Managing Anonymous User Permissions on Office 365 Small Business

I recently presented a session at SharePoint Saturday New York City about Office 365 Small Business. In preparation for the session, I was deciding on how I could best showcase what is possible with O365 and how I could use it in my daily life. Any of you have given O365 for a spin probably soon realized that the limitations to the Public Web Site are enough to sour the taste enough to consider abandoning the product. While attempting to create a public facing blog using O365, I found myself encountering issues when accessing the blog anonymously. I thought it would be easy enough to create a subsite of my public site (using a blog template) and things would just work. I was wrong. It seemed that, as an anonymous user, with every click I was presented with prompts for authentication. This made my blog almost entirely unusable. I found a very good workaround on Martin Hatch’s blog which describes how to modify the AnonPermMask64 property, but his WSP solution falls short of my needs to open up other areas of the blog such as Links and Photos, as well as opening up other areas of my public website. Never fear, the Anonymous Access List Permissionator (AALP) Web Part is here. The purpose of the web part is to provide a way to set the AnonPermMask64 permissions for any list within your SPWeb (including the RootWeb).

The AALP web part is a no-frills way to manage Anonymous Access permissions in any web on your site. After activating the WSP within your sandbox, the web part is added to your Web Part gallery. Simply add it to any page within your website. The web part will let you select from a drop down for which list in your website you want to modify permissions. After selecting the list, the existing permissions will be shown and you will be able to multi-select what your desired permissions will be for the Anonymous Users.

I started by granting the ViewListItems, ViewFormPages, Open, ViewPages permissions to the following lists:

  • Posts
  • Categories
  • Links
  • Photos
  • Comments

I also added the AddListItems to the Comments list to enable Anonymous comments to blog posts.

What this essentially allows me to do is use Microsoft Word to create and edit my blog posts as well as copy and paste photos directly into Word before publishing (I’m using it right now for this blog post). It just works the way it should! Be sure to turn on approval for the Comments list!

Now you are able to open up your limited O365 Small Business website in any way you see fit. I’ve made some quick additions to the Root site as well by allowing Anonymous Users to access the ‘Documents’ and ‘SiteImages’ libraries as well as others (such as ‘Announcements’) to create a more configurable experience. With a little elbow grease, restyling the Master Page and adding web parts will make the locked down public site more appealing as an inexpensive way to present content to the public.

The Anonymous Access List Permissionator is free for use and is available here as a WSP and full Visual Studio Source Code:

WSP: AnonymousAccessListPermissionator



9 thoughts on “Managing Anonymous User Permissions on Office 365 Small Business”

  1. Xenox,
    I found your post through Martin Hatch’s workaround post, which worked for me beautifully on my blog subsite…that is for the standard/non-mobile site.

    You mention this works for all lists and for the root site as well, but I am unfamiliar with how the mobile site works…does it inherit permissions from the root? So therefore if you set anon access for posts in the root, it would be inherited by mobile site?
    – Scott Livingston

  2. Hi Scott,

    While the anonymous access list permissionator web part can modify list permissions on the root site, it can’t modify permissions to the _layouts directory which is where mobile views are redirected.

    To overcome this in the Small Business version of O365, you will most likely have to use a workaround to append a ?mobile=0 to every url in your blog subsite so your pages come up on a mobile device.

    There is a codeplex project that allows the home page of your blog (default.aspx) to pseudo-redirect by appending ?mobile=0, but it will not work for all links throughout the site to function properly:

    Unfortunately, I don’t have any other solution to this issue but some of this will not matter in the new wave of Office 365 (SharePoint 15) where a blog feature is enabled by default on the public site and is accessible via mobile device. Although you lose the ability to create subsites!


  3. Xenox,

    Thank you for the response. I will have to check out the work around you mentioned, because of course within moments of launching the blog and posting to Facebook, i began getting messages from people who “could not access the site”. Another few moments and I realized it was because they were on a mobile devise. Oh well.

    I have not been reading up on the new 365 release…no sub-sites does not sound good. I will have to read up. Do you happen to know if current sub-site/site structures or hierarchy will be preserved? I am in the middle of customizing a team site for a client’s business, so that would be important.

    Again thank you.


  4. I recently became a Microsoft Partner/Cloud Solutions Partner so i shifted my entire company from Office 365 Small Business 2010 to 365 Enterprise 2013 in order to take advantage of certain features only available for partners using enterprise.

    Needless to say it was a long and complicated transition, involving a lot of rebuilding of pages, content and features post-move. This included rebuilding my blog sub-site – as I wanted to have a separate site as opposed to a page on the primary public site – which brought me again to the permission restrictions.

    I am pleased to report that your solution still works like a charm in 2013. The deployment is slightly different however, as many of the site setting features that were on the public site “site settings page” in SharePoint 2010 version are no longer available in 2013 – including “solutions”. So what I did was:

    Opened SharePoint Designer, went into the “_catalogs” folder, right clicked the “Solutions” folder and selected “properties”. In properties, I un-check the box “hide from browser”. Now the “solutions gallery” is available under “site content” of the public site. Next i navigated to that page in the browser, then uploaded the solution. However, when i tried to activate it, i got an error and was unable to do so. This is because the public site is allocated a “Server Resource Quota” of 0. I then simply went to the SharePoint Admin page and changed the quota from 0 to 300, then activated and deployed the solution.

    Thanks again Xenox for this great solution!

    Scott Livingston
    Livingston Solutions,

  5. Forgot to mention in my previous comment – regarding the threads about mobile permissions, it is no longer an issue in SharePoint 2013, as it seems the mobile web page is the same as the regular one. Blog is now accessible from mobile devices!

  6. I have tried to use this solution for my sharepoint public site. In which i need to allow annonymous user to add item to one of the list. Uploaded the wsp file to /_catalog/solutions , but when i try to activate the solution giving me validation error.
    i will be great if i can get any help?

Leave a Reply