Forum Discussion

Deleted's avatar
Deleted
Sep 12, 2018

Issue sharing wih external users in OneDrive

Has anyone else come across this scenario where a user is unable to share with external contacts? The error says that you "cannot share a secure link containing both people inside and outside of your organization".

 

After investigating it seems that in this case one of the external users is auto-added as a guest in Azure AD (presumably because their company use O365 too), and is now treating them as an internal user. This makes sense to me but won't make sense to our users... just because they have been auto-added to Azure AD, doesn't make them 'internal users'.

 

See attached example - look forward to people's thoughts?

  • External 365 users won't be treated as internal, or they shouldn't be. That is odd, you sure someone just didn't create the user to have an account in your tenant using the external e-mail address associated with the user record? If you search for the user in portal.azure.com in active directory what comes up? what type of user?
    • Deleted's avatar
      Deleted

      Thanks Christopher for your message. Yes definitely sure it isn't an internal account which we have created. When searching in Azure AD it appears a guest. This to me suggests we do have an issue of some sort within our tenant. Thanks for your help.

      • wroot's avatar
        wroot
        Silver Contributor

        Why do you think you have a problem? If you have guests, then guest access is enabled in your tenant. So you might want to disable it and then remove guests users, if your tenant should only work with internal users. But if you want to share files with other organizations and also require for them to authenticate and be able to edit files (not just share as anonymous read only link), then you have to have guest access enabled. 

  • wroot's avatar
    wroot
    Silver Contributor

    >After investigating it seems that in this case one of the external users is auto-added as a guest in Azure AD (presumably because their company use O365 too)

     

    This is normal and they have to have at least regular MS account (not only O365) to become guests. They still are labeled as guests in Azure AD and they are not treated as internal users. The error you receive is odd. Maybe you somehow picked 2 options while sharing, although this shouldn't be possible. You can try removing all sharing and sharing again. A file can only be shared as a not secure anonymous link or with the authentication (secure) - either to only internal users or to anyone with MS account.

  • Jithin Ramesh's avatar
    Jithin Ramesh
    Copper Contributor

    We have encountered this issue in our tenant too. It seems that once the user is added to the Azure AD as a Guest SP treats the user as a internal user and any future sharing links that include said user along with another external user not added to the tenant Azure AD generate the error OP mentioned.

     

    Would like to know if anybody understands why the user is treated as a internal user once he is added to the Azure AD.

Resources