| Service | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| SharePoint | Change External Sharing Site | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/change-external-sharing-site.md | description: "Learn how global and SharePoint admins can change site-level shari You must be a global or SharePoint admin in Microsoft 365 to change the sharing settings for a site (previously called a "site collection"). Site owners aren't allowed to change these settings. -The steps in this article apply to team sites, communication sites, and classic sites. To learn how to change the external sharing setting for a user's OneDrive, see [Change the external sharing setting for a user's OneDrive](/onedrive/user-external-sharing-settings). For info about changing your organization-level settings, see [Manage sharing settings](turn-external-sharing-on-or-off.md). To change the settings for Teams private channel sites, you must use [Set-SPOSite](/powershell/module/sharepoint-online/set-sposite). +The steps in this article apply to team sites, communication sites, and classic sites. To learn how to change the external sharing setting for a user's OneDrive, see [Change the external sharing setting for a user's OneDrive](/onedrive/user-external-sharing-settings). For info about changing your organization-level settings, see [Manage sharing settings](turn-external-sharing-on-or-off.md). To change the settings for Teams private or shared channel sites, you must use [Set-SPOSite](/powershell/module/sharepoint-online/set-sposite). For detailed information about how to set up guest access for a site, see [Collaborate with guests in a site](/Office365/Enterprise/collaborate-in-a-site). |
| SharePoint | Create B2b Extranet | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/create-b2b-extranet.md | An extranet site in Microsoft SharePoint is a site that you create to let extern Traditionally, deploying a SharePoint *on-premises* extranet site involves complex configuration to establish security measures and governance, including granting access inside the corporate firewall, and expensive initial and on-going cost. -But with Microsoft 365, partners connect directly to a members-only site in SharePoint, without access to your on-premises environment or any other SharePoint sites. Microsoft 365 extranet sites can be accessed anywhere there's an Internet connection. +But with Microsoft 365, partners connect directly to a members-only site in SharePoint, a team in Microsoft Teams, or a Teams shared channel without access to your on-premises environment or any other teams or sites. Microsoft 365 extranet sites can be accessed anywhere there's an Internet connection. Depending on your collaboration needs, you can include Microsoft 365 groups or Microsoft Teams as part of your extranet. ## Why use Microsoft 365 for a B2B extranet? - **Time-to-value and Cost savings:** a Microsoft 365 B2B extranet eliminates the need for creating a costly on-premises extranet sites. No additional hardware is required and using Microsoft 365 greatly reduces the resource and labor costs. Your IT department can focus on more important tasks than creating and maintaining extranet infrastructure. + **Time-to-value and Cost savings:** a Microsoft 365 B2B extranet eliminates the need for creating a costly on-premises extranet site. No additional hardware is required and using Microsoft 365 greatly reduces the resource and labor costs. Your IT department can focus on more important tasks than creating and maintaining extranet infrastructure. **Secure sharing:** Microsoft 365 B2B extranet provides a highly secure sharing experience with the IT governance and policies that you require, including: Depending on your collaboration needs, you can include Microsoft 365 groups or M To get started setting up a SharePoint extranet site: -1. Read [Collaborate with guests in a site](/Office365/Enterprise/collaborate-in-a-site) if you want to limit your extranet to a site with a Microsoft 365 group, or [Collaborate with guests in a team](/Office365/Enterprise/collaborate-as-a-team) if you want to include a team. +- Read [Collaborate with guests in a site](/Office365/Enterprise/collaborate-in-a-site) if you want to limit your extranet to a site with a Microsoft 365 group, or [Collaborate with guests in a team](/Office365/Enterprise/collaborate-as-a-team) if you want to include a team. -2. Read [Create a B2B extranet with managed guests](/Office365/Enterprise/b2b-extranet) if you want to delegate guest access management to specific approvers in either your organization or the partner organization. +- Read [Create a B2B extranet with managed guests](/Office365/Enterprise/b2b-extranet) if you want to delegate guest access management to specific approvers in either your organization or the partner organization. ++- Read [Collaborate with external participants in a channel](/microsoft-365/solutions/collaborate-teams-direct-connect) if you