Best Practices for Sharepoint Secure File Sharing with Clients

Question

Hi:
We've recently migrated to MS 365 and I'm looking for the best/proper way to leverage SharePoint to securely share files (typically PDF reports) with our customers. What I'd like is basically:

1) Each client has their own "folder" for their reports. Clients can only access their folders and have no other access to other clients' folders/reports nor any other part of our SharePoint site.
2) Each folder is automatically synced to a folder on our Windows 2016 on-premises server. As reports are created and added to those folders, they become available online to our respective clients
3) Our clients (i.e. their email addresses) may or may not be already registered/connected with MS 365. If they are not, what is the best practice for granting them access to their folder/reports, e.g. can we assign then a ******@ourdomain.com account/login for this purpose?

We have a relatively small number of clients (10-20) that will be utilizing this service, so some 'per-client' manual setup is acceptable, but we're looking to have the continuous operation after that be fully automated (we have the software to copy needed reports into specific server folders already in place).

FWIW, we're currently we're using a custom built web-service for this process, but we need to retire that ASAP as it's no longer up-to-snuff security wise, e.g. TLS 1.0.

We don't really need any collaboration, discussion, or other SharePoint features - we're basically just trying to create a relatively simple automated process to let clients access their reports over time. If there's a better way to do this besides SharePoint that's also viable at this point.

Thanks for any help and advice!

Answer 1

Hi @Jan Knut Tepper ,

1.You could share a folder so that the corresponding user only has access rights to the used folder. If a single user corresponds to a library, user permissions can be set for the library.
Share Folder:

Set Library Access: Settings->Library settings->Permissions for this document library-> Grant Permissions

2.The View in File Explorer command (in the modern SharePoint experience) is no longer recommended. Whether you're using Chrome, Microsoft Edge, or another browser, we recommend Sync. The Sync command is available just above your document library:

Sync uses the OneDrive sync app to create a more permanent folder that you can use on a daily basis. All content that you add to, edit, or remove from either the online SharePoint library or the desktop folder automatically syncs with the other location. The OneDrive for Business client can sync SharePoint libraries to your local computer, but since it's for individual users, not full team sites, it's recommended that you upload files in SharePoint and use with OneDrive sync.
Reference: Set up Sync for your library

3.For external users, they can be added as guest users in Active Directory.
M365 admin center: Azure Active Directory->Users->All users->New user->Invite user

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hi:
Thank you very much for this detailed answer. I tried following the basic steps, the issue I encountered at this point is that I cannot grant access to just one folder.

To explain further, I can grant access to the user (I created a new 'Test User' as per your instructions), but when I try to connect as that user (from a different PC) I get the message:
"You need permission to access this item. "

I'm guessing this is because even though the user has permission to the folder, they don't have permission to the SharePoint site that contains the folder. I can try to experiment, but I'm guessing if I have to add the user at the Sharepoint site level, they will by default have permission to all of the content / libraries / folders.

Maybe the best way to accomplish what we want is "hack" using OneDrive, which easily lets me share a single folder with specific user(s). This is really all we're trying to do here - I was hoping there was a relatively easy way to accomplish this using SharePoint.

Best,
Jan