| Service | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| SharePoint | Change External Sharing Site | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/change-external-sharing-site.md | description: Learn how Global and SharePoint Administrators can change site-leve You must be a Global Administrator or SharePoint Administrator in Microsoft 365 to change the sharing settings for a site. Site owners aren't allowed to change these settings. -The steps in this article apply to team sites, communication sites, and classic sites. To learn how to change the external sharing setting for a user's OneDrive, see [Change the external sharing setting for a user's OneDrive](user-external-sharing-settings.md). For info about changing your organization-level settings, see [Manage sharing settings](turn-external-sharing-on-or-off.md). +The steps in this article apply to team sites, communication sites, and classic sites. To learn how to change the external sharing setting for a user's OneDrive, see [Change the external sharing setting for a user's OneDrive](user-external-sharing-settings.md). For info about changing your organization-level settings, see [Manage sharing settings](turn-external-sharing-on-or-off.md). Note that guest sharing settings for Microsoft 365 Groups and Teams affect connected SharePoint sites. For detailed information about how to set up guest access for a site, see [Collaborate with guests in a site](/Office365/Enterprise/collaborate-in-a-site). |
| SharePoint | Restricted Access Control | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/restricted-access-control.md | Previously updated : 07/19/2023 Last updated : 07/31/2023 Title: "Restrict SharePoint site access" To access and use this feature, your organization must: - Subscribe to Microsoft Syntex - SharePoint Advanced Management. - Enable restricted access control for your organization in SharePoint admin center:- 1. Expand **Policies** and select **Access control**. - 2. Select **Site access restriction**. - 3. Select **Allow access restriction** box to manage restricted access control for the site. + 1. Expand **Policies** and select **Access control**. + 2. Select **Site access restriction**. + 3. Select **Allow access restriction** box. ++Now you can manage restricted access control for SharePoint sites from the SharePoint admin center. :::image type="content" source="media/rac-spac/1-RAC-SPAC-dashboard.png" alt-text="screenshot of restricted access control in sharepoint admin center dashboard." lightbox="media/rac-spac/1-RAC-SPAC-dashboard.png"::: ### Teams and Microsoft 365 group-connected site (SharePoint admin center) -You can enable restricted access control for your group-connected or Teams-connected sites using Microsoft 365 group membership. Members of the Microsoft 365 group connected to the site are granted access to the site and its content. Users who aren't members of the Microsoft 365 group can't access the site and its content. +You can enable restricted access control for your group-connected or Teams-connected sites using Microsoft 365 group membership. Members of the Microsoft 365 group connected to the site are granted access to the site and its content. Users who aren't members of the Microsoft 365 group can't access the site and its content. :::image type="content" source="media/rac-spac/teams-M365-connected-sites/2-RAC-SPAC-Teams-M365-connected-sites.png" alt-text="screenshot of restricted site access on group-connected sites." lightbox="media/rac-spac/teams-m365-connected-sites/2-RAC-SPAC-Teams-M365-connected-sites.png"::: #### Enable restricted access control for group-connected sites using SharePoint admin center +To enable restricted access control for a group-connected site: + 1. Go to SharePoint admin center, expand **Sites** and select **Active sites**. 2. Select the site you want to manage and the site details panel appears. 3. In **Settings** tab, select **Edit** in the **Restricted site access** section. To remove restricted access control policy from a group-connected or Teams-conne 4. Deselect the **Restrict access to this site** box. 5. Select **Save**. +Restricted access control is disabled for the site. + ### Sites not connected to Teams or Microsoft 365 groups (SharePoint admin center) With restricted access control, you can restrict site access to members of specified Azure AD security groups. Users who aren't members of the specified security groups can't open the site or its content even if they previously had site access permissions. You can apply restricted access control on a site with up to 10 security groups. Dynamic membership of security groups is also supported for restricted access control policy. To apply restricted access control policy to a non-group connected site: 3. In **Settings** tab, select **Edit** in the **Restricted site access** section. 