want to use a shared channel in Teams where partners can use their existing work or school account for a single sign-on experience. -3. Read [Limit accidental exposure to files when sharing with guests](/Office365/Enterprise/sharing-limit-accidental-exposure) and [Create a secure guest sharing environment](/Office365/Enterprise/create-a-secure-guest-sharing-environment) to learn about options for securing your guest sharing environment. +- Read [Limit accidental exposure to files when sharing with guests](/Office365/Enterprise/sharing-limit-accidental-exposure) and [Create a secure guest sharing environment](/Office365/Enterprise/create-a-secure-guest-sharing-environment) to learn about options for securing your guest sharing environment. ## See also |
| SharePoint | Deploy File Collaboration | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/deploy-file-collaboration.md | Traditionally, SharePoint permissions have been managed through a set of permiss While you can continue to manage SharePoint site permissions separately by using SharePoint groups, we recommend managing permissions for SharePoint by adding people to or removing them from the associated Microsoft 365 group. This provides easier administration as well as giving users access to a host of related services that they can use for better collaboration. -Microsoft Teams provides a hub for collaboration by bringing together all the Microsoft 365 group-related services, plus a variety of Teams-specific services, in a single user experience with persistent chat. Teams uses the associated Microsoft 365 group to manage its permissions. Within the Teams experience, users can directly access SharePoint along with the other services without having to switch applications. This provides a centralized collaboration space with a single place to manage permissions. For collaboration scenarios in your organization, we highly recommend using Teams rather than using services such as SharePoint independently. +Microsoft Teams provides a hub for collaboration by bringing together all the Microsoft 365 group-related services, plus a variety of Teams-specific services, in a single user experience with persistent chat. Teams uses the associated Microsoft 365 group to manage its permissions. Within the Teams experience, users can directly access SharePoint along with the other services without having to switch applications. This provides a centralized collaboration space with a single place to manage permissions. Teams uses the SharePoint site that is connected to the Microsoft 365 group for files in standard channels and creates separate SharePoint sites for each private or shared channel. For collaboration scenarios in your organization, we highly recommend using Teams rather than using services such as SharePoint independently. For details about how SharePoint and Teams interact, see [How SharePoint and OneDrive interact with Microsoft Teams](/microsoftteams/sharepoint-onedrive-interact). The sharing settings that you configure for SharePoint and OneDrive determine wh - Restrict sharing to specified domains. -You can configure these settings for the entire organization, or for each site independently. For detailed information, see [Turn sharing on or off](./turn-external-sharing-on-or-off.md) and [Turn sharing on or off for a site](./change-external-sharing-site.md). +You can configure these settings for the entire organization, or for each site independently (except private or shared channel sites). For detailed information, see [Turn sharing on or off](./turn-external-sharing-on-or-off.md) and [Turn sharing on or off for a site](./change-external-sharing-site.md). See [Limit accidental exposure to files when sharing with guests](/Office365/Enterprise/sharing-limit-accidental-exposure) for additional guidance around sharing with people outside your organization. When users share files and folders, a shareable link is created which has permis  - An *anyone* link is a transferrable, revocable secret key. It's transferrable because it can be forwarded to others. It's revocable because by deleting the link, you can revoke the access of everyone who got it through the link. It's secret because it can't be guessed or derived. The only way to get access is to get the link, and the only way to get the link is for somebody to give it to you. + An *anyone* link is a transferrable, revocable secret key. It's transferrable because it can be forwarded to others. It's revocable because by deleting the link, you can revoke the access of everyone who got it through the link. It's secret because it can't be guessed or derived. The only way to get access is to get the link, and the only way to get the link is for somebody to give it to you. *Anyone* links can't be used with files in a Teams shared channel site. - *People in your organization* links work for only people inside your Microsoft 365 organization. (They do not work for guests in the