External Access Management
Using Native Microsoft 365 for External Sharing vs Extranet User Manager
Microsoft 365 excels in supporting secure internal collaboration, it also enables secure access to users (guests) that are outside of your organisation.
Let’s say you want to give business partners secure access to a SharePoint extranet, start subletting your office space, or offer partners specific training courses hosted in your company eLearning platform….
Whilst it’s technically possible to manage external access to internal applications and services using Entra ID, we think your IT team wouldn’t thank you – especially if there’s hundreds or even thousands of people that might need access.
This is where Extranet User Manager can help:
Extranet User Manager (EUM) allows organisations to delegate the overhead of managing user access and membership to the relevant business stakeholders but keep security management firmly under the control of your IT team.
For instance, using EUM, Business Partner Managers can handle the invitation and approvals process for, say, access to a partner project area in Microsoft Teams, while your IT team can be confident they have overseen the necessary security measures.
EUM also lets you design the optimal end user experience and workflows for invitations, subscription requests, and a branded front end to your shared services.
For example, you could:
- Email an invitation to join a ‘users group’ or access a service to a list of people in a CRM
- Allow users already authenticated in their own (defined) Microsoft tenant to access a service
- Support one-time passcodes for users logging in with their own email address
- Create a fully branded portal for the services you want to offer.
Here’s a side-by-side comparison of using native Microsoft capability to provide shared services versus using EUM:
|Native Microsoft 365/Entra ID||Extranet User Manager|
|Governance restricted to IT personnel. |
Only those with Azure Portal privileges can provision access, view external user activity & troubleshoot sign-in/access issues.
|Governance can be delegated to service owners & business managers. |
Empowers non-IT users to provide access easily and securely to selected services & resources.
|Best for one-off sharing. |
Configured manually for each user, time-consuming and onerous.
|Easily share with hundreds-thousands.|
Makes it easy to manage external access at scale, and with a diverse community.
|No onboarding workflows. |
Onboarding workflows are not supported for external users.
|Custom onboarding & registration. |
Supports self-registration, direct invite, and bespoke onboarding flows.
|Shareable links needed for external sharing. External users can only access files via shared SharePoint links or OneDrive.||Intuitive file sharing and collaboration. |
Create a user-friendly portal for sharing files – ideal for user groups, committees, etc.
|Limited custom branding abilities. |
Changing the look of your Microsoft sign-in page is limited and user experience may vary (e.g., if guests authenticate using a personal Microsoft account).
|All pages fully customisable. |
Create a customised portal that reflects the brand of your company or service you are offering.
|Ecommerce integrations not natively supported.||Easily integrate with payment gateways. |
Unlock new revenue streams by assigning fees to the services you wish to offer.
|Email-based authentication.||Email and SMS-based login & authentication.|
Microsoft 365 is a great platform on which to build services and resources for your enterprise.
If you now want to start sharing selected services and resources with an external community of partners or clients, EUM lets you build on your investment and Entra ID security whilst:
- Removing the overhead of day-to-day membership management and customisations from the IT team, and
- Giving non-technical staff the tools and flexibility they need to service the communities they work with.