cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Sharepoint Guest Users

Deleted
Not applicable

‎Jun 27 2018 10:43 PM - last edited on ‎Feb 01 2023 10:39 AM by

‎Jun 27 2018 10:43 PM - last edited on ‎Feb 01 2023 10:39 AM by

Sharepoint Guest Users

Hi All,

 

We are using Sharepoint online to share documents with users outside of our organisation. We have enabled the option that users need to authenticate from the email address that they receive the document sharing invite on. They receive the document email and then they need to enter the verification code to access the document. 

 

We are finding that some external users get the verification code email and other external users are almost being treated as internal users and are getting direct access however they are prompted to login with a MS account which of course they dont have and therefore unable to access the document.

 

When we look at the sharing links, the links that are shared with users that dont have any issues include the email that the verification code needs to be sent to, whereas the problematic users get links that dont include the verification code email address.

 

When we investigated further we found the problematic users are being added as Guest users in our Office Admin Portal and I dont know why this is happening.

 

When I share a document with my personal email address it works fine and I dont appear in the guest users group and for most other external users, the case is the same. There are about 25 external users which are having issues. Once I delete the Guest users, the issue no longer exists.

 

This issue has only presented itself in the last 2 weeks or so.

 

Any assistance would be greatly appreciated and hope this all makes sense, admittedly it took me a while to get the exact details of the problem after it was first reported.

 

thanks

 

trev

Labels:
14.7K Views
0 Likes
9 Replies
Reply
9 Replies
Juan Carlos González Martín

‎Jun 27 2018 11:09 PM

‎Jun 27 2018 11:09 PM

Re: Sharepoint Guest Users

Ey Trevor,

Just a quick question: Do those problematic users exist in your tenant as guests or in all cases the guests have never accessed to your tenant? Adding @Stephen Rice

0 Likes
Reply

‎Jun 27 2018 11:18 PM

‎Jun 27 2018 11:18 PM

Re: Sharepoint Guest Users

Hey Juan,

 

The problematic users are appearing as Guest users in our tennant ie Office365 Admin Portal -> Users -> Guest users and also in our Active Users but are identified as #EXT# and are automatically being added.

 

 

As far as I know, our staff are simply selecting documents to share and then entering the external users email address to begin the process, unless they are sharing a document in such a way to be causing this issue, but I dont see how. They are not sharing the entire Sharepoint site, just particular folders in document Library.

 

Thanks

 

Trev

0 Likes
Reply

‎Jun 28 2018 01:16 PM

‎Jun 28 2018 01:16 PM

Re: Sharepoint Guest Users

If anyone is getting added to Microsoft Teams, or any other of the group connected products that support guest access there will be guest accounts created for those users and it will "break" the code method and require sign in due to the fact that account exists in the directory as you have discovered.

Other way include sharing using Classic SharePoint sites and the share command, use the old sharing method and will also add users as guests to your AD when using the old authenticated sharing method in the classic UI.

It's possible those accounts are coming from one of these, but once added, that code will no longer function for those users which is unfortunate.
0 Likes
Reply

‎Jun 28 2018 06:46 PM

‎Jun 28 2018 06:46 PM

Re: Sharepoint Guest Users

Hi Christopher, thanks for the info.

 

As far as I know, our staff are sharing folders with external staff via Sharepoint Online. Would simply sharing a folder add the external user to our tenant as a guest user ? Its strange as I have shared documents with my personal email and I dont appear in the guest user list.

 

We have had the sharepoint site in place for about 6 months now and the issue has only appeared in the last 2 to 3 weeks so I am not sure what has changed. 

 

Thanks

 

Trev

0 Likes
Reply

‎Jun 28 2018 08:14 PM

‎Jun 28 2018 08:14 PM

Re: Sharepoint Guest Users

Na, sharing the folder isn't doing it, that works fine long as there isn't already a guest account. Looks like they have shored up all the classic experience to work properly since I'm trying to reproduce it.

The one thing that will create a guest account still thou is someone clicking the cog wheel from anywhere in the modern UI and selecting "Site Permissions" then invite people. I could see users easily doing that instead of share and that will send an e-mail even external users which will create guest account right then and there soon as they get that invite and login with any work or personal Microsoft account. Are you seeing these guest accounts on the site level permissions by chance? Other than that I can't see how outside of them being invited somewhere else in 365 such as Planner, Teams, Groups etc.
0 Likes
Reply

‎Jun 28 2018 08:43 PM

‎Jun 28 2018 08:43 PM

Re: Sharepoint Guest Users

Something else that might help pinpoint where they come from, if you have access to security center, run an audit log and select "Created Sharing Invitation", this I think will show you the full sharing invites that would create guest user accounts. This might let you find some you have seen and maybe see who's doing it and for what resource?

 2018-06-28_22-22-04.jpg

0 Likes
Reply

‎Jun 28 2018 09:37 PM

‎Jun 28 2018 09:37 PM

Re: Sharepoint Guest Users

Thanks for the info Christopher, it has been very helpful. Going through the logs now to see if I can find any anomalies.

 

trev

 

0 Likes
Reply
James Collard

‎Aug 02 2018 03:13 AM

‎Aug 02 2018 03:13 AM

Re: Sharepoint Guest Users

Sorry to reopen this a month later, but am finding the same issue with random people we've shared with appearing on our user list as guests.

 

If I search the audit log for 'shared file, folder or site', then these users appear in the log. Under detail it specifies 'Shared with "Limited Access System Group" ("SharePointGroup")'

 

Two have shown up so far and were both part of a group who were granted access to a file through the share option in a user's OneDrive.

 

My best guess is that this is only happening for people that also have an Office 365 Account and so the system is adding them as guests on ours, but should it be happening at all if we've shared a solitary file?

 

Did you ever discover the cause of the issue on your end Trevor?

0 Likes
Reply
adam deltinger

‎Oct 17 2018 09:40 AM

‎Oct 17 2018 09:40 AM

Re: Sharepoint Guest Users

As I remember it, from default sharing in sharepoint if the guest address is an office 365 address it will be added to the azure ad as guest and they use their own account to login and other ones will get the code
0 Likes
Reply