1
00:00:02,417 --> 00:00:04,734
We have seen the settings and I hope that

2
00:00:04,734 --> 00:00:07,547
by now you already start to imagine how

3
00:00:07,547 --> 00:00:09,767
you could configure those to find the

4
00:00:09,767 --> 00:00:12,476
right balance between security,

5
00:00:12,476 --> 00:00:15,672
compliance, and user productivity in your

6
00:00:15,672 --> 00:00:18,045
organization, which would be the best

7
00:00:18,045 --> 00:00:20,008
scenario, but let's take a look at what

8
00:00:20,008 --> 00:00:23,127
those settings could look like in two

9
00:00:23,127 --> 00:00:26,092
different scenarios that I have prepared

10
00:00:26,092 --> 00:00:28,748
for this course. First one, at

11
00:00:28,748 --> 00:00:31,205
Globomantics we want to allow every user

12
00:00:31,205 --> 00:00:33,516
that went through the required training to

13
00:00:33,516 --> 00:00:35,557
share externally with authenticated

14
00:00:35,557 --> 00:00:39,531
external users without any IT approval or

15
00:00:39,531 --> 00:00:43,268
involvement. So in this scenario, at the

16
00:00:43,268 --> 00:00:46,055
tenant level we could allow users to

17
00:00:46,055 --> 00:00:48,169
invite and share with authenticated

18
00:00:48,169 --> 00:00:51,149
external users, and we could only allow

19
00:00:51,149 --> 00:00:54,602
users in selected security groups to share

20
00:00:54,602 --> 00:00:57,383
with authenticated external users. This

21
00:00:57,383 --> 00:01:00,310
way we could really implement a system

22
00:01:00,310 --> 00:01:02,902
where they get added in that security

23
00:01:02,902 --> 00:01:05,592
group after they finish the training, and

24
00:01:05,592 --> 00:01:09,125
for this one, we wouldn't have any site

25
00:01:09,125 --> 00:01:12,600
collection specific settings. Let's take a

26
00:01:12,600 --> 00:01:15,309
look at another one. At Globomantics, we

27
00:01:15,309 --> 00:01:17,947
want to make sure that every department

28
00:01:17,947 --> 00:01:22,514
has the flexibility they need. We have a

29
00:01:22,514 --> 00:01:24,935
specific SharePoint site for each partner.

30
00:01:24,935 --> 00:01:28,921
SharePoint is also used for external

31
00:01:28,921 --> 00:01:32,128
collaboration, and we have a specific

32
00:01:32,128 --> 00:01:34,050
SharePoint site for each partner to which

33
00:01:34,050 --> 00:01:38,365
only that partner has access. Furthermore,

34
00:01:38,365 --> 00:01:40,797
marketing needs to be able to share

35
00:01:40,797 --> 00:01:42,839
documents without any authentication

36
00:01:42,839 --> 00:01:45,445
required, as well as add different

37
00:01:45,445 --> 00:01:48,734
contributors to this site without IT

38
00:01:48,734 --> 00:01:52,181
approval. So what can we do for this one?

39
00:01:52,181 --> 00:01:54,603
In this case, at the tenant level we would

40
00:01:54,603 --> 00:01:57,277
allow sharing to authenticated external

41
00:01:57,277 --> 00:02:02,274
users and anonymous access links. At the

42
00:02:02,274 --> 00:02:05,345
site collection, for the partner ones we

43
00:02:05,345 --> 00:02:09,016
would modify it to only allow access to

44
00:02:09,016 --> 00:02:11,820
authenticated external users, and we could

45
00:02:11,820 --> 00:02:14,860
also limit sharing by domain on each one

46
00:02:14,860 --> 00:02:17,463
of those sites. This way we make sure that

47
00:02:17,463 --> 00:02:24,000
only users from that specific partner can access that site.