Privacy Sensitivity Labels: Web-Only Limited Access

Summary

This article discusses Privacy Sensitivity Labels configured with Web-only Limited Access for un-managed Devices. The audience is USNH SharePoint, MS Teams, or M365 Group site owners who need to be sure to share their content appropriately and external guest users who want to understand what they see when trying to access shared content from a non-USNH-managed device.

Body

Summary

This article explains what Guest Users will and will not be able to do with content shared from SharePoint Communication and Teams sites, MS Teams, or M365 Groups with Privacy Sensitivity Labels configured for “Web-Only Limited Access”. This configuration is one of the ways USNH protects our data and complies with regulations such as HIPAA and FERPA. This setting applies to shared content being accessed by external (non-USNH) guest users from a non-USNH-managed computer or device. 

The audience is USNH SharePoint, MS Teams, or M365 Group site owners who need to be sure to share their content appropriately and external guest users who want to understand what they see when trying to access shared content from a non-USNH-managed device. 

USNH SharePoint sites, MS Teams, and M365 Groups can be marked with a Confidential Sensitivity Label. When a site needs this protection, the site owners can use the SharePoint Technical Support Service page to request that the privacy sensitivity labels on their site be configured for "Web-Only Limited Access" to protect their shared data. This configuration ensures that people who are sent a sharing link and using a non-USNH device are only able to access that shared link content in a web browser. They may not print the document, download it, open it in a desktop app, or sync the document to any application (e.g., B2B sync or File Explorer/Finder). 

 

What External Guest Users Can Expect

When a site is protected with Privacy Sensitivity Labels configured for "Web-Only Limited Access"

Guest Users on un-managed devices will be able to: 

  • View the document in a web browser if it was shared with "View" permissions 
  • Edit the document in a web browser if it was shared with "Edit" permissions

Guest Users on un-managed devices will not be able to:

  • Download the file or document 
  • Open the file in their desktop applications, e.g., Adobe Acrobat, MS Word, MS Excel, etc. 
  • Print the file or document 
  • Sync the file to any applications, e.g., B2B Sync, File Explorer, Finder, etc. 

Note: If a guest user is logged into their guest M365 account on a USNH-managed device they will be able to print/download. For example, in the case where a vendor uses USNH device(s) for collaboration. 

Back to top

 

How to Safely Share with Guest Users 

For instructions on how to set up your USNH SharePoint site to share content with external or guest users, see our article on: SharePoint: Guest Sharing - How to share with External Users

To request that your USNH SharePoint site be protected by "Web-Only Limited Access", submit a request through the SharePoint Technical Support Service page. Enter your SharePoint site information and the requested privacy sensitivity label: 

  • Current Site Address 
  • Current Site Owner(s) 
  • Request "Web-Only Limited Access for External/Guest users on un-managed devices"

Back to top

 

Sharing Examples 

View Permissions

When you share documents with "View" permissions to external guest users, they will see the warning notification banner below if the site has Site Level Sensitivity Labels configured with Web-Only Limited Access for guest users on un-managed devices.  

View Permissions notification banner

 

Edit Permissions

When you share documents granting "Edit" permissions to external guest users, they will see the warning notification banner below if the site has Site Level Sensitivity Labels configured with Web-Only Limited Access for guest users on un-managed devices.  

Edit Permissions notification banner

 

Site Members

External Guests who have been added as Site Members will see this warning notification banner on Document libraries/folders for sites that have Site Level Sensitivity Labels configured with Web-Only Limited Access:  

Site Members Permissions notification banner
 

Back to top

 

Troubleshooting

Viewing PDF Files

Sometimes Adobe PDF files can run into issues being viewed by Guest users when download is blocked (a behavior of Web-Only Limited Access). This is usually related to software applications that need to download the shared items on the guest user’s computer to be able to view the content in the browser. An example of this is an Adobe Integration with SharePoint. 

This article can be a potential work-around to consider when sharing with external guests:  Adobe Document Cloud: Troubleshooting Blocked PDF in SharePoint

Back to top

 

Further Readings

SharePoint: Sharing Site Files/Folders

SharePoint: Guest Sharing - How to share with External Users

SharePoint: Requesting a Sensitivity Label for your SharePoint Site

Adobe Document Cloud: Troubleshooting Blocked PDF in SharePoint 

SharePoint Technical Support Service page

 

Need additional help?

For assistance concerning site creation, content sharing, file synchronization, or other common SharePoint, OneDrive, Teams, or Office app activities, we recommend our Microsoft 365 Learning sites:

Learn more about the great tools our Microsoft 365 Learning sites offer!

Visit the Technology Help Desk Support page to locate your local campus contact information or to submit an online technology support request.  For password issues you must call or visit the Help Desk in person.  

Details

Details

Article ID: 4885
Created
Thu 3/14/24 12:12 PM
Modified
Fri 9/6/24 10:19 AM
Applicable Institution(s):
Keene State College (KSC)
Plymouth State University (PSU)
University of New Hampshire (UNH)
USNH System Office