Section 1: Prerequisites
- You must have at least Edit permissions on the folder you wish to share.
- The recipient only needs a valid email address; no Microsoft account is required beforehand.
Section 2: How to Share a Folder with an External User
|
|
Data Stewardship Reminder
Before sharing any folder externally, consider what data it contains. Under RCCD Board Policy 3040 and the Family Educational Rights and Privacy Act (FERPA), no District representative may disclose student records or personally identifiable information to unauthorized parties. Access to protected data is limited to those with a legitimate educational or administrative interest. Do not share folders containing student records, employee PII, financial data, or other sensitive District information with external parties unless you have confirmed a lawful basis and appropriate approvals. When in doubt, contact your supervisor before proceeding.
|
- Navigate to the folder, click on the ellipsis > Share.
- Change the link type from “Anyone with the link” to Specific people, then set the permission level.
- Enter the recipient’s email address and click Send. They will receive an invitation email with a link.
Always use Specific people rather than Anyone with the link; the latter creates an unauthenticated, freely forwardable link with no audit trail.
Section 3: Permission Levels
Choose the least-permissive level that satisfies the business need:
|
Capability
|
View Only
|
Can Edit
|
View (No Download)
|
|
Can View Files
|
✓
|
✓
|
✓
|
|
Can Download Files
|
✓
|
✓
|
x
|
|
Can Edit Files
|
x
|
✓
|
x
|
|
Can Upload / Add Files
|
x
|
x
|
x
|
|
Can Delete Files
|
x
|
x
|
x
|
|
Can Share with Others
|
x
|
x
|
x
|
|
Can Manage Permissions
|
x
|
x
|
x
|
Section 4: External User Login Flow
After clicking the invitation link, the authentication method depends on the recipient’s account type:
|
User Type
|
Login Method
|
Notes
|
|
Work / School (Microsoft 365)
|
Signs in with their M365 credentials at login.microsoftonline.com.
|
Seamless; access logged under full account identity.
|
|
Personal Microsoft account (Outlook, Hotmail, Live)
|
Signs in at login.live.com.
|
Email must match the invited address exactly.
|
|
Non-Microsoft email (Gmail, Yahoo, etc.)
|
Microsoft emails a one-time passcode (OTP) to the invited address.
|
No Microsoft account needed. Code valid for 30 minutes.
|
Section 5: Removing External Access
|
|
Data Stewardship Reminder
RCCD BP 3040 and FERPA require that access to student records and protected District data be limited to those with an active, legitimate need. Retaining external access beyond the period of need is a compliance risk. Promptly revoking access when a project, engagement, or authorization ends is part of your responsibility as a steward of District data.
|
Remove a Sharing Link
- Navigate to the folder > click ellipsis > Manage access.
- In the Links section, find the link for the external user and click X (Remove).
- Confirm. The link is immediately invalidated; any subsequent use returns “Access denied.”
Verify Removal
- Reopen Manage access and confirm the link or user no longer appears.
Section 6: Best Practices
- Grant the minimum permission level needed (prefer View Only over Can Edit).
- Never share folders with sensitive or regulated data externally without manager approval.
- Audit externally shared folder & files periodically
- Revoke access immediately when the business need ends.