Jun 27 2018
10:43 PM
- last edited on
Feb 01 2023
10:39 AM
by
TechCommunityAP
Jun 27 2018
10:43 PM
- last edited on
Feb 01 2023
10:39 AM
by
TechCommunityAP
Hi All,
We are using Sharepoint online to share documents with users outside of our organisation. We have enabled the option that users need to authenticate from the email address that they receive the document sharing invite on. They receive the document email and then they need to enter the verification code to access the document.
We are finding that some external users get the verification code email and other external users are almost being treated as internal users and are getting direct access however they are prompted to login with a MS account which of course they dont have and therefore unable to access the document.
When we look at the sharing links, the links that are shared with users that dont have any issues include the email that the verification code needs to be sent to, whereas the problematic users get links that dont include the verification code email address.
When we investigated further we found the problematic users are being added as Guest users in our Office Admin Portal and I dont know why this is happening.
When I share a document with my personal email address it works fine and I dont appear in the guest users group and for most other external users, the case is the same. There are about 25 external users which are having issues. Once I delete the Guest users, the issue no longer exists.
This issue has only presented itself in the last 2 weeks or so.
Any assistance would be greatly appreciated and hope this all makes sense, admittedly it took me a while to get the exact details of the problem after it was first reported.
thanks
trev
Jun 27 2018 11:09 PM
Ey Trevor,
Just a quick question: Do those problematic users exist in your tenant as guests or in all cases the guests have never accessed to your tenant? Adding @Stephen Rice
Jun 27 2018 11:18 PM
Hey Juan,
The problematic users are appearing as Guest users in our tennant ie Office365 Admin Portal -> Users -> Guest users and also in our Active Users but are identified as #EXT# and are automatically being added.
As far as I know, our staff are simply selecting documents to share and then entering the external users email address to begin the process, unless they are sharing a document in such a way to be causing this issue, but I dont see how. They are not sharing the entire Sharepoint site, just particular folders in document Library.
Thanks
Trev
Jun 28 2018 01:16 PM
Jun 28 2018 01:16 PM
Jun 28 2018 06:46 PM
Jun 28 2018 06:46 PM
Hi Christopher, thanks for the info.
As far as I know, our staff are sharing folders with external staff via Sharepoint Online. Would simply sharing a folder add the external user to our tenant as a guest user ? Its strange as I have shared documents with my personal email and I dont appear in the guest user list.
We have had the sharepoint site in place for about 6 months now and the issue has only appeared in the last 2 to 3 weeks so I am not sure what has changed.
Thanks
Trev
Jun 28 2018 08:14 PM
Jun 28 2018 08:14 PM
Jun 28 2018 08:43 PM
Jun 28 2018 08:43 PM
Something else that might help pinpoint where they come from, if you have access to security center, run an audit log and select "Created Sharing Invitation", this I think will show you the full sharing invites that would create guest user accounts. This might let you find some you have seen and maybe see who's doing it and for what resource?
Jun 28 2018 09:37 PM
Jun 28 2018 09:37 PM
Thanks for the info Christopher, it has been very helpful. Going through the logs now to see if I can find any anomalies.
trev
Aug 02 2018 03:13 AM
Sorry to reopen this a month later, but am finding the same issue with random people we've shared with appearing on our user list as guests.
If I search the audit log for 'shared file, folder or site', then these users appear in the log. Under detail it specifies 'Shared with "Limited Access System Group" ("SharePointGroup")'
Two have shown up so far and were both part of a group who were granted access to a file through the share option in a user's OneDrive.
My best guess is that this is only happening for people that also have an Office 365 Account and so the system is adding them as guests on ours, but should it be happening at all if we've shared a solitary file?
Did you ever discover the cause of the issue on your end Trevor?
Oct 17 2018 09:40 AM