directory, only members). When users share files and folders, a shareable link is created which has permis A *specific people* link is a non-transferable, revocable secret key. Unlike *anyone* and *people in my organization* links, a *specific people* link will not work if it's opened by anybody except for the person specified by the sender. - *Specific people* links can be used to share with users in the organization and people outside the organization. In both cases, the recipient will need to authenticate as the user specified in the link. + *Specific people* links can be used to share with users in the organization and people outside the organization. In both cases, the recipient will need to authenticate as the user specified in the link. For files in a Teams shared channel site, *specific people* links can only be sent to others in the channel. It's important to educate your users in how these sharing links work and which they should use to best maintain the security of your data. Send your users links to [Share OneDrive files and folders](https://support.office.com/article/9fcc2f7d-de0c-4cec-93b0-a82024800c07) and [Share SharePoint files or folders](https://support.office.com/article/1fe37332-0f9a-4719-970e-d2578da4941c), and include information about your organization's policies for sharing information. Examples include: - Block guests from signing in from risky locations - - Require multifactor authentication for mobile devices + - Require multi-factor authentication for mobile devices You can create access policies that are specifically for guests, allowing risk mitigation for people who most likely have unmanaged devices. |
| SharePoint | Intro To File Collaboration | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/intro-to-file-collaboration.md | Most of the file collaboration features in Microsoft 365 are available to you re - Integration with Microsoft Office +- Private and shared channels in Teams + - Auditing and reporting - Hybrid In the Office apps, users can easily [open files saved in the Microsoft cloud](h  +### Private and shared channels in Teams ++Teams has workspaces for chat and file collaboration called channels. While standard channels include everyone in the team, [private channels](/microsoftTeams/private-channels) allow you to collaborate with a subset of team members and [shared channels](/microsoftteams/shared-channels) allow you to collaborate with people outside the team. All channel types allow you to collaborate with people outside your organization. Each private and shared channels has its own SharePoint site for file storage and collaboration. + ### Migration tools You can choose one or more of the following options, depending on the number and location of files that you want to migrate. Microsoft Search helps users find files within modern SharePoint sites and from As a global or SharePoint admin for your organization, you have a couple of options for managing SharePoint sites and settings: -- **New SharePoint admin center**. In the new SharePoint admin center, you can create and delete sites, manage site settings, and manage organization-level settings for SharePoint and OneDrive. The <a href="https://go.microsoft.com/fwlink/?linkid=2185220" target="_blank">**Active sites** page</a> of the SharePoint admin center lets you view the SharePoint sites in your organization, including communication sites and sites that belong to Microsoft 365 Groups. It also lets you sort and filter sites, search for a site, and create new sites. [Get started with the new SharePoint admin center](./get-started-new-admin-center.md).+- **SharePoint admin center**. In the SharePoint admin center, you can create and delete sites, manage site settings, and manage organization-level settings for SharePoint and OneDrive. The <a href="https://go.microsoft.com/fwlink/?linkid=2185220" target="_blank">**Active sites** page</a> of the SharePoint admin center lets you view the SharePoint sites in your organization, including communication sites, Teams private and shared channel sites, and sites that belong to Microsoft 365 Groups. It also lets you sort and filter sites, search for a site, and create new sites. [Get started with the SharePoint admin center](./get-started-new-admin-center.md).  