4. Enter the security group you want to add in the **Add security group** field and select **Save**. -> [!NOTE] -> For restricted access control to be enforced on the site, you must add at least one security group. -> -> You can add up to 10 security groups for a given site. -> -> All users in the security group will automatically have access to the site. +For restricted access control to be enforced on the site, you must add at least one security group. You can add up to 10 security groups for a given site. All users in the security group will automatically have access to the site. :::image type="content" source="media/rac-spac/non-group-connected-sites/3-RAC-SPAC-Teams-non-group-connected-sites-enabled.png" alt-text="screenshot on how to enable rac on non-group connected site." lightbox="media/rac-spac/teams-m365-connected-sites/3-RAC-SPAC-Teams-M365-connected-sites-enabled.png"::: :::image type="content" source="media/rac-spac/non-group-connected-sites/4-RAC-SPAC-non-group-connected-sites-enabled-added-security-groups.png" alt-text="screenshot showing restricted access control security groups being added to non-group connected sites." lightbox="media/rac-spac/non-group-connected-sites/3-RAC-SPAC-Teams-non-group-connected-sites-enabled.png"::: -#### Remove restricted access control security groups from a non-group site using SharePoint admin center +#### Remove security groups from a non-group site using SharePoint admin center -To remove restricted access control security group from non-group site: +To remove restricted access control security groups from a non-group site: 1. In SharePoint admin center, expand **Sites** and select **Active sites**. 2. Select the site you want to manage and the site details panel appears. To remove restricted access control policy from a non-group connected site: 4. Deselect the **Restrict SharePoint site access to only users in specified security groups** box. 5. Select **Save**. -> [!NOTE] -> The security groups added for this setting are also added to the ***SharePoint members group*** for the site. When disabling the setting, it is recommended to review site permissions and remove users who no longer need access to the site. +The security groups added to this setting are also added to the ***SharePoint members group*** for the site. When disabling the setting, it is recommended to review site permissions and remove users who no longer need access to the site. ## Shared channel sites |
| SharePoint | Teams Connected Sites | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/teams-connected-sites.md | Previously updated : 10/07/2019 Last updated : 07/28/2023 Title: Teams and SharePoint integration ---+++ recommendations: true audience: Admin f1.keywords: description: "Learn how Microsoft Teams is integrated with SharePoint and how th # Overview of Teams and SharePoint integration -In this article, learn about how Teams and SharePoint work together. +In this article, learn about how Teams and SharePoint work together. ## The basic parts of Teams and SharePoint -These are the basic parts of Teams and SharePoint and how they relate to each other: +Here are the basic parts of Teams and SharePoint and how they relate to each other: - **Teams** - Teams is a collaboration tool where you can chat with other people about a particular subject or task. Each team is connected to other tools that you can use to collaborate with others. - **SharePoint** - SharePoint is a tool for creating web sites, publishing content, and storing files. -- **SharePoint site** - A SharePoint site is a web site in SharePoint where you can create web pages and store and collaborate on files. SharePoint sites can be used independently and are also used by Teams for file storage (these are called *Teams-connected sites*). A Teams-connected site is created automatically whenever you create a team.+- **SharePoint site** - A SharePoint site is a web site in SharePoint where you can create web pages and store and collaborate on files. SharePoint sites can be used independently and are also used by Teams for file storage (called *Teams-connected sites*). A Teams-connected site is created automatically whenever you create a team. - **Team** - A team is a place in Teams where you can invite others to collaborate. Each team is connected to one or more SharePoint sites. These sites are where the team's files are stored. - **Channel** - A channel is a location in a team where you can collaborate with others on a specific thing. A team can have multiple channels for different purposes. For example, you might have a team for marketing with different channels for different products or events. There are three types of channels in Teams: *standard*, *private*, and *shared*. -- **Standard channel** - A standard channel is a channel that all members of a team have access to. Each team comes with a standard channel called "General." Team owners and members can add additional standard channels. It always shows up first in a team's list of channels, and it can't be deleted (every team must have at least one channel). +- **Standard channel** - A standard channel is a channel that all members of a team have access to. Each team comes with a standard channel called "General." Team owners and members can add additional standard channels. It always shows up first in a team's list of channels, and it can't be deleted (every team must have at least one channel). -- **[Private channel](/MicrosoftTeams/private-channels)** - A private channel is a channel that only some of the team's members have access to. It is used for private conversations and collaboration. Each private channel has its own SharePoint site for file storage. Only members of the private channel can access this site.