Cross-org Collaboration (B2B) in SharePoint Office 365 Hybrid world Sesha Mani Sesha.Mani@Microsoft.com
Contents What is cross-organization collaboration, business-to-business Current state in SharePoint On-premises Office 365 SharePoint Online B2B Scenarios How O365 SPO fits nicely in a Hybrid world Lots of demos Q&A
What is cross-org collaboration? (aka B2B Business-to-Business)
Cross-org Collaboration (B2B – Business-to-Business) “I need to collaborate with my partners, suppliers, vendors, and consultants from other Businesses/Orgs, i.e. outside of my Org Business, to grow our Business.” Your Org Business Suppliers Vendors Consultants Partners
Cross-org Collaboration – Typical today’s use cases External Partner Users’ Access Controlled Partnership Sites Sharing Governance Lifecycle of External Partner Users Auditing & Protection of Corporate Assets
Implementing Cross-org Collaboration in SharePoint On-premises requires Ph.D. in DMZ/Firewall/Security On-premises solution is feasible but complex Expensive & Resource Intensive Often SharePoint Customizations Required IWs use Tools not blessed by IT
On-premises B2B Cross-org Collab Scenarios Topology Peter partners with Melissa, a supplier melissa@fabrikam.com peter@contoso.com ADFS Contoso (on-premises) Federation trust ADFS Fabrikam (Partner) (on-premises) SharePoint On-premises Local Id Store (Partners) Active Directory AD Scenario#1 Customer manages local partner users External user: melissa@contosopartner.com Local users Local user: melissa@fabrikam.com Scenario#1.1 Customer manages partner federations
There is a better and governed and less expensive way to achieve cross-org collaboration (aka B2B Business-to-Business)
Office 365 SharePoint Online B2B Cross-Org Collaboration optionally, connect it to your SharePoint On-premises
O365 SharePoint Online B2B Cross-org Collaboration Simple Secure Connected Simple Configuration Simple Sharing Controls Simple Mobility Audit partners access Lifecycle at your control Protect corporate docs One Sites Tile for Hybrid sites Single hybrid search/delve On-premises isolated from external partner users
simple | secure | connected O365 SharePoint Online B2B – Value Props to your Business Microsoft Ignite 2015 9/14/2018 9:31 PM Expand your business partnerships with no concerns about expanding infrastructure $$$-Save massively on set up costs Collaborate with your partner organizations as if it were your own Uncompromising in experience and security Auditing, reporting and control that you always wanted Enable suite-wide capabilities for your partners, not just SharePoint/OneDrive, Power BI, simple | secure | connected partnerships Cost saving – setting up business-to-business collaboration configurations and maintaining them with elastic scale is a time and expensive operation. This is where our feature investment will help you save cost and at the same time achieve elastic scale as your business grows. Do more with your business Collaborate with your partner org users as if they are part of your org itself All this without any compromises to the experience and the security, also no need to create duplicate shadow accounts for those partner org users and hassle of multiple passwords. No barrier to business partnership. We had it in SharePoint on-premises, Exchange and Lync have it in Online, now we bring it all together at Suite wide in the online. One setting of a business partnership setup! IT always asks, I want to know which partner is accessing which document and being able to control it. You got it. Last but not least, often considered a ‘complex era of federation partnership’ is now only clicks away from you! © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
O365 SharePoint Online B2B Cross-org Collaboration Simple Secure Connected Simple Configuration Simple Sharing Controls Simple Mobility Audit partners access Lifecycle at your control Protect corporate docs One Sites Tile for Hybrid sites Single hybrid search/delve On-premises isolated from external partner users
O365 Business-to-Business (B2B) - Scenarios Topology Scenario#3: IT Admin manages Allow/Deny List Contoso (Customer) Azure AD Office 365 Adatum (Partner) Azure AD Office 365 (Optional) B2B Opt-in O365 melissa@adatum.com peter@contoso.com Scenario#1: User to user email invitations, IT allowed external sharing (Available today) Scenario#2: IT Admin enables Site-owners only sharing (Available today) Upcoming
O365 SharePoint Online B2B Cross-org Collaboration Simple Simple Configuration Opt-in for B2B External Sharing at the Site Collection & restrict Site-owners only sharing Opt-in B2B External Sharing at Tenant Level Configure Tenant-level Allow/Block List of Partner Domains Create a Site Collection for this specific partnership
SPO Tenant Admin Center Enable Tenant Level ‘External Sharing’ SPO Tenant Admin Center Enable Site Collection Level ‘External Sharing’ Disable non-owners to invite new users SPO Tenant Admin Center Enable ‘AllowList/DenyList’ at Tenant Level ‘External Sharing’
O365 SharePoint Online B2B Cross-org Collaboration Simple Simple Sharing Control Optionally, Peter can give Melissa other capabilities as OneDrives Peter@contoso, the site owner, invites Melissa@adatum.com, external partner user Melissa receives the invitation and signs-in with her Adatum AAD credentials Melissa can see only this partnership site and only users who already part of this site
SPO Sites/Docs IW Experience Peter@Contoso shares the site/doc with his partner by simply typing her email address, Melissa@adatum.com Note: Since he is site owner he can add users to the site but not others. Fabrikam.com is in Contoso’s AllowList. SPO Sites/Docs IW Experience melissa@adatum.com accesses the Contoso doc with her AAD Credentials and can only see this shared doc/site and nothing else. Peter may choose to give other capabilities (like OneDrive) to this B2B External user.
