1 subscription for message encryption.

AIPO365Step 2 | Connect to Exchange Online via PowerShell

If you have Windows 10, then you already have the necessary software. Simply go to your Start menu > Type PowerShell > Right click on it and Run As Administrator.

In PowerShell run the following commands:

  • Set-ExecutionPolicy RemoteSigned
    • Respond with “A” for all or “Y” for yes.
  • $UserCredential = Get-Credential
    • Login with your Office 365 admin credentials.
  • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
  • Import-PSSession $Session

Now we are connected to Exchange Online. Don’t close PowerShell just yet.

Step 3 | Run Some PowerShell Commands

Now that we are connected to Exchange Online with a PowerShell session. Let’s enable the Azure Rights Management service to allow for us to send encrypted emails.

In PowerShell run the following commands:

  • Set-IRMConfiguration -RMSOnlineKeySharingLocation “https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc”
    • Please note this command is for US only.
  • Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”
    • This imports the Trusted Publishing Domain from RMS Online.
  • Test-IRMConfiguration -RMSOnline
    • This just tests that you have successfully configured IRM in Exchange Online to use the Azure Rights Management service.
  • Set-IRMConfiguration – ClientAccessServerEnabled $false
    • This disables IRM templates in OWA and Outlook.
  • Set-IRMConfiguration -InternalLicensingEnabled $true
    • This enables IRM for Office 365 Message Encryption.
  • Test-IRMConfiguration -Sender user@yourdomain.com
    • This verifies that you successfully imported the TPD and enabled IRM.

We have successfully enabled Information Rights Management in your Office 365 tenant. Now all that is left to do is create a Transport Rule that tells the server to encrypt the message.

Step 4 | Create a Rule to Encrypt Email

So now we are done with PowerShell, you can close it or run Remove-PSSession $Session and then close it. Now we just need to create a Transport Rule in Exchange Online to tell the server when a message meets a set of criteria, encrypt it before sending.

Now technically, encrypted emails never leave the mail server. They simply send a message to the recipient saying, “You’ve received an encrypted message from…” So, the recipient can either use a Microsoft Account or a one-time passcode to view the message. See image below for an example of what the recipient sees.

EncryptMessO365

So to setup this rule, go back to https://portal.office.com and login and go to the Admin Center. Down in the bottom left you will see Admin Centers > Exchange.

EACO365

Then in the Exchange Admin Center, select Mail Flow > Rules. Here you will create a new Rule and Apply this rule if…

  • The subject or body includes…
    • I would use a word in brackets like [ENCRYPT].
  • and… The recipient is located…
    • Outside the Organization (within the org the messages are encrypted)
  • Then, do the following…
    • Modify the message security and Encrypt the message with Office 365 Message Encryption.

RuleO365

 

Make sure to enable Enforce this rule. Lastly, you will need to test this out but after a few hours. Technically all these changes take an hour or two to apply.

So that’s it! Whenever someone within your organization sends an email to someone outside the organization, with the subject that includes [ENCRYPT], the message with be encrypted. Take it for a spin and let me know what you think.

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates.

You have Successfully Subscribed!

Pin It on Pinterest