+- **[Private channel](/MicrosoftTeams/private-channels)** - A private channel is a channel that only some of the team's members have access to. It's used for private conversations and collaboration. Each private channel has its own SharePoint site for file storage. Only members of the private channel can access this site. -- **[Shared channels](/MicrosoftTeams/shared-channels)** - A shared channel is a channel that you can add anyone to, even if they're not a member of the team. It is used for broader collaboration with people outside the team. Each shared channel has its own SharePoint site for file storage. Only members of the shared channel can access this site.+- **[Shared channels](/MicrosoftTeams/shared-channels)** - A shared channel is a channel that you can add anyone to, even if they're not a member of the team. It's used for broader collaboration with people outside the team. Each shared channel has its own SharePoint site for file storage. Only members of the shared channel can access this site. - **Parent site** - The SharePoint site that is created when you create the team. This site is used for file storage for all standard channels. All team owners and members have access to this site. - **Channel site** - The SharePoint site that is created when you create a private or shared channel in a team. Only owners and members of the private or shared channel have access to this site. -- **Public team** - A public team is a team that anyone in the organization can join. Public teams do not require a team owner to invite someone to the team.+- **Public team** - A public team is a team that anyone in the organization can join. Public teams don't require a team owner to invite someone to the team. - **Private team** - A private team is a team that a person can only join when invited by a team owner. Both public teams and private teams offer the same channel types - standard, private, and shared. Teams and SharePoint are connected in the following scenarios: - When you add Teams to an existing SharePoint site, that site is connected to the new team. - When you create a new private or shared channel, a new SharePoint site is created and connected to that channel. -In Teams, the Files tab on each standard channel is connected to a folder in the parent site's default document library. The Files tab on each private and shared channel is connected to the default document library in the corresponding channel site. Whenever you add or update a file on the Files tab, you are accessing the SharePoint site. +In Teams, the Files tab on each standard channel is connected to a folder in the parent site's default document library. The Files tab on each private and shared channel is connected to the default document library in the corresponding channel site. Whenever you add or update a file on the Files tab, you're accessing the SharePoint site. ## Example of a team with multiple channel types The standard channels display as folders in the parent site. The private channel ## Teams-connected sites and channel types -Teams-connected sites are a specialized type of SharePoint site that's been optimized for a Teams connection. These include the parent site that is created when you create the team, and any channel sites that are created when you create a private or shared channel. +Teams-connected sites are a specialized type of SharePoint site that's been optimized for a Teams connection. This includes the parent site that is created when you create the team, and any channel sites that are created when you create a private or shared channel. This table describes how site, file, and folder sharing work for each type of channel in Teams. |Channel type|SharePoint site|Site sharing|File and folder sharing| |:--|:--|:--|:-|-|Standard|One SharePoint site is shared by all standard channels. There is a separate folder for each channel.|Team owners and members are automatically included in the site owners and members permission groups. Sharing the site separately is possible but managing access through Teams is recommended for easiest user management and the best user experience.|Files and folders can be shared with anyone in the organization by using sharable links. If guest sharing is enabled, *Anyone* and *Specific people* links can be used to share with people outside the organization.| +|Standard|One SharePoint site is shared by all standard channels. There's a separate folder for each channel.|Team owners and members are automatically included in the site owners and members permission groups. Sharing the site separately is possible but managing access through Teams is recommended for easiest user management and the best user experience.|Files and folders can be shared with anyone in the organization by using sharable links. If guest sharing is enabled, *Anyone* and *Specific people* links can be used to share with people outside the organization.| |Private|Each private channel has its own SharePoint site.|Channel owners and members are automatically included in the site owners and members permission groups. The site can't be shared separately.