To prepare for file collaboration in Microsoft 365, configure the following sett When a Microsoft 365 group is created from anywhere within Microsoft 365, a SharePoint site is automatically created. You can let all users create groups, only some users, or you can block group creation and manage it centrally in your IT department. For info, see [Manage who can create Office groups](/office365/admin/create-groups/manage-creation-of-groups). You can also use a naming policy for groups and set an expiration period so that groups that are no longer being used will be deleted. For more info, see [Plan for governance in Microsoft 365 Groups](/office365/admin/create-groups/plan-for-groups-governance?view=o365-worldwide&preserve-view=true). If you allow users to create groups, you can also allow them to create team sites from the SharePoint start page and from OneDrive and manage default site settings. For info, see [Manage site creation](manage-site-creation.md). - + ### Sharing To set up external sharing in your organization, you need to make sure that settings across multiple admin centers are set the way you want. Sharing with people outside your organization is enabled by default in SharePoint, OneDrive, and Teams. [Collaborate with guests in a team](/microsoft-365/solutions/collaborate-as-team). Set the external sharing level and the default sharing link type. +Sharing with people outside your organization in shared channels in Teams requires additional configuration. See [Collaborate with external participants in a channel](/microsoft-365/solutions/collaborate-teams-direct-connect) for information. +  ### Security |
| SharePoint | Modern Experience Sharing Permissions | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/modern-experience-sharing-permissions.md | description: "In this article, you'll learn about the available options for shar Traditionally, SharePoint permissions have been managed through a set of permissions groups within a site (Owners, Members, Visitors, etc.). In SharePoint in Microsoft 365, this remains true for some types of sites, but additional options are available and SharePoint is part of a much broader set of capabilities for [secure collaboration with Microsoft 365](/microsoft-365/solutions/setup-secure-collaboration-with-teams). -The three main types of sites in SharePoint are: +The main types of sites in SharePoint are: - **Team sites** - Team sites provide a collaboration environment for your teams and projects. Each team site, by default, is part of a Microsoft 365 group, which includes a mailbox, shared calendar, and other collaboration tools. Team sites may also be part of a team in Microsoft Teams. Permissions for team sites are best managed through the associated Microsoft 365 group or Teams team.+- **Channel sites** - Channel sites are team sites that are associated with a specific channel in a Teams team. Both private and shared channels create separate SharePoint sites just for the channel. - **Communication sites** - Communication sites are for broadcasting news and status across the organization. Communication site permissions are managed by using the SharePoint Owners, Members, and Visitors groups for the site. - **Hub sites** - [Hub sites](./planning-hub-sites.md) are team sites or communication sites that the administrator has configured as the center of a hub. They're designed to provide connection between related sites through shared navigation. Permissions for hub sites can be managed through the Owners, Members, and Visitors groups, or through the associated Microsoft 365 group if there is one. Special permissions are needed to associate sites to a hub. By default, each SharePoint team site is part of an [Microsoft 365 group](https: When you add owners or members to the Microsoft 365 group, they're given access to the SharePoint site along with the other group-connected services. Group owners become site owners, and group members become site members. -It's possible to manage SharePoint site permissions separately from the Microsoft 365 group by using SharePoint groups, but we recommend against it. In such a case, group members will continue to have access to the site, but users added directly to the site won't have access to any of the group services. The exception is view-only access - Microsoft 365 groups don't have view-only access, so any users you wish to have view permissions on the site must be added directly to the Visitors group on the site. +It's possible to manage SharePoint site permissions separately from the Microsoft 365 group by using SharePoint groups, unless it's a channel site. However, we recommend against it. In such a case, group members will continue to have access to the site, but users added directly to the site won't have access to any of the group services. The exception is view-only access - Microsoft 365 groups don't have view-only access, so any users you wish to have view permissions on the site must be added directly to the Visitors group on the site. > [!NOTE]-> When you create a new team or private channel in Microsoft Teams, a team site in SharePoint gets automatically created. To edit the site description or classification for this team site, go to the corresponding channelΓÇÖs [settings in Microsoft Teams](https://support.microsoft.com/office/change-a-team-s-data-security-classification-in-teams-bf39798f-90d2-44fb-a750-55fa05a56f1d). -> -> Learn more about managing [Microsoft Teams connected teams sites](/SharePoint/teams-connected-sites). +> When you create a new team or private or shared channel in Microsoft Teams, a team site in SharePoint gets