Office 365 SharePoint Site Shared With External - Some users have "Deny" Permissions

Thanks for the response Stephen.

I actually completed a service request investigation of this with Microsoft Engineering, and we found the issue was caused by the logic that implements the restrict by domain setting:-

• We restrict user access to only a specified number of domains
• The logic checks the domain by comparing the list to the users "Email Address" field
• A number of the partners we are sharing to who have Office 365 accounts do not populate their user's email address field

Users without email address values who were granted access (and accepted the invite) were added to the SharePoint security groups, but the domain restrictions logic determined they should not be able to access, and applied the set of "Deny" permissions against them.

In my opinion the logic should be checking the domain against the user's login (not email address) as this is a required field, and hence is always populated. I also think it more correctly represents the user's corporate identity - especially for an Office 365 user (as opposed to an MS Live user).

The solution for us was to remove the domain restrictions, as we didn't feel we could dictate to other companies that they had to populate their user's email address field within Office 365. Disappointing, as this domain restriction was considered a key component in alleviating security concerns around external sharing.

Thanks

Nigel