Coaching your guest users through the External Sharing Experience.


Here is a resource to which you can point those users you collaborate with using the guest user experiences on SharePoint Online.  There are three possible experiences a user can encounter when being invited to SharePoint Online.  We will deal with each of those in turn.  

To use this post, you can select one of the links below and send that to your guest user based on the type of invitation you want to send.  Here are the links to copy:


Classic SharePoint Invitations 

When you are invited at the list or site level, or added to a SharePoint group, you will receive a classic SharePoint Invitation.  The classic invitation experience begins with an email: 




The link in the email will point you to AcceptInvite.aspx.  By clicking on that, you will then land on a screen that will ask you what type of account you have: 


If you are using a consumer email account, such as those from Hotmail.com, gmail.com, outlook.com, yahoo.com, etc., then you will want to choose Microsoft Account. If you are using your email from work, or school, choose Organizational Account.  If you choose a Microsoft Account, you’ll see the following interface: 


 Note: if you do not already have a Microsoft Account, and you enter your email, you’ll see the following dialog: 


Click “Get a New One” or “Create One!” to register a new Microsoft account: 


Provide a password: 



Then enter your first and last name: 



And provide your Birthday: 




Check your email.  Microsoft will send you a code to verify you own the email address.  Enter the code: 



Once you enter the code and click next, it will bring you to the Keep Me Signed In dialog: 




If you are accessing from a shared computer, you should choose No.  Once you select this, you will then get access to the site. 


New Sharing Experience 

The New Sharing Experience, also called ad hoc, is received when a user shares a file or folder in a SharePoint Online or OneDrive Library.  If the user already exists in the directory, or if a site or list is shared with the user, it will fall back to the classic experience. Like the classic experience, it begins with an invitation: 




Clicking on the link, however, is a little different: 




Click the send code, and you will generate the one time code, which will be sent to your email: 



Enter the code in the following screen: 





Once you enter the valid code, and then you’ll have access to the resource. 



Azure B2B Invitations 

This process is a little harder to illustrate uniformly, because one of the strengths of the feature is that organizations can customize the look and feel of the invitation.  From the text displayed in the message, to the location you are sent after acceptance, down to the email address used for invitations.   


Here is what a sample invitation could look like: 

You will then be asked to confirm the invitation and that you grant the inviting institution to know your email address and name information: 




You will then be directed to authenticate, either with Microsoft or, in the case that your organization also has an Office Account, the Identity Provide we have on record.  Once you authenticate in that manner, you are a guest user in the inviting party’s tenant. 


Why so many different experiences for external users?  You did not even include the experience of when you add an external user to an Office 365 Group to give them access to the files in a modern team site.  The invitation email that comes from that experience is different from the experiences shown in this post.  


While I really appreciate this post, I think it highlights the challenge it currently is to giving external users access to a SharePoint Online site because there are so many different invitations and experiences for external users.  


Hi @Eric Davis, thanks for your comment.  

I understand that all these different channels for invitations can be frustrating; but it helps, I think, or at least it helps me, to keep the sheer breadth of Office 365 and SharePoint Online, and not only in the number of tenants (millions) or the number of users (tens of millions), or even the breadth of size (from single user tenancies to hundred thousand seat behemoths), but also the magnitude of different businesses and organizations, in every single industry, in education, health care, government, tourism, services, manufacturing, research and engineering, to non profits and charitable work; Office 365 is the largest enterprise cloud in the world.  And so we approach things like external users the way a mechanic approaches any other tool.  Is it absolutely necessary to have 4 or 5 different ways to invite a guest user?  Probably not, if you're talking about a single tenant, or even a handful of tenants.  But each method was introduced because it was vitally important for a number of customers in that vast ecosystem.  Simpler is preferable to complexity, you are absolutely right.  But as the creator of tooling, we have to make sure the right tool lands in the right hand for the right job.  And that's what we're trying to do here, provide you with the correct tools, and help give you the best information to empower you to make the right decision on which tools you'll need to employ.  If all you work is on your personal car, you probably don't need multiple thousand piece ratchet sets in order to work on your car.  But if you are supplying tools to all the mechanics working on all the cars across the world, it makes sense that you want to have the right tool for the right job and get it to the right person.

