Nov 27 2017
11:50 AM
- last edited on
Feb 10 2023
02:35 PM
by
TechCommunityAP
Nov 27 2017
11:50 AM
- last edited on
Feb 10 2023
02:35 PM
by
TechCommunityAP
Our Tenant currently has "Sharing - Let users add new guests to the organization" set to Off. All the external sharing settings for SharePoint/OneDrive for Business (ODFB) and Microsft Teams guest are set to on to the maximum permissive level. When users share a file in ODFB to a specific external user who has an external Microsft account, such as Hotmail account, or another O365 Tenant account, the account will be automatically added as Azure AD guest. However, in Microsoft Teams when users add a guest user as the Teams member who has a different O365 Tenant account, the guest user has to already exist in the Azure AD or it will report no permission. The account cannot be automatically added to Azure AD as a guest user. I wonder how come ODFB can override the Tenant level setting "Sharing - Let users add new guests to the organization", which cause the inconsistent behavior and hard to control the guest provision? Is there any way to disable this gust account self-provision with ODFB but not affect it guest link sharing?
Nov 27 2017 03:12 PM
Nov 27 2017 03:37 PM
But this creates a loophole. Let's say I am an Office 365 end user on our Tenant, where "Sharing - Let user add guest" is off. I try to invite an external gust into a Microsoft Teams. Because "adding a guest" is not allowed, which is intended, I cannot add any new external users to the Teams but can add only those guest users who are already in our Azure AD. As a workaround, I can just to go to my ODFB and pick a file and share it with the same external users that I planned to invite to the MS Teams. The external user accepts ODFB sharing and he/she would then be added to our Azure AD as a guest. After that, I can easily add the guest to the Teams without Administrator involvement, and thus avoid the blocking setting of "adding guest".
My question here is that how to block the ODFB adding guest users but still allow shareable links.
Thanks
Nov 27 2017 03:42 PM