|Files and folders can be shared with anyone in the organization by using sharable links. If guest sharing is enabled, *Anyone* and *Specific people* links can be used to share with people outside the organization.|-|Shared|Each shared channel has its own SharePoint site.|Team owners and members are automatically included in the site owners and members group. The site can't be shared separately.|Files and folders can be shared with anyone in the organization and external participants in the channel by using sharable links. Sharing with people outside the organization who are not channel members is not supported.| +|Shared|Each shared channel has its own SharePoint site.|Team owners and members are automatically included in the site owners and members group. The site can't be shared separately.|Files and folders can be shared with anyone in the organization and external participants in the channel by using sharable links. Sharing with people outside the organization who aren't channel members isn't supported.| ## Where to manage Teams and SharePoint settings Teams-connected sites are managed differently than the typical SharePoint site. [Manage teams policies in Teams](/MicrosoftTeams/teams-policies) [Manage team settings and permissions in Teams](https://support.microsoft.com/office/ce053b04-1b8e-4796-baa8-90dc427b3acc)- |
| SharePoint | Turn External Sharing On Or Off | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/turn-external-sharing-on-or-off.md | This video shows how the settings on the <a href="https://go.microsoft.com/fwlin 2. Under **External sharing**, specify your sharing level for SharePoint and OneDrive. The default level for both is **Anyone**. > [!NOTE]- > The SharePoint setting applies to all site types, including those connected to Microsoft 365 groups and teams. + > The SharePoint setting applies to all site types, including those connected to Microsoft 365 groups and teams. Groups and Teams guest sharing settings also affect connected SharePoint sites. > > The OneDrive setting can be more restrictive than the SharePoint setting, but not more permissive. |
| SharePoint | Amsi Protection May Not Be Working | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/technical-reference/amsi-protection-may-not-be-working.md | + + Title: "Antimalware Scan Interface (AMSI) protection may not be working (SharePoint Server)" +++ Last updated : 7/31/2023+audience: ITPro +f1.keywords: +- NOCSH +++ms.localizationpriority: medium ++- IT_Sharepoint_Server +- IT_Sharepoint_Server_Top +description: "Learn what to do, if AMSI protection isn't working." +++# Antimalware Scan Interface (AMSI) protection may not be working (SharePoint Server) +++**Rule Name:** Antimalware Scan Interface (AMSI) protection may not be working. ++**Summary:** Antimalware Scan Interface (AMSI) protection is enabled for one or more web applications in the SharePoint farm. However, SharePoint didn't receive the expected response from the antimalware scan engine when verifying that this protection is working. Web applications may not be protected on the servers listed in the Failing Servers section of this health analyzer report. ++**Cause:** AMSI running prerequisites aren't met, or the real-time protection service of the antimalware scan engine isn't enabled. ++**Resolution: Ensure the prerequisites to activate AMSI** ++For example, AMSI would only work on Windows Server 2016 or higher. For more information on other prerequisites, see [Prerequisites](/sharepoint/security-for-sharepoint-server/configure-amsi-integration#prerequisites) or you can [deactivate](/sharepoint/security-for-sharepoint-server/configure-amsi-integration#activatedeactivate-amsi-for-sharepoint-server) AMSI for SharePoint Server to turn off this health rule alarm. ++**Resolution: Enable the real-time protection service** ++Ensure that real-time protection is enabled on every server listed in the Failing Servers section of this health report. Do this if you're using Microsoft Defender as your antimalware scan engine. ++ 1. Select the Start button. + + 2. Select Settings. + + 3. Select Update & Security. + + 4. Select Windows Security. + + 5. Select Virus & protection settings. + + 6. Select Manage settings. + + 7. Ensure Real-time protection is set to On. ++If you're using an antimalware scan engine other than Microsoft Defender, refer to its documentation to ensure that real-time protection is enabled. |
| SharePoint | Sharepoint Health Analyzer Rules Reference | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/technical-reference/sharepoint-health-analyzer-rules-reference.md | The following Health Analyzer rules relate to security in SharePoint Server: - [The server farm account should not be used for other services (SharePoint Server)](the-server-farm-account-should-not-be-used-for-other-services.md) - [The unattended Service Account Application ID is not specified or has an invalid value (SharePoint Server)](the-unattended-service-account-application-id-is-not-specified-or-has-an-invalid.md)++- [Antimalware Scan Interface (AMSI) protection may not be working (SharePoint Server)](amsi-protection-may-not-be-working.md) ## Performance |