Again, I'm not denying the frustration that can accompany the size and scope of the tooling that is just SharePoint Online, let alone the entire Office365 suite!  I just wanted to highlight some of the broader influences on why such a huge ecosystem requires a certain level of complexity.

On a personal note, thank you for mentioning invitations to Unified Groups.  I'll work on that this week and update the document.  I apologize for the oversight.

Not applicable

One drawback of the new experience is that whenever I share a file or folder, there is no guest user created in Azure AD. Therefore, you have no clue from admin perspective which whom files and folders are shared externally. 

Sure, there are other means for that. 

However, I really like the new experience as it is more convenient for the end user and guest user and great for a temporary file sharing.

But as an admin, I need to know which guest users have access to the tenant. 

New Contributor

Toby, thanks for the recap.  Is there or will there be an easier way to share between multiple tenants?  We are a holding company and trying to create an intranet in one tenant to share news and collaborate across two other tenants.





Hi @Anonymous, thanks for taking the time to comment on my blog!

If you go to the User Information List for the site collection in question, you will see entries for the users invited using the new experience in the form of their email address.  Traditional guest users -- that is, users who are invited using Azure B2B or SharePoint classic experiences and have traditional guest user objects in your directory -- will show up first name last name and have #ext# in their upns.  You can then track on a site collection basis who has access to your tenant.  

Another way is to use the Unified Audit log to pull external sharing invitation events out and keeping track of those events for reporting purposes.

But yes, I agree, the experience is not as simple as it was in classic mode.


Thanks for the question @Larry Corley

The short answer is, not really.  The longer answer is probably best solved through B2B or using a single tenant.  O365 Scales very well.  I suggest you reach out to your Account team and they can help line up resources to guide you through such a design.  Our focus is on technical support and I feel like I am not the best resource to help you with such questions.

Not applicable

@Toby Bianchi: yes I know. However, wouldn't it be nice if we could have a security group, which is allowed to share files and folders directly. And whenever a file or folder is shared with a new external user, he needs to go through the account creation process and thereby self create a new user which visible in Azure AD. Not the site collection level. 

This is the major issue I face at the moment. 

If you share files or folders directly, those users do not show up as guest users in Azure AD. 

Furthermore, I experienced that if I want to get a list of all guest users in my tenant, I need several different Cmdlets, as it seems to a difference whether I for instance grant external access by sharing a site or whether I use Azure AD B2B Collaboration and invite through the Azure Portal. 

Both ways lead to an guest user showing up in Azure AD. 

Not so in PowerShell. Why that (?)

I'd like to connect to Azure AD and write one cmdlet to get all external guest users. No matter how they have been invited to our tenant. 

Is that possible? 

Occasional Visitor

The invitation process often goes wrong, as many users are already logged into Microsoft or Office365 tenant and simply click the invite link in the email. They will not see all the screens to create an guest account, as a valid account is already present in their browser!


The only thing that helps here is to open the invitation link in a private browser session.

I hope this can be improved, as even a seasoned IT expert easily forgets this essential step.

Hope you can comment.

Occasional Contributor


External sharing a new modern SharePoint site works fine / with verification code (adding guest from Outlook (

The users after accepting the invitation become a members / they can contribute to the document library - add, delete, edit files.

I couldn’t find way to do the external sharing with verification, but the guest to be readonly -  only visitor


How can this be done?






ShareOption1.pngHi @Tzvetan Yakimov

You can adjust the permissions when you create the link in the Modern UI by unchecking the "allow editing" check box, as seen on in the screen shot above.  If you are looking to change the default behavior for *ALL* links in your organization, both internal and external, you can go to the SPO Tenant Admin Portal (https://[tenantprefix]-admin.sharepoint.com) and go to Sharing > Default Link Permission.

Again, this changing it at the tenant admin level changes all links generated in the service, so be aware of that when making the change.

Occasional Contributor

Hi Toby


Thank you for the answer

Toby, your suggestion is valid if you share file (maybe folder?)


What I want to achieve is to share the entire document library externally with login - verification code

The new  modern SharePoint Team site


How can this be done?


@Toby Bianchi, is there a way to share a site with all users of a specific external domain without having to manually invite each of their hundreds of staff? In our B2B scenarios that requirement comes up quite often. 


Ideas appreciated.

New Contributor

 I echo Ingeborg's question. Is there a way to share a site with all users of a specific external domain without having to manually invite them??