automatically created. To edit the site description or classification for this team site, go to the corresponding channelΓÇÖs [settings in Microsoft Teams](https://support.microsoft.com/office/change-a-team-s-data-security-classification-in-teams-bf39798f-90d2-44fb-a750-55fa05a56f1d). ### Using team sites with Teams Microsoft Teams provides a hub for collaboration by bringing together various services including a SharePoint team site. Within the Teams experience, users can directly access SharePoint along with the other services. Each team is associated with a Microsoft 365 group and Teams uses that group to manage its permissions. -For scenarios where a SharePoint site is used with Teams, we recommend doing all permission management through Teams. As with Microsoft 365 groups, team owners become site owners and team members become site members. View-only permissions are managed through the site. +For scenarios where a SharePoint site is used with Teams, we recommend doing all permission management through Teams. As with Microsoft 365 groups, team owners become site owners and team members become site members. ++For private or shared channel sites, permission management must be done in Teams. Channel owners become sites owners in SharePoint and channel members become site members. Permissions in SharePoint can't be managed separately. For details about how SharePoint and Teams interact, see [Overview of Teams and SharePoint integration](/sharepoint/teams-connected-sites) and [Manage settings and permissions when SharePoint and Teams are integrated](/sharepoint/manage-teams-sharepoint-experiences). The SharePoint admin must specify which users can connect other sites to the hub Giving people permissions to a site, group, or team gives them access to all site content. If you want to share an individual file or folder, you can do so with shareable links. There are three primary link types: - - *Anyone* links give access to the item to anyone who has the link, including people outside your organization. People using an *Anyone* link don't have to authenticate, and their access can't be audited. - - *People in your organization* links work for only people inside your Microsoft 365 organization. (They don't work for guests in the directory, only members). - - *Specific people* links only work for the people that users specify when they share the item. + - *Anyone* links give access to the item to anyone who has the link, including people outside your organization. People using an *Anyone* link don't have to authenticate, and their access can't be audited. *Anyone* links can't be used with files in a Teams shared channel site. + - *People in your organization* links work for only people inside your Microsoft 365 organization. (They don't work for guests or external participants in Teams shared channels). + - *Specific people* links only work for the people that users specify when they share the item. For files in a Teams shared channel site, *specific people* links can only be sent to others in the channel. You can [change the type of link that is presented to users by default](./change-default-sharing-link.md) for each site. For more about the different types of sharing links, see [Securing your data](./ ## Guest sharing -The external sharing features of SharePoint let users in your organization share content with people outside the organization (such as partners, vendors, clients, or customers). You can also use external sharing to share between licensed users on multiple Microsoft 365 subscriptions if your organization has more than one subscription. Planning for external sharing should be included as part of your overall permissions planning for SharePoint. +The external sharing features of SharePoint let users in your organization share content with people outside the organization (such as partners, vendors, clients, or customers). Planning for external sharing should be included as part of your overall permissions planning for SharePoint. SharePoint has external sharing settings at both the organization level and the site level (previously called the "site collection" level). To allow external sharing on any site, you must allow it at the organization level. You can then restrict external sharing for other sites. Whichever option you choose at the organization or site level, the more restrict External sharing is turned on by default for your organization. Default settings for individual sites vary depending on the type of site. See [Site level settings](/microsoft-365/solutions/microsoft-365-guest-settings) for more information. +[Shared channels in teams](/MicrosoftTeams/shared-channels) do not use guest accounts for sharing with people outside the organization. However, external sharing must be enabled for people outside the organization to be invited to shared channels. ++Guest sharing for private and shared channel sites can only be changed by using PowerShell. + To set up