O365 SharePoint Online B2B Cross-org Collaboration Simple Simple Mobility Peter@contoso can access the docs in this site from anywhere and any devices Melissa@adatum can access the docs in this site from anywhere and any devices, in addition to her own Adatum Optionally, Melissa can add the OneDrive provided by Contoso to her Mobile Sync Client
DEMOs Simple Simple Configuration Simple Sharing Controls Simple Mobility
O365 Business-to-Business (B2B) - Scenarios Topology Scenario#3: IT Admin manages Allow/Deny List Contoso (Customer) Azure AD Office 365 Option-1: Get Partner to O365 Tenant Option-2: Create local accounts for these partners Option-3: Ask partners to use MSA as alternative O365 On-premises melissa@fabrikam.com peter@contoso.com Scenario#1: User to user email invitations, IT allowed external sharing (Available today) Scenario#2: IT Admin enables Site-owners only sharing (Available today) Fabrikam (Partner) (on-premises) AD Local user: melissa@fabrikam.com
O365 SharePoint Online B2B Cross-org Collaboration Simple Secure Connected Simple Configuration Simple Sharing Controls Simple Mobility Audit partners access Lifecycle at your control Protect corporate docs One Sites Tile for Hybrid sites Single hybrid search/delve On-premises isolated from external partner users
O365 SharePoint Online B2B Cross-org Collaboration Secure Audit partners access Audit all activities of external partner users Reports who invited whom and when for a given site etc., Programmatic Web Service to retrieve the Audit data https://msdn.microsoft.com/en-us/library/office/jj984325
Auditing & Reporting: Always on the know-how of who sends B2B Invitations to whom and when O365 Compliance Reports include an Auditing of Invitations and Access Requests specific events For Example: ‘Sharing invitation created’ event shown below indicates ‘who’ shared with ‘whom’ and ‘which’ site or document and ‘when’ they shared.
Auditing & Reporting: Always on the know-how of what activities your external business partner user did in your tenant O365 Compliance Reports include an Auditing of ‘All Activities’ for a given user in your tenant. For Example: ‘All activities’ event with filter of ‘sesha_contosoautomobiles_onmicrosoft_com…’ shows all the activities of this external user in your tenant for a given time period.
O365 SharePoint Online B2B Cross-org Collaboration Secure Lifecycle at your control Business partnerships ends? No problem, Archive the Site and Remove Access to All Optionally, delete the external B2B partner users whose contract ended Trust and Let partners take care of their users accounts in their own AAD
User Lifecycle: Business partnership ends User Lifecycle: Business partnership ends? Optionally, Delete the user from all accesses but keep the audit trail O365 Portal Admin Center – Select the external user and DELETE. (OR) Using Azure Active Directory PowerShell Module, programmatically Delete the external b2b user.
