Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Collaborate with anyone in any organization with any email address!
Published Jan 04 2021 09:00 AM 34.9K Views

Howdy folks,

 

We’ve heard from you that interconnected supply and distribution chains, and vendor models are bringing B2B partners directly into your business, where secure and seamless collaboration is more important than ever. We also know how painful it can be for IT managers to keep track of guest user accounts, and for end users to remember multiple usernames and passwords. We are continually improving our Azure AD External Identities solution with more support for bring-your-own-identity (BYOI) options.

 

Today, we are announcing another enhancement to our BYOI story with the general availability of email-based one-time passcode (email OTP) feature for collaboration.

 

With email OTP, org members can collaborate with anyone in the world by simply sharing a link or sending an invitation via email. Invited users prove their identity by using a verification code sent to their email account. Once authenticated, each session providing access to the shared resource lasts 24 hours. On subsequent sign ins, users receive a new one-time code via email, which they must enter to prove continued ownership of the email account and continue receiving access.

 

Nicole, a marketing consultant to Woodgrove Bank, accesses Woodgrove resources by verifying her email address.Nicole, a marketing consultant to Woodgrove Bank, accesses Woodgrove resources by verifying her email address.

 

Azure AD treats email OTP-based users like other B2B guests, making them subject to security policies set by your organization such as Conditional Access, Multi-Factor Authentication (MFA) and periodic access reviews.

 

Email OTP is also being rolled out worldwide in Microsoft Teams preview mode.

 

To get started with email OTP, check out the documentation here. As always, we invite you to share any questions or feedback about the feature through the Azure forum or @AzureAD on Twitter.

 

Alex Simons (@Alex_A_Simons)

Corporate Vice President of Program Management

Microsoft Identity Division

 

 

Learn more about Microsoft identity:

 

11 Comments
Iron Contributor

How does this apply to Teams, SharePoint, and OneDrive? If I invite someone to a Team, or share a single file or folder in SharePoint with someone, how do they get back to that Team or item that was shared with them? Do they have to keep the email invitation forever and always start at that email to get back to the content that was shared with them?

Copper Contributor

Is this still restricted/constrained by the AzureAD External Collaboration settings, so if one is using the Allowed Domains list, invites can still only be sent to those domains?

 

What does the error look like if you attempt to send an invite to a domain not on the Allowed Domains list, or if you do not have Invite permissions?

Copper Contributor

How does this apply to Azure Government or GCC-High tenants?

Microsoft

Hi @Kevin McKeown, no, the invited user does not need to hold onto the email. They can request for a new code.

Microsoft

Hi @KeithBachmanTP, yes, if you have Allowed Domains list configured in Azure AD External Collaboration settings, invitations can only be sent to and redeemed by those that are on the allowed list. 

 

If the invitation is sent to a domain that is not allowed, then the error today will say "You can't get there from here." We are working on improving the error message.

Iron Contributor

@lipar7 You are misunderstanding my question. I am not asking about the OTP code email. I am asking how external users get back to various content that was shared with them. Do they bookmark the URL once they have accessed the shared content the first time? Do they hold on to the initial invitation email that they received, which includes a link to the shared content? (This is what most people do.) 

Is there a better way for external users to get back to content that was shared with them?

Microsoft

Hi @gibsonProperties, Email OTP is not available in those clouds yet, but we are currently working on it.

Microsoft

@Kevin McKeown That is correct. The link in the email points to the organization in which the invited user is trying to sign in and access content, so the best way to revisit this later is to save or bookmark the link that was in the email. I am not aware of any other better way to get back to content.

Copper Contributor

@lipar7 Will external sharing in Azure Government be the same as commercial Azure?  When is the estimated beta as I have not been able to find anything on blogs or roadmaps etc? Is there a specific team blog I should follow?

 

Regards

Brass Contributor

From a security perspective, when using OTP is layering with additional MFA an over-kill?

Microsoft

@gibsonProperties we announced the availability of Email One-Time Passcode in the Azure US Gov cloud in this blog and our documentation explains the details. Thanks!

Version history
Last update:
‎Dec 18 2020 01:55 PM
Updated by: