Feb 25 2021 06:50 AM
Feb 25 2021 06:50 AM
Technically they both require having OneDrive with settings that allow the option "Specific People"
If they don't then get an error, but otherwise are there other reasons why this is not available?
Feb 25 2021 09:30 AM
They require OneDrive within the resource tenant, not to mention the number of compliance-related issues being able to do this would cause.
May 14 2021 08:07 AM
May 15 2021 02:51 AM - edited Jun 10 2021 06:03 AM
@mikkele @Vasil Michev I think it should be added to the conversation that when you use sharing links (not anyone-link) with a federated user they are being added as guests in the resource tenant because that's what's making the federated user able to access the file, not being a federated user anymore.
Jun 08 2021 04:24 AM - edited Jun 08 2021 04:27 AM
I don't think that's the case, at least when you share a file from OneDrive. The recipient receives a one-time code in their email as one factor auth, and can access the file. they are not added as guests to the tenant of the user who shared the file
I also found this related thread
Jun 08 2021 05:07 AM - edited Jun 10 2021 06:08 AM
Hi, I think I recall the default sharing setting in OneDrive is "anyone" and for Groups/Teams "new and existing guests". Meaning the former anyone with access to the link have permission. While the latter requires authentication. You can change these of course depending on org. policy.
The OTP you mention is the authentication and you can read more about that process in the last post in this conversation.
Jun 09 2021 01:03 AM - edited Jun 09 2021 01:05 AM
Because Teams now uses the Office 365 sharing model, if you share a document in a chat with a federated user,
Sharing files in a chat with federated users is not available/supported which is the main point of this post
Jun 09 2021 01:13 AM - edited Jun 09 2021 01:19 AM
The table is correct, but as the article says (Mr Redmonds) is that when you share files with a federated user in a chat, a guest account is created for that user in order for the federated user to access that document. Then the user isn't federated any longer and not using external access but instead being a guest user with access to it. Guest access in tenant must be enabled obviously. Unfortunately I have no way of testing this scenario.
Sometimes the docs are just not clear and sometimes they can even be wrong, if you remember the "anonymous vs external" GitHub correction I submitted a while ago.
Jun 09 2021 04:20 AM
@ChristianJBergstrom I still pretty sure that what he says is incorrect and not supported. You can test it yourself by creating a demo tenant at https://cdx.transform.microsoft.com (assuming you have MS subscription) or just initiate a chat with someone outside your org who also uses Teams. You will see that there is no attachment option. Again, this is the reason for this very post
Jun 09 2021 04:25 AM
Jun 09 2021 04:31 AM
Jun 09 2021 05:20 AM - edited Jun 09 2021 11:40 PM
@mikkele I tend to listen to other MVPs as they are skilled ;) And if I would reproduce all scenarios in here I wouldn't have a day job! I mean, you ask all these questions, get answers, keep on asking questions on the same topic. Where I and many others have already replied. It was the same case with "all externals are anonymous to teams meetings" where you didn't want to hear me out as I informed you the docs was wrong.
External access file sharing is not supported while guest access file sharing is so the table is correct. But I think the whole docs sharing process should be updated when it comes to sharing links with externals. Are you in External access/federation only-mode with Guest access disabled? Then you won't be able to replicate the article as a guest account cannot be created. If you can't seem to follow @Tony Redmond article tell him the article is incorrect so he can update it. It's open for comments.
And just share the "OneDrive" link with suitable permissions as a workaround, depending on org. config, also posted by @Chris Webb in addition to Tony's article.
I assume anyone-links are not involved as those really shouldn't be used as anyone have access. Meaning the following settings which will affect the sharing process. So you would have to have guest access enabled for "new and existing guests" for example. And the "Specific People" is also common for sharing with guests. If you share with federated user you'd have to enable guest access.
Well, there was some good docs there!
Secure external sharing in SharePoint - SharePoint in Microsoft 365 | Microsoft Docs (the above will replace)
Jun 14 2021 01:05 AM - edited Jun 14 2021 06:17 AMSolution
@mikkele I'm wrapping it up for future reference.
If using anyone-links you're not using federated/external access or guest access. You're using unauthenticated sharing and that's why it works.
If the org. doesn't allow anyone-links and the settings are set to "New and existing guests" for ex. with authentication requirement you'll need to have guest access enabled.
These are the best official docs I've found.