This is not only the sixth part of the OneDrive basics, we are now looking at Windows 10 for the third time, which I will write about here. If you’ve landed here today, feel free to read through the various episodes that started with OneDrive Basics 01. If you’re looking for technical details, you can also visit my blog; there are now 900 blog posts. Just subscribe.
Thanks also to everyone who contacted me in the different ways with various questions. And today?
Today is about the supreme discipline of synchronization
or Cross Tenant Synchronization
Actually, once the synchronization works, everything is quite simple. First you connect to OneDrive for Business and then you can navigate to the various SharePoint document libraries in the browser and trigger the further synchronizations.
In OneDrive Basics 05 I described the classic second tenant, which not only allows us to access certain SharePoint libraries for me, but also provides me with an additional OneDrive for Business for this organization. Where I have access, I can also synchronize, if not certain other security measures have been taken by the IT department.
The disadvantage of this is that the organization grants a license for a single user. Depending on the plan and the number of users, this is a considerable investment.
In chapter 10 of OneDrive basics 10 we will look at Microsoft Teams. AndTeams also work with external users. Once invited, the administrators will find the external users in Azure AD. This can quickly lead to a lot of entries in AD.
Exactly this principle of the external user we use for B2B synchronization. This is described in short form here, but you can also take a closer look and download the 171 page PDF. So nothing with a little click here and there, if you want to do it right!
Now, before you get started, let me describe the purpose of B2B Sync. As an example, I have chosen a hospital. Each hospital has its own laboratory where, for example, patients‘ blood is tested. But in Convid19 times the capacities are not always sufficient. Therefore hospitals resort to one or more external laboratories. For such sensitive patient data, of course, appropriate contracts have to be signed. And then it can start. We send an Excel list to the lab administrator, who processes it and names all employees with name and email address, who should get access. With Powershell, this list is now fed to the Azure-AD. An existing or new SharePoint library is also specified. The guests now receive a detailed message to establish a position of trust. Between the hospital and the laboratory. The trick is that the employees do not have to enter another password later. They log in as usual with their password of their own Tenant.
When a laboratory user then clicks on the hospital’s document library, he has access and can then synchronize it to his Device. On the hospital side, the internal laboratory users also have access, of course. In the example above you can see that each laboratory has been assigned its own library. This can also be a single library, and the external accesses are then separated by the folder structure.
Is a little more effort, for the hospital laboratory users, however, much easier to use.
Here are a few explanations for the following illustrations: the hospital is called HBsoft, the Labor Doering Consulting.
First the SharePoint document Library (Hospital) with the name Ignite2019-P-GER
the next figure shows the Windows Explorer (Hospital)
What’s important is here: The domain is displayed without logging on again. No new instance will be used, represented by a new cloud icon, the existing instance of the lab will be used.
The hospital administration retains full control
Lab Guest users can be locked out at any time
The hospital saves license costs
Local synchronisation allows data to be stored or edited in the simplest possible way.
New passwords are not necessary.
Of course you need additional security in this chosen scenario. This is very often solved simply but wrongly by the administrators. It is very easy to disable external access, but users always find a solution to send such documents to external users. With the right concept of IRM/RMS, sensitive labels, duplicate keys, etc., it is also possible to send sensitive data to users outside your organization. But the configuration is complicated and time consuming.
The hospital was just one example. Here is another example. And this can easily become complex depending on the size of the company:
Let’s go to Links to read in:
Only click on the English language links when you have time. There are more links in the respective descriptions… and if you want to try it, you need:
a second Office 365 environment. These are available free of charge from the developers.
A Hyper-V environment with Windows for a user of this environment
in their own Office 365 environment Global Admin rights (or the Guest Inviter’s Admin rights)
Company administrators should take the trouble to read the descriptions, try it out, and then it works with any supplier, agency or service company.
OneDrive Basics 01 (Server and Services)
OneDrive Basics 02 (Clients and Apps)
OneDrive Basics 03 (Outlook and Outlook on the Web, Web Browser)
OneDrive Basics 04 (Windows 10)
OneDrive Basics 05 (Windows 10, more than one tenant)
OneDrive Basics 06 (Windows 10, B2B Sync)
OneDrive Basics 07 (Office Integration)
OneDrive Basics 08 (Synchronisation Shared with me)
OneDrive Basics 09 (mobile Sync with iOS and Android)
OneDrive Basics 10 (Teams)
for those who want to read it in german language