guest sharing for a site, see [Collaborate with guests in a site](/microsoft-365/solutions/collaborate-in-site). ### Security and privacy If you have confidential information that should never be shared externally, we ## SharePoint and OneDrive integration with Azure AD B2B -Azure AD B2B provides authentication and management of guests. Authentication happens via one-time passcode when they don't already have a work or school account or a Microsoft account (MSA). +Azure AD B2B collaboration provides authentication and management of guests. Authentication happens via one-time passcode when they don't already have a work or school account or a Microsoft account (MSA). -With SharePoint and OneDrive integration, the Azure B2B one-time passcode feature is used for external sharing of files, folders, list items, document libraries and sites. +With SharePoint and OneDrive integration, the Azure B2B collaboration one-time passcode feature is used for external sharing of files, folders, list items, document libraries and sites. (Shared channels in Teams don't use Azure B2B collaboration, but rather [Azure B2B direct connect](/azure/active-directory/external-identities/b2b-direct-connect-overview).) -With Azure B2B integration, all guests are added to the directory and can be managed using Microsoft 365 security and compliance tools. We encourage you to try the [SharePoint and OneDrive integration with Azure AD B2B](sharepoint-azureb2b-integration.md). +With Azure B2B collaboration integration, all guests are added to the directory and can be managed using Microsoft 365 security and compliance tools. We encourage you to try the [SharePoint and OneDrive integration with Azure AD B2B](sharepoint-azureb2b-integration.md). ## See also With Azure B2B integration, all guests are added to the directory and can be man [Share SharePoint files or folders](https://support.office.com/article/1fe37332-0f9a-4719-970e-d2578da4941c) [Limit sharing in Microsoft 365](/microsoft-365/solutions/microsoft-365-limit-sharing)++[Shared channels in Microsoft Teams](/MicrosoftTeams/shared-channels) ++[Microsoft 365 guest sharing settings reference](/microsoft-365/solutions/microsoft-365-guest-settings) |
| SharePoint | Teams Connected Sites | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/teams-connected-sites.md | These are the basic parts of Teams and SharePoint and how they relate to each ot - **[Private channel](/MicrosoftTeams/private-channels)** ΓÇô A private channel is a channel that only some of the team's members have access to. It is used for private conversations and collaboration. Each private channel has its own SharePoint site for file storage. Only members of the private channel can access this site. +- **[Shared channels](/MicrosoftTeams/shared-channels)** ΓÇô A shared channel is a channel that you can add anyone to, even if theyΓÇÖre not a member of the team. It is used for broader collaboration with people outside the team. Each shared channel has its own SharePoint site for file storage. Only members of the shared channel can access this site. + - **Channel site** - The SharePoint site that is created when you create a private channel in a team. Only owners and members of the private channel have access to this site. - **Public team** - A public team is a team that anyone in the organization can join. Public teams do not require a team owner to invite someone to the team. This table describes how site, file, and folder sharing work for each type of ch |:--|:--|:--|:-| |Standard|One SharePoint site is shared by all standard channels. There is a separate folder for each channel.|Team owners and members are automatically included in the site owners and members permission groups. Sharing the site separately is possible but managing access through Teams is recommended for easiest user management and the best user experience.|Files and folders can be shared with anyone in the organization by using sharable links. If guest sharing is enabled, *Anyone* and *Specific people* links can be used to share with people outside the organization.| |Private|Each private channel has its own SharePoint site.|Team owners and members are automatically included in the site owners and members permission groups. The site can't be shared separately.|Files and folders can be shared with anyone in the organization by using sharable links. If guest sharing is enabled, *Anyone* and *Specific people* links can be used to share with people outside the organization.|+|Shared|Each shared channel has its own SharePoint site.|Team owners and members are automatically included in the site owners and members group. The site canΓÇÖt be shared separately.|Files and folders can be shared with anyone in the organization and external participants in the channel by using sharable links. Sharing with people outside the organization who are not channel members is not supported.| ## Where to manage Teams and SharePoint settings |