Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Following this guide, users can allow public (non-university) users to upload data along with completing a Microsoft Form. Normally this functionality is not allowed in forms Forms with “Anyone” visibility; file uploads are restricted to members of the university.

Info

When a form Form is set to “Anyone” visibility, you cannot also use the File Upload field on the formForm. This is a security precaution. Consequently, users must sign into Microsoft 365 with a UConn account in order to upload files into your Form. If “Anyone” was able to upload files into your formForm, this would present a clear vector for attack and is therefore not within the built-in functionality of Forms.

Note

This guide will help you circumvent this security caution precaution and therefore must be followed at your own risk. After completing this guide, any actor or computer on the planet will be able to place files into your OneDrive/SharePoint folder. This is an obvious vector for attack and is therefore not within the functionality of Forms. There will be security precautions listed below. Please read and follow this guide carefully.

...

  1. Visit s.uconn.edu/onedrive or s.uconn.edu/sharepoint and find the location you would like to hold these user-submitted files.

  2. Create a new folder and give it an appropriate name. Example, “questionnaire public file upload”.
    Be sure to create this folder outside of your OneDrive “Documents” folder in order to follow the optional section below.

  3. Back out of the folder so that you can right-click on the folder.

  4. Click on Request Files.

  5. Complete the Request FIles prompt and copy the “Share link”.

  6. Optional: Learn more about the Request Files function: Request a File in OneDrive or Request a File in SharePoint.

Optional:

...

Precaution - Disable Sync of this folder

For extra security, you may prevent your computer from synchronizing with this folder. Doing so will prevent you from opening the files locally on your computer, instead you will view them through the web browser.

...

  1. If you have an existing Form, open it now by visiting forms.office.com.
    If you have not yet created a Form, please do so now.

  2. There is more than one way to share this link in the Form because Forms does not allow you to enter a simple read-only line of text.

    1. Create a “Choice” questions and supply only one choice, which is the URL of the Request Files.

      image-20240226-152258.png

      The text you enter in this field will become hyperlinked so that users can click on it.

    2. Create a new Section.

      1. Creating a new Section will require users filling out the Form to click Next at the bottom of the Form. They will be presented with a second page that can hold questions.

      2. Name the Section “File Upload” for example, and then paste the link in the Subtitle.

        image-20240226-152939.png
    3. Explore other options if these two don’t appear as you would like.

  3. Ask your uploaders to be specific with the naming of their files to help you associate the file with their Form submission.

    image-20240226-153641.pngImage Added
  4. Note: Your changes to the Form are saved automatically when you make them.

  5. Share the Form with others when you are finished.

Tip

The data uploaded into the folder you have created will not be linked to the Form. Be sure to check the folder frequently in order to associate the data with specific responses on the Form.

Why can I publicly “Request Files” using OneDrive/SharePoint and not have a public file upload option in Forms?

This guide works on the assumption that Request Files is intrinsically more secure than Forms due to the share link. Forms have very short links that allow people to share them and type them in easily; Forms are meant to be posted and shared freely. Request Files on the other hand, is computer-to-computer transaction, therefore users are less likely to need to manually type in the share link; it should have been sent to them. This allows the Request Files link to be very long and complicated.

A computer set up to scan the internet and guess the URL for Forms will have a relatively easy time compared to one trying to guess the link for Request Files. The Request Files link is very long and full of gibberish and therefore very, very hard for a computer to guess or “stumble upon” and then dump a malicious payload.

Help

Reach out to techsupport@uconn.edu with any questions about this guide or if you believe any information is missing from this page.

...