Changes to sharing in OneDrive/SharePoint/Microsoft 365
On 5 December, the IT Office will implement some changes regarding permissions for externally shared files in OneDrive/SharePoint/Microsoft 365. This affects staff sharing files with external users.
The lowest security level will continue to require that external users also identify themselves with MFA via an emailed code or app - on the staff Portal you can find guides on how external users activate MFA to gain access to shared files.
It used to be possible to invite external users anonymously to individual files through a share link - this possibility will now disappear. Instead, authentication via code or app will be required. Existing external shares will need to be redone after December 5.
Time limit and level of authorization on externally shared files
A new setting will be a limit on the number of days that external users have access to a shared file. This will be set to 180 days. After 180 days, an external user must be invited again, if the need to access the file remains. We are making this change to raise awareness of security work and our data handling at KI. Without a set limit, any file once shared could in theory be accessed forever.
Another new security setting means that external users who have verified themselves through an emailed code must re-authenticate after 30 days. This is not required if the Microsoft Authenticator app has been used (see the link to the guide above).
After the update, the new default when sharing files will set the permission to "View". You must actively allow permission to edit if you want another user to be able to edit your shared file.
Preparations before the update
After this update, anyone who has shared individual files through an open sharing link with external users must share them again. Please prepare by making an inventory of your externally shared files before 5 December.