Do you need to see what has been shared with external users in your SharePoint Online site but having trouble seeing how? A while back, a Shared with external users section was added to the Site Usage page (accessed via the Site Contents page command bar, or from the settings gear).
That section is interesting in that it lists the objects within the current site which have been shared with external users – useful to know! But as you can see, it’s pretty limited information: it only shows which objects have been shared, not with whom.
But now, Microsoft has added a Run report link just below the section header, so you can export the data to a CSV file, which contains more details. This feature is rolling out now, so it might not be available in your tenant yet.
Here’s a first look at how it works.
When you click on Run report, you’ll be prompted for a folder within the Documents library of this SharePoint site in which to save the file. You can create a new folder, but it must be in this document library.
The CSV file will be saved to the folder you specified, with a filename of [SiteName]_yyyy-MM-dd-hh-mm-ss_0.csv. You’ll also receive an email letting you know the report is ready – in case it takes some time to produce.
Opening the file will give you a lot more details about the externally shared items, such as the permission level granted to an external user, groups whose members include external users, the external user’s name and email address, and any sharing links involved.
See the Microsoft documentation for further information on the new Sharing Report. A similar report is also now (or soon) available for OneDrive – under OneDrive Settings > More Settings > Run Sharing Report.
DeliverPoint reports on external users
The new sharing report is pretty useful, but let’s see what additional information you can get with the Lightning Tools DeliverPoint client-side web part…
Filter Discover Permissions on the site
For a quick report on the current site, just click on the DeliverPoint icon in the upper right corner of any page, and Discover Permissions. We’ll use the Advanced option here, to pre-filter for external users.
Selecting Discover Permissions (Advanced) brings up a dialog which allows you to specify a filter and additional reporting criteria, as shown below. You can leave the filter blank to view all users, but if you only want to view external users, you can filter where the User Name is Like EXT because all external user accounts are created with EXT between their email address and your domain. You will also want to select to report on any unique subsites, lists, and items (which includes folders).
Running this on the same site as the report shown above, generates the following view in a dialog. No need to save it to a SharePoint folder and then open it in Excel.
A few differences to note:
- There’s another external user listed here (HotmailSandy) who didn’t appear at all on the SharePoint Sharing Report. This is because that account only gained access by being a member of the Lightning Tools Members SharePoint group. Kind of a critical issue if this is exactly the information you’re looking for.
- Similarly, the LTSandy account has not only the Read permission to one item which was reported by the SharePoint Sharing Report, but also Edit permission due to being a member of the Lightning Tools Members group.
- In addition, the external LTSandy account is also a member of the “Thinkers” AD Security group, which has Contribute access to a document. There’s no way to know from within SharePoint itself who is in that AD Security Group, though the new SharePoint Sharing report does at least show you that group name, to indicate there’s an external user in there somewhere. But with DeliverPoint, it’s easy to see who is in your AD groups, whether they’re internal or external.
Discover Permissions for external users on any scope
But what if you want to see what has been shared with external users in multiple locations? With the new SharePoint Sharing report, you’ll need to visit each site’s Usage page, run and save the report, and open it in Excel. With DeliverPoint, you can add a web part to any page, and report on permissions within all sites where you have the rights to do so!
Simply add a DeliverPoint web part to a page…
Select any number of sites, lists, and libraries from the treeview, and run an Advanced Discover Permissions report in the same way we described above. And of course you can export any DeliverPoint report to CSV if you wish to do that, and save it wherever you like.
There you have it – a quick way to report on permissions granted to external users throughout your SharePoint Online tenant, for as large or small a scope as you like.
Try DeliverPoint in your tenant free for 30 days, and experience the confidence of knowing who has access to your content.