
Using Entitlement Management to Provide External Access to SharePoint Online
Using Entitlement Management to Provide External Access to SharePoint Online
Entitlement management allows your organization to manage access to groups, applications and SharePoint Online sites for internal users and users outside the organization with controls like self-service requests, approval workflows and expiration policies. Entitle management does this by creating and managing access packages which are a collection of resources grouped together to be requested in a single go.

Example of a Real-World Scenario
You are required to grant a partner company access to your SharePoint online intranet. Specifically, this partner company requires 20 users access to a Project Management subsite in your SPO intranet for the next 3 months. At a high level, an access package would be created to grant access for the 20 users to your SPO engineering subsite. The access package could be scoped to the partner company’s external domain to protect the access package from unauthorized use. You can then add time restrictions on the access so the partner company can only access the subsite for the next 3 months.
At a high level the following requirements would have to be defined for an access package:
- What are you granting access to? For example, SPO site, library and etc.
- Who or what domains require this access?
- How long do they need this access for?
After these requirements above have been identified for an access package. A URL would be generated at the creation of the access package and that URL would be used to invite external users and grant access to a SharePoint online site based on the resources specified in the access package.
Entitlement Management Requirements
Entitlement management requires an Azure AD Premium 2 license.
License Limitations:
Ensure that your directory has at least as many Azure AD Premium P2 licenses as you have:
- Member users who can request an access package.
- Member users who request an access package.
- Member users who approve requests for an access package.
- Member users who review assignments for an access package.
Member users who have a direct assignment to an access package.For guest users, licensing needs will depend on the licensing model you’re using. However, the below guest users’ activities are considered Azure AD Premium P2 usage:
- Guest users who request an access package.
 Guest users who approve requests for an access package.
 Guest users who review assignments for an access package.
 Guest users who have a direct assignment to an access package.
Azure AD Premium P2 licenses are not required for the following tasks:
- No licenses are required for users with the Global Administrator role who set up the initial catalogues, access packages, and policies and delegate administrative tasks to other users.
- No licenses are required for users who have been delegated administrative tasks, such as catalogue creator, catalogue owner, and access package manager.
- No licenses are required for guests who have a privilege to request access packages but they do not choose to request them.
Thank you for reading this post! If you enjoyed it, I encourage you to check out some of our other content on this blog. We have a range of articles on various topics that I think you’ll find interesting. Don’t forget to subscribe to our newsletter to stay updated with all of our latest information on Microsoft SharePoint Online.

discover more 
The Future of Custom Software: Building for Agility, Not Just Functionality
Technology often evolves faster than most organizations can adapt. Just think about the advancements we have seen with artificial intelligence over the last few years alone. This means custom software…
What Is Azure DevOps Really Solving? A Business-Centric Look at Agile Delivery
Businesses are under constant pressure to deliver fast, reliable, and transparent software. This pressure will increase as technology continues to evolve and advance. Terms like DevOps, CI/CD, and agile delivery…
Post-Retreat Energy is Real. Here’s How to Make it Last.
This was my first Improving retreat. I’ll be honest: I was a little hesitant to go at first. But once I got there? I loved it, the networking, the friendships,…
Let’s Build Something Amazing Together
From concept to handoff, we’d love to learn more about what you are working on. Send us a message below or call us at 1-800-989-6022.



