Create an external partners facing extranet site in Office 365, where only site owners only can grant new users access to sites.
Creating a SharePoint Hybrid Extranet Site
Create an external partners facing extranet in Office 365 using the following steps.To create a Site Members only Extranet Site in Office 365
Sign into Office O365 as a Global or SharePoint Online admin.
Go to the SharePoint Admin Center.
On the Site Collections tab, select New.
Select Private Site Collection.
In the New Site Collection dialog box:
In the Title box, type a name for the site collection.
In the Web Site Address drop-down lists, select a domain name and a URL path—either /sites/ or /teams/—and then type a URL name for the site collection.
In the Template Selection section, in the Select a language drop-down list, choose a language for the site collection. It is important to select the appropriate language for the site collection, because once it is chosen, it cannot be changed. You can enable the SharePoint multiple language interface on your sites, but the primary language for the site collection will remain the one you select here.
In the Template Selection section, under Select a template, choose the template that most closely describes the purpose of your site collection. For example, if your site collection will be used for a team collaboration, choose Team Site.
In the Time Zone box, select the time zone that’s appropriate for the location of the site collection.
In the Administrator box, type the user name of your site collection administrator. You can also use the Check Names or Browse button to find a user to make site collection administrator.
In the Storage Quota box, type the number of megabytes (MB) you want to allocate to this site collection. Do not exceed the available amount that displayed next to the box.
In the Server Resource Quota box, type the amount of resources you want to allocate to the site collection. This number is a combination of performance metrics (such as processor time and unhandled exceptions) that pertain to code in sandbox solutions. When the level exceeds a daily quota, the sandbox is turned off for this site collection.
Select OK. The new site collection will appear in the URL list, and the site collection administrator can start to create and manage sites.
In the SharePoint Admin center, check the box next to your new site collection. From the ribbon, click Sharing.
In the Sharing dialog box, select Turn off sharing for non-members on all sites in this site collection. By selecting this option, allow only owners and site collection administrators will be able to invite new users to the site collection and all sites under it.
All other users will be restricted to share only with users existing in the site already and not allowed to invite new users to the site.
Notes: By selecting Turn off sharing for non-members on all sites in this site collection from the Sharing window, you are effectively changing the Access Request settings so that only site and group owners can invite new users to all the sites under that site collection.
The Access Request settings can be overridden by the site or group owner for any given site.
Make note of the URL and click Save.
Important: We recommend to NOT break inheritance of permissions in the sub-sites under a given root site. This ensures that the allow non-owners sharing setting is consistent across the root site and all sub-sites under that root site.
Adding users to your Extranet site
Site owner(s) can share with any internal organization users through people picker experience or add the users to Site Members group associated with that site.
Internal organization users
If you have existing partner user accounts in an on-premises directory, you can use Directory synchronization to mirror those accounts between your online and on-premises environments. For more info Integrate Office 365 with on-premises server products to create a hybrid environment .
To prepare your on-premises directory for directory synchronization, you can do this manually by following these steps Prepare to provision users through directory synchronization to Office 365 or by running the IDFix tool, Install and run the Office 365 IdFix tool.
Note: The IdFix tool only works with Active Directory.
You may also choose to add Cloud users, either by individually adding users via Office 365 or by using a CSV file. Options for adding users are discussed here: Add users to Office 365 for business.
After the External Sharing feature is enabled, site owners can send an invitation to an external user's email address. To learn more about invitation-based external user sharing, see Manage external sharing for your SharePoint Online environment. For partners facing sites: If you want to ensure users accept the invitations from the email was originally sent, it is recommended to turn on accepted is invited setting, to learn more about this setting, read Manage external user accounts and invitations.
It is recommended that partner organizations are also subscribed to Office 365 or Azure Active Directory for the best collaboration and seamless experience.
Controlling who can add users
You can configure your extranet site so that only site owners can add users to the site. This is done using the –DisableSharingForNonOwners parameter for the Set-SPOSiteWindows PowerShell cmdlet. For example:
Set-SpoSite –Identity <URL> –DisableSharingForNonOwners
where URL is the URL of the extranet site.
Warning: The –DisableSharingForNonOwners is a one-way switch and you cannot reenable sharing permissions for non-site owners.
Programmatically disable non-owners sharing
You can also disable non-owners sharing programmatically by using either CSOM or PowerShell.
CSOM. Use the Web.MembersCanShare property
PowerShell. Using the SET-SPOSite cmdlet, set the DisableSharingForNonOwners parameter.
Set-SPOSite -Identity <URL> -DisableSharingForNonOwners $true
Important: The above example also disables access requests.
Note: The new PowerShell parameters listed above are available in the current SharePoint Online Management Shell, which can be downloaded here: SharePoint Online Management Shell.
Managing your Extranet site
When you create an extranet site in Office 365, only members can see others in their site. Users cannot see any users, files, documents or functionality outside of their own site. Membership is restricted to invitation by you, with the process managed with on-boarding the external partner users OR use Office 365/SharePoint Online invitation model. users are authenticated by their login.
Auditing and Reporting of External Users
The Office 365 activity report in the Office 365 Compliance Center is used to view Office 365 user and admin activity within your company. The report can be filtered by date and user activity events to monitor SharePoint Online Extranet invitation status, who has sent invitations and who has accepted.
To monitor the status of your extranet account invitations, including who sent the invitation, requested it, and if it was accepted, revoked or expired, see Run the Office 365 activity report.
To create a report that shows who has been sent invitations to your Extranet site and who issued the invitation, set your report filters this way:
To create a report showing all file access activities for a external partner, set your event filters as follows:
Retiring an Extranet site
Once your need for the extranet site is over, it can simply be deleted. For more information, see Manage external sharing for your SharePoint Online environment.