Let Partners Users use their own corp. credentials AAD to sign-in Scenario 3: Customer manages Allow/Block List Contoso (Customer) Azure AD Office 365 Adatum (Partner) Azure AD Office 365 (Optional) B2B Opt-in Scenario#1: User to user email invitations, IT allowed external sharing (Available today) Scenario#2: IT Admin enables Site-owners only sharing (Available today)
Optionally, take the hybrid approach with your existing local identity store for partner users Scenario: Customer manages Allow/Block List, Invitations, Restricted Sharing Contoso (Customer) Azure AD Office 365 Adatum (Partner) Azure AD Office 365 (Optional) B2B Opt-in Federation SSO trust Directory Sync ADFS ADFS Contoso (on-premises) Fabrikam (Partner) (on-premises) AD Local Id Store (Partners) Active Directory External user: melissa@contosopartner.com Local users Scenario: Customer manages local partner users Local user: melissa@fabrikam.com
O365 SharePoint Online B2B Cross-org Collaboration Secure Protect your corp docs External partner users restricted from sharing with new users RMS protect your Office documents through SharePoint Document Libraries Settings Info management settings allow one to retain docs in SPO Sites
Protect your doc libraries with SPO’s Information Management Settings Document Library>Settings>Information Management Policy Settings Document Library>Settings>Information Rights Management Configure document retention policies for x Years after creation date Choose actions like Move to Recycle Bin or Move to other location etc., Optionally, setup the recurring action Configure IRM policy to be applied for ALL users, internal/external Choose document access rights Optionally, enforce users to prompted for x time period
DEMOs Secure Audit partners access Lifecycle at your control Protect corporate docs
O365 SharePoint Online B2B Cross-org Collaboration Simple Secure Connected Simple Configuration Simple Sharing Controls Simple Mobility Audit partners access Lifecycle at your control Protect corporate docs One Sites Tile for Hybrid sites Single hybrid search/delve On-premises isolated from external partner users
O365 SharePoint Online B2B Cross-org Collaboration Hybrid Connected One Sites Tile for all Hybrid sites Partnership Managers/Participants can be made Hybrid users Partnership Managers can create SPO Sites and restrict to Site-owners only sharing Ability to do internal on-premises doc management and upload to SPO B2B site
One ‘Sites’ tab across Hybrid - Sites Features Microsoft Ignite 2015 One ‘Sites’ tab across Hybrid - Sites Features 9/14/2018 9:31 PM Following on-premises sites to cloud OneDrive All favorite sites in one ‘Sites’ tab/tile Start to use Cloud team sites too Low and medium business impact sites in cloud and tap onto elastic storage http://dev.office.com/patterns-and-practices Enable new sites creation in the Cloud while existing/HBI sites in on-premises. On-premises you already have team sites, however, there is business need to reduce the cost and leverage the Cloud power. Primarily start with LBI and MBI sites in the Cloud. Same set of IT governance and controlled access possible in the Cloud. Following on-premises sites will seamlessly show up in user’s OneDrive for Business in the cloud. From user point of view, transparent to where sites contents live. The suite navigation for Sites tab will take them to Cloud. It is quite common to have Site Provisioning app and also Self-Service site creation can be routed to the Cloud. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
O365 SharePoint Online B2B Cross-org Collaboration Hybrid Connected Single hybrid search/delve Partnership Managers/Participants experience the single relevance results Internal Partnership Managers/Participants empowered with hybrid experiences
O365 SharePoint Online B2B Cross-org Collaboration Hybrid Connected On-premises isolated from external partner users No DMZ or Firewall ports to open to give access to your B2B Site to external partner users Your on-premises is completely isolated from external partner users Not a requirement to manage external partner users in on-premises
DEMOs Hybrid Connected One Sites Tile for Hybrid sites Single hybrid search/delve On-premises isolated from external partner users
O365 SharePoint Online B2B Cross-org Collaboration Simple Secure Connected Simple Configuration Simple Sharing Controls Simple Mobility Audit partners access Lifecycle at your control Protect corporate docs One Sites Tile for Hybrid sites Single hybrid search/delve On-premises isolated from external partner users
Not only SharePoint: O365 B2B Empowers Rich Productivity for your Business Partners Skype Meet … SharePoint OneDrive Calendar Skype IM Delve BI Insights Office 365 B2B External B2B User Lifecycle O365 Compliance Reporting O365 Apps Azure Active Directory
Cross-org Collaboration use cases – Checked w/ SPO External Partner Users’ Access Controlled Partnership Sites Sharing Governance Checked Checked Lifecycle of External Partner Users Auditing & Protection of Corporate Assets Checked Checked
Implementing Cross-org Collaboration in SharePoint On-premises requires Ph.D. in DMZ/Firewall/Security On-premises solution is feasible but complex Expensive & Resource Intensive Often SharePoint Customizations Required IWs use Tools not blessed by IT
There is a better and governed and less expensive way to achieve cross-org collaboration (aka B2B Business-to-Business)
Office 365 SharePoint Online B2B Cross-Org Collaboration optionally, connect it to your SharePoint On-premises
Please use Event Board to fill out a session evaluation. Questions? Please use Event Board to fill out a session evaluation. Thank you!