How to control Customer’s SharePoint Extranet site?

There is a great need of sharing business content with company’s partner or a customer. On a day to day basis, Companies have large files that they want to share with the customers and partners, so either they can use Dropbox or a file sharing link or take control of their own content.

You can use SharePoint online extranet’s site to collaborate with your customers and partners in a controlled environment. Its just a game of permissions.

With the Office 365 Security and Compliance Centre, you can investigate, which content is being viewed by whom? and who is downloading what? This is called a Controlled environment that Office 365 provides. This works as a surveillance tool of your data monitoring, and you can get an audit report of user activities.


You want to share Documents with your customers’ in a controlled environment. You have Office 365 subscription, and you are using SharePoint online as your Content Management System.


1 – Create a fresh site collection. For test purpose name it as  “Test 20”

2 – Now, after the site collection is created, open the sharing properties of this new site collection. There will be a sharing button on the top of the page. Check the box beside this site collection and then click “Sharing”

You can then share this site collection with external users. External users are of two types:

1 – Authenticated (they have Office 365 OR Microsoft based IT systems in their organisation)

2 – Anonymous (Can be any one)

You can share the extranet with the external users who accept sharing invitations and sign in as an authenticated user. This means, that your customers and partners must have Office 365 or Microsoft on-premises solution as their core IT system (,,, else they cannot access your extranet site – unless you open the SharePoint site for Public (like a website) and share link with anyone.

You can then send a sharing invitation to them like you would share the site with your internal team mates.

Note: I tried with, the sharing doesn’t work any more.



3 –  Keep the “Default link type” and “Default link permission” settings default.



4 – Now this is really important from security point of view. You need to make sure, that users, only from your customer and partners domain, can access your extranet site. For example ABC is your customer and XYZ is your partner company, you want to send the invitations only to people with email addresses on these two domains and

If accidentally some one sends an invite to – it will be bounced back and give user an error. This is a Security Control that SharePoint Admins can implement.



5 –  For extra Security layer, SharePoint admins can deploy another control, which is giving sharing permissions. If you disable this, then only Site Owners can send a sharing invitation to a customer or a partner user. Usually the Business User is the Site Owner, which means, that if some one wants to add any customer user or send an invite – they would request the Business User , to add that customer user. Users with any other permission level would not be able send an invite, unless they are Site Owners.

This is one way setting, you cannot undo this.



6 –  Now click Save and all done.

7 – Site owner(s) can now share the Site, Library, List with the Users. Site Owners should be trained on SharePoint permissions, as they will be managing it on-going and not the SharePoint Site Collection Administrator.

If the site owner wants to deploy unique permissions on each Library or a list – then he/she needs to break the inheritance of each App (Library, List) and then give unique permissions.

If you have any question or comments, please share your feedback and the if you find it useful, please share it with others.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.