M365 Cross-Cloud and Cross-Tenant Collaboration
Not everyone can be on the same cloud. This expectation is akin to expecting everyone to be on the same cable provider. As more users board government clouds such as GCC (Government commercial cloud service), DoD, and GCC High, they need to collaborate with clouds, regardless of the cloud they use. Today, we have multiple enabled cross-cloud scenarios and more on the way.
How to Have a One-on-One Cross-Cloud Team Chat and Voice Calls
You can now start a one-on-one chat with a user from another cloud. To your list of external and accepted domains, add this cross-cloud domain. External access allows external team users to communicate with other people using Skype (Preview). They also enable on-premises and online Skype for Business.
Guest access is an option when you want people outside your organization to access your channels and teams. You can use external access in these situations:
- If you have external user domains in need of collaboration
- If you need others in your organization to use teams for contacting people in specified businesses outside your company.
- You want other team users globally to find and connect with you via your email address.
By default, teams turn on external access, which allows your organization to communicate with any external domain. The rule of thumb is that if you add any blocked domain, every other domain will have access, and if you add the allowed domains, it blocks the rest of the domains. The exception to this rule of thumb is if any anonymous users get permission to attend meetings.
Cross-Cloud File Sharing Using One-Time Passcode (OTP)
M365’s external sharing allows your staff to collaborate with customers or other people who do not have accounts. You can easily share sites, teams, or single files with people outside your company.
You can easily share one or many files with a different cloud user, making it possible for them to make changes in the file if you enable editing permissions. You must first allow external sharing for ODfB (OneDrive for Business) and SPO (SharePoint Online). However, taking precautions is necessary to secure your sensitive data.
Multi-factor authentication minimizes any chances of account compromise. The risk of compromise may stem from guests using their email accounts that may not be very secure. A multi-factor authentication such as a one-time passcode (OTP) becomes very crucial.
If the guests’ usernames and passwords get into the wrong hands, the use of an OTP reduces any chances of unauthorized access to your files or sites.
You can use some other measures to protect your files, such as:
Setting Up Guest Access Reviews
The access review set up automates a review of the users’ access to groups and teams. With this access review, you ensure the guests can only view your files for a stipulated period. Your guests can no longer access your data until you review it and give them continued access.
Setting Up a Web-Only Access For Your Guests
Minimize how much attackers can access and make administration easier by asking the guests to access sites, files, and teams via a web browser. For M365, Teams, and Groups, you can do this via a conditional access policy in Azure AD.
Configure A Session Timeout For Guests
When you require guests to authenticate regularly, you reduce the chances of malicious actors’ access to your files via an insecure device. Configuring a timeout session allows the session to time out and requires the user to request access every time the session expires.
Creating Sensitive Information Types For Sensitive Projects
You can use sensitive information types for ensuring the meeting of compliance reports. The M365 Compliance Center contains more than a hundred sensitive information types: bank account and credit card numbers, driver’s license and social security numbers, etc. Customize sensitive information types specific to your company.
Creating an Auto Labeling Policy for Sensitivity Labels
If you use sensitivity labels, you can auto- label files with pre-defined sensitive information.
Creating Data Loss Prevention Policies
Use Data Prevention Policies (DLP) to prevent unwanted guests from sharing sensitive files. DLP acts according to files’ sensitivity and eliminates guest access.
Cross-Cloud Anonymous Meeting Join and Calendar Free-Busy Sharing
Free/ busy information sharing is vital in cross-cloud meeting collaborations. Anonymous meeting Join enables other users from different clouds to join meetings.
When users attend an Office 365 GCC High meeting from Office 365 Commercial, they receive a message asking them to copy and paste the meeting’s URL into a browser and continue with the meeting.
When GSS High users attend a DoD meeting or commercial users go to DoD, they do not receive this message. You must ask the users to join the cross-cloud meetings via their browser. By early 2022, it might be possible to have an anonymous joint experience with zero hassles from and to all the different clouds.
An organization can invite users from different tenants into their teams to allow collaboration, file sharing, coauthoring, sharing, channel meetings, and recording meetings. A pre-requisite for this is enabling Sharing with Guests and Guest Access.
Anyone can join a meeting anonymously by clicking a link to their meeting invitation. You can control the ability to join anonymously either per organizer meeting or at an organizational level.
M365 Cross-Cloud and Cross-Tenant Collaboration work for organizations that need to share files with users in other clouds. Guests can attend meetings anonymously, and you can control the type of access they get into your groups and teams and for how long.
M365 allows you to gain more control over your data and prevent hacking by providing OTPs and enforcing timeout sessions.
At Kraft Technology Group, we are trendsetters in Microsoft technologies for private and public sector organizations. Our track record for assisting businesses to become more efficient with network support, managed IT services and top-tier computer services speaks for itself. Contact us to schedule a call, book a meeting, or an open service request.