Forum Discussion
External users can't open documents in desktop application
Hi all,
This behavior is expected (external users not getting the "Open in Office" option) whenever the external user is authenticating via the new one time passcode (OTP) method. You can see a better overview here: Documentation
There are two states an external user can be in today: If they are authenticating via OTP, then they do not have a real AAD account and thus cannot open in clients. This occurs when you share a file or folder with an external user who is not in your directory (i.e. they have never been shared to before).
Inviting a user to a site or a group or using the Azure B2B platform will create an account in AAD for the guest user. These users must have an MSA or AAD account to sign-in with to accept the invitation. They can use Office apps.
This is definitely something we're looking to improve and I definitely suggest you check out the "What's new in External Sharing & Collaboration with OneDrive & SharePoint" talk at Ignite next week ;)
This was working before?
I ask because in our experience, opening in the desktop apps has never worked with external users.
Indeed it works and if that's not the case, open a support ticket. By the way adding here StephenRice and let me explain how it should work (I just shared a folder yesterday with an external user using the "Sharing with specific people" option and giving Edit permissions....it worked well):
- Share the folder / file with an external user using the "Share with specific people" option and check the "Allow Editing" option
- The external user will receive a message and will be asked to provide/sign with the e-mail the file/folder was shared with
- The external user will see a message indicating that an access code has been sent to that e-mail
- The external user enters the access code and can edit any Office document (I'm assuming here the user has a valid Office licence)
it's never worked that way using just specific people with external users since the new sharing dialog has been around, only back with the old way would it work. The only way I know to get it working using desktop apps is if you use the old school invite method to the SharePoint site / file where the user is actually added as a guest and added to the SharePoint site where they show up in people and groups etc.
This is a known issue by the OneDrive team and they have said that they are looking at this and to stay tuned so that it can hopefully work with normal Sharing should the users have office clients installed.
But as of now you have to get people invited to your site first, which is getting harder by the day with all the sharing changes over the past few months.
Yeah it's 2020 and it still doesn't work! So I'm not sure they're very serious when they say "we're looking into this"
Yes, it used to work for us, I've seen it, and it currently works with our IT consultants who also use SharePoint. I would say it stopped working at some point in July/August out of nowhere. It worked exactly as Juan described it. I also can't find any definitive documentation from MS that says it won't work - I have already opened a support ticket and even they can't find documentation or remedy the situation. It is 3 weeks later and there is no resolution. I've asked to have it escalated to higher tier of support.
Mostly I was curious if this was happening to other users because I can't find much on the internet. Deleted can you explain the "old school invite method"? I'm not sure what you mean. And can anyone verify if this would work if we used anonymous links?
Many thanks!
- None of the new link generated or specific people options work that way as everything is done via links and the client will not be able to edit files.
Bottom line is, the users must authenticate using a MSA/Work account into your tenant and be listed as a guest in azuread in order to use the client, if they do not have to login by using anon link / specific people with code option, they will not be able to use the client.
I think what is happening is your tenants have been updated awhile back so the specific people option now uses the codes and you just now have invited people that haven't been invited to your tenant yet and seeing the side effect of that change?
Anyway, hopefully Microsoft has a fix to just allow client no matter what soon!
