Forum Discussion
External sharing and MS accounts
We instruct our external users to create a MS account using their work email address (if they don't have an account)... My question is, if we give access to their work email address, and they leave that company, can they still use that MS account, even though they no longer have the work email address? In other words, will they still be able to access the site we shared to their work email address?
7 Replies
One way to prevent this problem is to use Azure B2B. Anyone who has an email in a domain that is not known to Microsoft, will get a Just In Time tenant created for that organizations accounts. This will ensure that their accounts have the User Type attribute set to Guest which can then be leveraged for many purposes, see https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-user-properties for an explanation of this process.
- StephenRice
Microsoft
Hi Allison,
As mentioned above, if someone uses a work e-mail address to create a Microsoft account, it will continue to exist past the lifecycle of their work account.
For everyone who's interested in this scenario, keep an eye out for more info at Ignite 2017 :)
Stephen Rice
OneDrive Program Manager II
Great question, I'd love to know that myself. Chris McNulty, might you be able to point us in the right direction here?
- IMHO the answer is yes as long as you don't remove access to those users to your SPO sites
What the user has done is just mapped an alias to the live account aka adam.levithan@exostar.com to adam.levithan@live.com , but they are not actually using their work e-mail. As jcgonzalezmartin say, you must remove that identity from sharing otherwise they would still have access via the live account.
