Nov 13 2021 07:44 AM
Nov 13 2021 07:44 AM
I am a Sharepoint and O365 admin (not super admin) for my organization.
For all our sites the current External sharing setting is: "New and existing guests - Guests must use sign in or provide a verification code".
Whenever I want to share a site with an external user, I create a guest account on Azure, add them to the Sharepoint group, and they can navigate normally.
There is one site created for this specific business partner of ours, let's call them P. There is one user guest1@P.com that is able upload, edit, etc. normally on our site since April-August 2021. But recently, they have been receiving the error:
This username may be incorrect. Make sure you typed it correctly. Otherwise, contact your admin
We checked on our Azure directory, and the guest username invited is still the same, we did not make any changes to any setting. Other external sites and guest users are still working normally.
We tried incognito, clear cookies, different browser.
Our local O365 provider IT support insisted that we have to open the External sharing setting to "Anyone - Users and share files and folders using links that don't require sign-in", and explained that Microsoft is changing their policy so guest1@P.com error was the result of that.
I'm not satisfied with their answer since all our other sites with the guest setting are still working, and we certainly do not want our Sharepoint links to be public. Any other suggestion to the solution will be appreciated. Can anyone please share the notice of this policy change if possible?
Nov 13 2021 11:22 AM
Nov 14 2021 09:03 PM
@ChristianJBergstrom thank you! I've tried re-inviting and the user received the following error:
Their organization probably changed their policy recently. I am also informed that their domain is a Microsoft one, so they probably run Azure. Their IT is not very savvy, so I may have to help them.
I've searched for this article about enabling: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-self-service-sign...
However, I'm not very sufficient with PowerShell, is there a way to make settings in the Azure interface?
Nov 15 2021 12:44 AM
Nov 19 2021 10:04 PM
@ChristianJBergstrom this is from my org setting:
Am I correct to infer that the problem is not from our side?
I want to clarify the re-invitation issue:
- The user from p.com did receive an email invite, prompted to sign up for MS account
- They also get a verification code
- Once clicked Finish, they received:
the blurred out names are p.com (partner's domain)
Nov 20 2021 04:08 AM
@camha Hello again, I've actually never worked with Set-MsolCompanySettings as I've haven't stumbled across a scenario that required that config. But let me add some parts that might explain it further.
Indicates whether users can join the tenant by email validation. To join, the user must have an email address in a domain which matches one of the verified domains in the tenant. This setting is applied company-wide for all domains in the tenant.
AllowEmailVerifiedUsers controls whether users can join the tenant by email validation. To join, the user must have an email address in a domain which matches one of the verified domains in the tenant. This setting is applied company-wide for all domains in the tenant. If you set that parameter to $false, no email-verified user can join the tenant.
AllowAdHocSubscriptions controls the ability for users to perform self-service sign-up. If you set that parameter to $false, no user can perform self-service sign-up.
AllowEmailVerifiedUsers and AllowAdHocSubscriptions are tenant-wide settings that can be applied to a managed or unmanaged tenant.
Here's an example where:
You administer a tenant with a verified domain such as contoso.com
You use B2B collaboration from a different tenant to invite a user that does not already exist (firstname.lastname@example.org) in the home tenant of contoso.com
The home tenant has the AllowEmailVerifiedUsers turned on
If the preceding conditions are true, then a member user is created in the home tenant, and a B2B guest user is created in the inviting tenant.
As the message indicates that the other org. has this disabled this you should probably reach out to them and either have them create an account or toggle this setting to true.
Let me know how it goes, I like learning new stuff!