Sharepoint Guest Users

Question

Hi All,&nbsp;We are using Sharepoint online to share documents with users outside of our organisation. We have enabled the option that users need to authenticate from the email address that they receive the document sharing invite on. They receive the document email and then they need to enter the verification code to access the document.&nbsp;&nbsp;We are finding that some external users get the verification code email and other external users are almost being treated as internal users and are getting direct access however they are prompted to login with a MS account which of course they dont have and therefore unable to access the document.&nbsp;When we look at the sharing links, the links that are shared with users that dont have any issues include the email that the verification code needs to be sent to, whereas the problematic users get links that dont include the verification code email address.&nbsp;When we investigated further we found the problematic users are being added as Guest users in our Office Admin Portal and I dont know why this is happening.&nbsp;When I share a document with my personal email address it works fine and I dont appear in the guest users group and for most other external users, the case is the same. There are about 25 external users which are having issues. Once I delete the Guest users, the issue no longer exists.&nbsp;This issue has only presented itself in the last 2 weeks or so.&nbsp;Any assistance would be greatly appreciated and hope this all makes sense, admittedly it took me a while to get the exact details of the problem after it was first reported.&nbsp;thanks&nbsp;trev

jcgonzalezmartin · Answer

Ey Trevor,
Just a quick question: Do those problematic users exist in your tenant as guests or in all cases the guests have never accessed to your tenant? Adding&nbsp;StephenRice

deleted · Answer

Hey Juan,&nbsp;The problematic users are appearing as Guest users in our tennant ie Office365 Admin Portal -&gt; Users -&gt; Guest users and also in our Active Users but are identified as #EXT# and are automatically being added.&nbsp;&nbsp;As far as I know, our staff are simply selecting documents to share and then entering the external users email address to begin the process, unless they are sharing a document in such a way to be causing this issue, but I dont see how. They are not sharing the entire Sharepoint site, just particular folders in document Library.&nbsp;Thanks&nbsp;Trev

deleted · Answer

If anyone is getting added to Microsoft Teams, or any other of the group connected products that support guest access there will be guest accounts created for those users and it will "break" the code method and require sign in due to the fact that account exists in the directory as you have discovered.

Other way include sharing using Classic SharePoint sites and the share command, use the old sharing method and will also add users as guests to your AD when using the old authenticated sharing method in the classic UI.

It's possible those accounts are coming from one of these, but once added, that code will no longer function for those users which is unfortunate.

deleted · Answer

Hi Christopher, thanks for the info.&nbsp;As far as I know, our staff are sharing folders with external staff via Sharepoint Online. Would simply sharing a folder add the external user to our tenant as a guest user ? Its strange as I have shared documents with my personal email and I dont appear in the guest user list.&nbsp;We have had the sharepoint site in place for about 6 months now and the issue has only appeared in the last 2 to 3 weeks so I am not sure what has changed.&nbsp;&nbsp;Thanks&nbsp;Trev

deleted · Answer

Na, sharing the folder isn't doing it, that works fine long as there isn't already a guest account. Looks like they have shored up all the classic experience to work properly since I'm trying to reproduce it.The one thing that will create a guest account still thou is someone clicking the cog wheel from anywhere in the modern UI and selecting "Site Permissions" then invite people. I could see users easily doing that instead of share and that will send an e-mail even external users which will create guest account right then and there soon as they get that invite and login with any work or personal Microsoft account. Are you seeing these guest accounts on the site level permissions by chance? Other than that I can't see how outside of them being invited somewhere else in 365 such as Planner, Teams, Groups etc.

Forum Discussion

Sharepoint Guest Users

9 Replies

Resources