Overview: provide a link (with password) for your clients download (and/or upload) files within your OneDrive cloud storage. There are several ways to share folders using OneDrive, and this method may be a good mix of "ease of use" with a layer of security, based upon the following requirements:
- Your client may or may not have an account capable of modern authentication (Microsoft 365, Gmail, SSO)
- You need to share via a simple link
- You need to control which clients have access to content
- You need to control if the content is "download only", or "allow editing" (they can also upload files)
- You need a simple layer of additional security such as a password
Basics
Log onto https://portal.office.com (the same process also works if you have "sync'd" OneDrive to your computer)
Select OneDrive (do not try this with SharePoint, since the default security level on SharePoint will not allow this level of sharing to "external" guests; if you need to share SharePoint outside of your organization, it is recommended to move or copy files to your own OneDrive and then share the content from your OneDrive folder)
Have a tool available (such as OneNote) to make a note of:
- Client name
- Share link
- Password
Step 1: create and share a folder
Create a folder specifically for this client, click the ellipsis (...) and choose Share
In the dialog popup click "Anyone with the link can view"
If you want to allow your client to upload, select "Allow editing"
Set a strong password, and click Apply.
Now click "Copy link"
...a dialog popup confirms that the link has been generated and copied (to your clipboard)
Step 2: store the link and password
Using a secure tool such as OneNote, Paste the copied link, clearly noting who you intend this link for, and with a note of the password. Example link:
Step 3: share the link and password responsibly
Never share the link and the password via the same medium, such as email. If the recipient's email account was compromised, the link and password would be visible. A more responsible course would be:
- Send an email to the intended client with the link, and explain that for security reasons you will send the password using SMS or call them and relay it over the phone
- Send the intended client an SMS with the password
More: testing how it works
If you want to test the experience, from the perspective of your client, open a private browsing tab in your browser (Edge: Menu (...) "New InPrivate window"; Chrome: Menu (...) "New incognito window"; Safari: "File > New Private Window"). Now that you are using a private browsing tab, go ahead and paste the link and enter the password, and you will have all of the functionality that your client would see.
Once the password is verified, your client will be able to download (and upload if you enabled "allow editing"), and use drag & drop on their device too. You will be able to access the files they upload using your OneDrive. Any new files you add to the folder will be available to your client using the same link & password.
Tip: once your client uploads files, you may want to make copies in another location such as SharePoint, where only you can access them. Remember, if your client can upload then they can also edit or delete too!