The good news is that Microsoft rolled out a new ‘request file’ feature in December 2019. So although you still can’t request files from people outside your organisation using Microsoft Forms, you can using OneDrive.
In this article we’ll look at how you can get other people to upload files to your OneDrive account. We’ll also look at the limitations of this new feature, including security considerations, and alternatives.
First up, you can only use the ‘request files’ feature of OneDrive if you have a OneDrive for work or school account. The feature is not available for Office 365 Government, Office 365 operated by 21Vianet, OneDrive for home, or Office 365 Germany.
If you have any of these Microsoft products, you’ll need to work with either a competitor product, or file upload software that natively integrates with Microsoft OneDrive.
Requesting files using OneDrive
However, if you do have a business or school account then the process of requesting files is fairly straightforward:
- Choose the folder you want to upload files to and select ‘request files’
- Describe what files you are requesting
- Send a link to people or enter their emails
- You’ll receive a notification email whenever someone uploads files to your file request folder
For screenshots and more information see Microsoft’s help documentation.
For this feature to work you need to ‘enable Anyone links in OneDrive’.
Allow users to share files and folders by using links that let anyone who has the link access the files or folders without authenticating. This setting also allows users to share sites with new and existing guests who authenticate.
This setting is for your organisation overall: “The OneDrive setting can be more restrictive than the SharePoint setting, but not more permissive”. So if you use SharePoint as well, then you’ll need to be equally permissive for that platform.
Enabling this link for your entire organisation can lead to security issues, of which Microsoft is aware: “When you allow anonymous users to upload files, you’re at an increased risk of someone uploading a malicious file.”
You also risk unathorised sharing of sensitive information:
When Anyone sharing is enabled for your organization, the default sharing link is normally set to Anyone. While this can be convenient for users, it can increase the risk of unintentional unauthenticated sharing. If a user forgets to change the link type while sharing a sensitive document, they might accidentally create a sharing link that doesn’t require authentication.
Microsoft suggests a few ways to mitigate this risk:
- Set a time limit on links
- Changing the default link to one that works for people inside your organisation. Users who want to share with other people would then have to specifically select that option.
- Change permissions for files and for folders to view-only
- Create a data loss prevention (DLP) rule
For more information, see Microsoft’s article ‘Best practises for sharing files and folders with unauthenticated users‘.
Limitations of ‘request files’ feature
Aside from the security issues, which can be managed to an extent, there are a few major limitations with this new feature. The main one is that it is quite a basic feature.
The upload form that is sent to people via a link is restricted in terms of design, as well as ability to collect text-only information. It is also quite unhelpful if you want to collect multiple files.
In the example below, you can say who is requesting files, and add a description. But that’s about it.
In contrast, specialised file upload page software allows you to create a form like this:
Using this upload page, you can:
- Add your branding and logo
- Collect different types of information, from phone numbers and dropdown options to dates and longer-form text
- Create multiple dropzones to make it easier for people to know what to upload
File upload services vs OneDrive ‘file request’ feature
The obvious advantage of the ‘file request’ feature is that it is now included with OneDrive, if you have a business or school account.
It is a decent feature if you want to collect files from people who will be okay with a fairly basic user experience, and trust your company or organisation already. This would be the case for schools running a competition, for example, who want to invite digital entries.
The key points in favour of this feature are:
- Anyone can send you a file
- All the files sent to you are saved in a single folder that you choose
- People who respond to your request can only upload files and not view or edit other files (if you select this option)
- Although there might be some security issues, Microsoft advises on how to overcome these
In contrast, file upload services cost money ($49/month for a team plan, for example). However, their job is specifically to make it as easy and intuitive for you to gather all types of content from anyone. So you do get a lot of additional functionality, which could be enough to justify the price:
- Ability to embed your upload form in your website
- Much more control over customising your upload form
- Forms looks good on mobiles
- Ability to create a form that allows to gather text data as well as files
- Chance to approve or reject files
- Set up automated email sequence to send reminder emails and so on
- Bank-level encryption and password-protection if you need it
A file upload service, like File Request Pro, also natively integrates with OneDrive and SharePoint. So you can the extra functionality without any of the usual fuss of connecting new software.
If you’re not sure which option to choose, you can always sign up for a free trial for a file upload service, and see how you get on. Nothing beats testing an actual service to see if it suits your specific setup and requirements.