If you need to collect additional data from the submitters, outside of what is contained within the files that they will submit, you should use a group-owned MS Form. A “group” in this context could be an MS Team or a SharePoint group. If you already have an appropriate MS Team with the appropriate members, you will be able to use that. If you do not have an appropriate MS Team already, you can create a new one. If you prefer to use a standalone SharePoint site, you can request that ITS create one for you.

Once you have a location to store the collected files, you can create a Microsoft Form to collect the files.

If you only need to collect the files themselves, without additional data, you can simply use the “Request files” feature in SharePoint. If you choose this method, you lose the ability to ask the submitter to fill a Form prior to submitting their documents, but it is simpler to set up.

If you need to temporarily store the submitted files on a McGill-managed device, you must first complete the steps listed above, and then you can sync the files to your McGill-managed device.

For external submitters (those that do not have McGill credentials) you will use the "request a file" feature, built into SharePoint. Because this feature requires that the SharePoint site have "external sharing" enabled, it is recommended that you request a new SharePoint site with external sharing enabled, specifically for this purpose.

Once you have received the URL of your new SharePoint site, you can enable the “Request files” feature for a folder on your new site.

If you need to temporarily store the submitted files on a McGill-managed device, you must first complete the steps listed above, and then you can sync the files to your McGill-managed device.

For this solution, we recommend using a group-owned Microsoft Form along with the “Request files” feature of SharePoint.

Because the “Request files” feature requires that the SharePoint site have "external sharing" enabled, it is recommended that you request a new SharePoint site with external sharing enabled, specifically for this purpose.

Once you have received the URL of your new SharePoint site, you can:

• enable the “Request files” feature for a folder on your new site for external submitters
• create a group-owned Microsoft Form for McGill-authenticated users.

As an alternative, you could only use the “Request files” feature in SharePoint. If you choose this method, you lose the ability to ask the submitter to fill a Form prior to submitting their documents, so it is suitable for situations where you do not need additional information from the submitter, like their student number, employee number, or case number.

If you need to temporarily store the submitted files on a McGill-managed device, you must first complete the steps listed above, and then you can sync the files to your McGill-managed device.

Follow this link to view instructions on how to create a new Microsoft Team.

Use this form to request a new SharePoint site. Your site should be requested as a "Team site" and "private", both of which are the default options.

If you will use the “Request a file” feature, you must note in your request that you require external sharing enabled for your new site.

Prerequisite: A Microsoft group – either a Microsoft Teams group, or a SharePoint group.

Note: This option will only work with McGill-authenticated submitters. If you also need to collect files from external users, you usually need to use both this option and the “Request files” option.

If you don’t need to collect additional data from your submitters, you could also use only the “Request files” option.

To create a new group-owned Microsoft Form:

1. Sign into forms.office.com with your McGill credentials
2. Scroll all the way down to the bottom of the page to find a list of the groups you have joined. You may need to select "All groups" to see the group you want to own the Form.
3. Once you have found it, select the group that you would like to own the Form.
4. Click the downward pointing arrow next to “New Group Quiz” and select New Group Form.
5. You can now customize your Form. The question type "Upload File" will allow the submitter to securely upload files.

• If you choose to use a Microsoft Team, the Team will automatically have a SharePoint site associated with it, which serves as the file storage for all files in the Team, including the files uploaded via the Microsoft Form(s) owned by that Team.
• If you choose to use a standalone SharePoint site, the files will be stored on that SharePoint site.

In both cases, the uploaded files are automatically shared with all members of your SharePoint site or Microsoft Team.

Prerequisite: A SharePoint site with external file sharing enabled.

First, you need a folder into which the files will be uploaded. You can select an existing folder or create a new one. This folder will house the submitted documents.

Note that the submitters are not able to see the contents of the folder. It is like a mail slot: the submitter may add files, but not view or remove them.

To create a new folder, browse to your site, navigate to the "Documents" library, and use the New dropdown and select Folder. You can then name the folder as you like. See the Microsoft documentation for more detailed steps.

Once you have created or selected a folder, you will browse to the "Documents" library, and click on the ellipsis (...) next to the folder you have created. Select the "Request files" option and enter a description that will be visible to your submitters. For example, you might use "McGill Secure Upload" or "Submit a document to McGill", or something more specific to your unit or department.

Note that if you do not see the “Request files” option, it is because your site does not have external sharing enabled. You can make a request with the IT Service Desk to enable that option. Please provide the URL of your SharePoint site in the request.

After you have given your link a description, you will see a screen where you can copy the link so that you can manually send it to your submitter(s), or automatically email it to a specific person or set of people. We recommend manually sending the link, as the automatic email is more likely to be perceived as a malicious email or spam. You may want to note the link somewhere handy if you plan to use it frequently.

The link is permanent and does not expire, so it can be used as long as needed. If you misplace your link, you can browse to the folder and select Request files again to locate and re-copy the link.

If you are collecting any type of Personal Information that “directly or indirectly allows the person to be identified” you must include a Privacy Notice that allows the user to decide if they consent to use the service. Depending on the type of personal information collected, the Policy on the Governance of Personal Information provides differing consent requirements and guidelines. In some cases, you can use the default McGill Privacy Notice.

Sensitive Personal Information, including medical (PHI) or otherwise intimate information, requires a higher standard of care than many other types of data. When you are requesting this sort of information, even when using a McGill-approved solution like SharePoint or Microsoft Forms, you must obtain the express consent of the person whose information you are requesting.

A good consent statement will be simple, straightforward, and include:

• Where the files will be stored,
• Who will have access to them,
• What the files will be used for,
• How long the files will be kept,
• Who the user can contact if they have any questions about how the information will be used.

If you are using a Microsoft Form to collect the files, you can simply add a question to the Form for the submitter to indicate consent. You should check with your unit’s resource for legal issues or ethics, and/or contact the Access and Privacy Office. Here’s a sample consent statement that was created for an IT Services solution:

By selecting “I agree”, I consent to the files I submit being stored in a secure Microsoft SharePoint site with limited access. My files will only be available to authorized, authenticated users in McGill’s IT Services unit, and will be used only to resolve my issue. My files will be permanently deleted 30 days after the resolution of my issue

• I agree.

• I do not agree and will not proceed to upload my files.

If you have any questions or concerns about how your data will be processed and used, please contact <insert contact email>.

Important: Submitted files containing personal or confidential information must not be synced (stored) on a personal device. The Secure Use of McGill Administrative Systems Directive specifies that you can temporarily store (sync) these files only if using a device that’s managed by a McGill IT unit.

The submitted files are stored in SharePoint, whether you are using a Microsoft Team or a standalone SharePoint site, so syncing the files to your local device is straightforward.

First, browse to the SharePoint location that your files are stored and if you are using Microsoft Teams,

1. Use the Teams app to browse to your Team,
2. select any channel,
3. click the Files tab. (From there, you can select "Open in SharePoint" and browse to the "Documents" library.)

If you are using a standalone SharePoint site,

1. Open a web browser.
2. Go to the SharePoint site, and then browse to the "Documents" library.

Above the files list in the library, you will see a horizontal bar of options. Select “Sync”. If your browser requests permission to use "Microsoft OneDrive," confirm that this is okay.

Your sync will start, and you will see a new location available in your file browser, right next to your OneDrive files. This will contain all the files from your SharePoint location, including files submitted using the "request files" feature and the Microsoft Form "upload" option.