Updates from: 06/01/2022 01:18:40
Service Microsoft Docs article Related commit history on GitHub Change details
SharePoint Manage Security Groups https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/manage-security-groups.md
As a SharePoint or global admin in Microsoft 365, you restrict external sharing
![Manage security groups](media/manage-security-groups.png)
-4. In the **Add a security group** box, search for and select the security groups you want to use. (Note that Microsoft 365 Groups are not supported).
+4. In the **Add a security group** box, search for and select the security groups you want to use (up to 12). (Note that Microsoft 365 Groups are not supported).
5. Next to the security group name, from the **Can share with** dropdown, select either:
As a SharePoint or global admin in Microsoft 365, you restrict external sharing
6. Select **Save**.
-By selecting **Anyone**, users in that security group can share links to files and folders externally that donΓÇÖt require users to authenticate (for example, the **Anyone link** in the **Share** dialog box). Forwarded **Anyone links** will work internally or externally, but you can't track who has access to shared items or who has accessed shared items. Users in this group can also share to authenticated guest users. This option is best for a security group preferring friction-free sharing, provided files and folders in SharePoint and OneDrive arenΓÇÖt classified as sensitive.
+By selecting **Anyone**, users in that security group can share links to files and folders externally that donΓÇÖt require users to authenticate (for example, the **Anyone link** in the **Share** dialog box). Forwarded **Anyone links** will work internally or externally, but you can't track who has access to shared items or who has accessed shared items. Users in this group can also share to authenticated guests. This option is best for a security group preferring friction-free sharing, provided files and folders in SharePoint and OneDrive arenΓÇÖt classified as sensitive.
By selecting **Authenticated guests only**, sharing externally is strictly limited to those guests who authenticate. This option is best for sharing sensitive or proprietary information because it requires guests to verify their identity before they can access the file or folder. Authenticated guests can share with another authenticated guest, but can't forward these links.
SharePoint Configure Server To Server Authentication https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/hybrid/configure-server-to-server-authentication.md
The script must be run on a server where SharePoint On-Premises is installed (20
5. After script execution, users will not see any changes when this change is implemented.
+#### Step 8 (Only required for SharePoint Server 2013): Give New App Principal QueryAsUserIgnoreAppPrincipal permission
+<a name="step10"> </a>
+SharePoint Server 2013 needs a hidden constraint in every federated query. The reverse proxy returns the documents indexed in the reverse proxy site itself, not the internal on-premise search site as expected. To avoid this, you need to execute the following steps in your SharePoint Server 2013 admin site:
+
+1. Go to <CentralAdminURL>/_layouts/appinv.aspx and Search for **c3959f3a-5ad4-4d2b-b1f0-bc70f9a5d0a1**, where you should find **Greenland Federated Search Bot Skill**.
+
+2. If there are items in the App Domain field, leave them be, and if it is empty, use localhost.
+
+3. In the Redirect URL, use https://localhost.
+
+4. In the Permission Request XML field, paste the following XML excerpt:
+
+ ```xml
+<AppPermissionRequests>
+<AppPermissionRequest Scope="http://sharepoint/search" Right="QueryAsUserIgnoreAppPrincipal" />
+</AppPermissionRequests>
+ ```
+5. The configuration page should appear similar to the following screenshot. Finally, select **Create**.
+
+![Give QueryAsUserIgnoreAppPrincipal permission to app](../media/QueryAsUserIgnoreAppPrincipal.png)
+
## Validation and next steps <a name="next"> </a>