SOLVED

Why is file sharing not available in chat between external users (federation)?

Iron Contributor

Technically they both require having OneDrive with settings that allow the option "Specific People"

If they don't then get an error, but otherwise are there other reasons why this is not available?

11 Replies

They require OneDrive within the resource tenant, not to mention the number of compliance-related issues being able to do this would cause.

This is not true, when you share a file in your OneDrive with "Specific People" they don't need any specific tenant resource access. They get an email with the link and can access the file.

**No longer applicable**

I don't think that's the case, at least when you share a file from OneDrive. The recipient receives a one-time code in their email as one factor auth, and can access the file. they are not added as guests to the tenant of the user who shared the file

I also found this related thread

**No longer applicable**

@ChristianJBergstrom I am not sure that is even the part "Federated Sharing" is correct. He states:

 

Because Teams now uses the Office 365 sharing model, if you share a document in a chat with a federated user,

 

Sharing files in a chat with federated users is not available/supported which is the main point of this post

mikkele_0-1623225634960.png

 

**No longer applicable**

@ChristianJBergstrom I still pretty sure that what he says is incorrect and not supported. You can test it yourself by creating a demo tenant at https://cdx.transform.microsoft.com (assuming you have MS subscription) or just initiate a chat with someone outside your org who also uses Teams. You will see that there is no attachment option. Again, this is the reason for this very post 

mikkele_0-1623237595001.png

 

**No longer applicable**

look mate instead of relying on that guy why don't you test it and come to your own conclusion? just a suggestion :)
best response confirmed by ChristianJBergstrom (MVP)
Solution

Wrapping it up for future reference.

 

Federated chat file sharing will not work, that is native behavior. You can actually send the file using the attachment icon, doing it in a specific order, but the federated receiver won't be able to open the file. The private chat files are stored in the sender's OneDrive folder and permissions are evaluated on the participant as part of the file sharing process. They don't have access. But you can use the ad-hoc external sharing as a workaround using the above attachment icon before adding the person in the To: field.

 

When you have enabled EOTP under External identities in Azure and AAD B2B using Set-SPOTenant -EnableAzureADB2BIntegration $true Set-SPOTenant -SyncAadB2BManagementPolicy $true the federated user will get a Guest account when sharing a file using "Specific people" or "People currently in this chat".

 

File sharing in general.

 

If using anyone-links you're not using federated/external access/guest access as it's unauthenticated sharing that makes it work.

 

If an org. doesn't allow anyone-links you'll need to authenticate with either the "external sharing experience in OneDrive for Business and SharePoint Online" or using "Azure AD B2B Collaboration".

 

The former was introduced some years ago so the support for external sharing in OneDrive/SharePoint Online started before Azure AD developed its support.

 

The OD/SP solution was introduced to smoothen external sharing using secure links with verification codes. The latter that has been in preview for long involves enabling EOTP and AAD B2B sharing that will create a B2B guest account for the external users. It has been said that the AAD B2B integration (enabled default for all tenants not opting out in October 2021) will replace the secure link process, i.e. the ad-hoc external sharing with OTP.

 

Microsoft 365 guest sharing settings reference | Microsoft Docs

1 best response

Accepted Solutions
best response confirmed by ChristianJBergstrom (MVP)
Solution

Wrapping it up for future reference.

 

Federated chat file sharing will not work, that is native behavior. You can actually send the file using the attachment icon, doing it in a specific order, but the federated receiver won't be able to open the file. The private chat files are stored in the sender's OneDrive folder and permissions are evaluated on the participant as part of the file sharing process. They don't have access. But you can use the ad-hoc external sharing as a workaround using the above attachment icon before adding the person in the To: field.

 

When you have enabled EOTP under External identities in Azure and AAD B2B using Set-SPOTenant -EnableAzureADB2BIntegration $true Set-SPOTenant -SyncAadB2BManagementPolicy $true the federated user will get a Guest account when sharing a file using "Specific people" or "People currently in this chat".

 

File sharing in general.

 

If using anyone-links you're not using federated/external access/guest access as it's unauthenticated sharing that makes it work.

 

If an org. doesn't allow anyone-links you'll need to authenticate with either the "external sharing experience in OneDrive for Business and SharePoint Online" or using "Azure AD B2B Collaboration".

 

The former was introduced some years ago so the support for external sharing in OneDrive/SharePoint Online started before Azure AD developed its support.

 

The OD/SP solution was introduced to smoothen external sharing using secure links with verification codes. The latter that has been in preview for long involves enabling EOTP and AAD B2B sharing that will create a B2B guest account for the external users. It has been said that the AAD B2B integration (enabled default for all tenants not opting out in October 2021) will replace the secure link process, i.e. the ad-hoc external sharing with OTP.

 

Microsoft 365 guest sharing settings reference | Microsoft Docs

View solution in original post