Has anyone seen anything recently where external users cannot create Microsoft accounts with their work email addresses? How in the world is external sharing supposed to work if they cannot do that and they are not Office 365 customers? We would have no idea what address to send the invite to and you're asking business users to create a completely personal account to access business content from your organization? Maybe I'm not understanding this correctly. I hope I'm not, but if this is the case external sharing in Office 365 just become worthless, unless you're only working with other Office 365 customers.

Sending secure links, it is not necessary to have a Microsoft account. See https://techcommunity.microsoft.com/t5/OneDrive-Blog/Introducing-a-new-secure-external-sharing-experience/ba-p/112624

Luke Hoffman, Lots of good feedback in this thread. When it comes to external sharing, there are two "buckets" of sharing that users can use today. First, you can share a site, add a user to an O365 group or directly add the user to the directory. All of these use AAD B2B as the underlying method of "invitation" and result in the targeted user having an account created in your directory. If you share a file or folder in ODB/SPO, you'll get the new flow that Salvatore mentioned. This does not require the user to create an account in your directory and relies on using a one time passcode to verify that the user owns the e-mail address that you shared to. And, as always, there's more improvements coming here in the future. Let me know if you have any other questions! Stephen Rice OneDrive Program Manager II

Yes, secure external sharing is 100% deployed now. It will not apply to the sharing of sites though. For those, it will continue to go through the legacy sharing invitations. You can accept those invitations with either an AAD account or an existing MSA and you can create a new MSA as well (just not using a domain that already has an AAD footprint). Thanks, Stephen Rice OneDrive Program Manager II

Thanks for the response. I don't think Microsoft support has a clear understanding of these concepts as they had a really difficult time describing the correct behavior and it was clear they were not sure themselves. I have verified that secure external sharing is in our tenant as well. What I found is that in my testing using gmail accounts the invite was getting sent to the spam folder. That's unfortunate.

External Access - Microsoft Account Creation

Salvatore Biscari
Silver Contributor
Feb 09, 2018
Sending secure links, it is not necessary to have a Microsoft account.

See https://techcommunity.microsoft.com/t5/OneDrive-Blog/Introducing-a-new-secure-external-sharing-experience/ba-p/112624
- Luke Hoffman
  Iron Contributor
  Feb 12, 2018
  Yes, but it is required if you want to share the entire site. This may very well be a good solution for us not perfect, but has still not yet hit our tenant and I have no idea when it will.
  - Salvatore Biscari
    Silver Contributor
    Feb 14, 2018
    AFAIK, Secure Links have already been launched for all tenants.
    
    cc StephenRice
jcgonzalezmartin
MVP
Feb 08, 2018
Microsoft disabled the ability to create Microsoft accounts from a work e-mail address more than two years ago: https://mspoweruser.com/microsoft-finally-blocking-users-creating-microsoft-account-work-email-address/
What you could do for this external users is to create guest users in your tenant for them...this is something possible and you could even create secondary Azure Ad for those purpses
- Luke Hoffman
  Iron Contributor
  Feb 08, 2018
  Why would I have so many external users with work email addresses in my admin portal? They weren't all created more than 2 years ago. It's totally unsustainable to create external IDs for each external user. IT would be a huge bottleneck. Maybe it has been like this all along as I don't have another work address to test with. I typically send to some test gmail accounts I have. I just don't even know what the workflow would be to give an external user access to an Office 365 group now if they aren't on Office 365.
  - Deleted
    Feb 08, 2018
    because your guest user that gets setup in AAD goes by the address that you specify, the actual Microsoft account used gets tied to that AAD account when they log in the first time using a Microsoft account accessing a shared resource in your tenant.
    
    So you send a SharePoint invite out to external user@hiscompany.com he get's the e-mail and tries to access. He logs in with his user@outlook.com microsoft account. That account gets added into your tenant as user@hiscompany.com even thou he logged in with the outlook.com account. But it now knows to associate that account with that user when they login to that account to access your tenant resources.
- Deleted
  Feb 08, 2018
  You don't have to send to their MIcrosoft account e-mail address, you can input any e-mail address, when they use the link they can then use an existing Microsoft account or create a new one. So you don't have to know what their Microsoft account address is.
  
  On that note, the easiest way I tell people externally to login when they get a link is to use their Skype account. Everyone usually has Skype, and that's a Microsoft account so it works well.

Forum Discussion

External Access - Microsoft Account Creation

Share

Resources