May 04 2022 04:34 PM
May 04 2022 04:34 PM
Our company uses SharePoint/OneDrive to allow our customers the ability to share documents with their clients, also allowing clients to upload documents that sync back into our product.
In the last 3-4 weeks, we have had an upsurge in their clients having issues accessing their shared folders - largely receiving the error "User not in the directory"
Very few of the customers use guest access in SharePoint, which will create a guest account in Azure AD - Therefore the majority are using anonymous access to allow customers to open the link provided to them, enter their email address and then the code they receive.
This has worked for quite some time without issue. Lately, however, when they first open the link it asks for an email and password, then displays the "User not in the directory" error. During testing, my Gmail account receives a slightly different error - That Microsoft account doesn't exist. Enter a different account or get a new one. In comparison, my Hotmail account receives the user not in directory error as well.
Oddly though, if I close the browser and open the link again and then enter the same email address, it asks for a code... once I enter the code, I can access the shared folders. It appears that something isn't happening the first time, and that failure prompts something to happen so access is given on the second attempt.
If I look at the access permissions on the shared folders, the recipient is there. For whatever reason, they just can't access it....instead they are asked to enter their credentials and receive the error, which is obviously frustrating for them and not ideal for us.
I have tried different browsers, incognito modes and different test clients with different emails... It's very inconsistent, sometimes the code will be requested on the first attempt, and others the email and password are requested.
The hyperlinks in the emails are renamed, however it occurs even if the full URL is pasted into the email.
The audit log scripts for SharePoint that I have come across don't provide anything that points to what happens that first time, or anything of use for that matter.
When the issue started to be reported on a more frequent basis, this article was very much fresh off the press which may or may not be coincidental - https://docs.microsoft.com/en-us/sharepoint/troubleshoot/sharing-and-permissions/error-when-external.... We can see who the link is shared with and it's that account receiving the error. Having to re-invite each time is simply not a solution to the problem, not that I see external users show in the SharePoint shell anyway.
In short - Why are anonymous users being asked for a password when they should be asked for a code. Has something changed recently that interferes with anonymous access?
If any of you could provide some guidance on where I can look or what may be the cause it would be very much appreciated
May 08 2022 01:01 AMSolution
@marc_4621 Hello, external SharePoint sharing and OTP has been adjusted from time to time and the behavior will look different in tenants depending on the configured settings. To make the whole sharing process as smooth as possible I would verify 1) that the EOTP (Email one-time passcode) feature in Azure AD is toggled to "Enabled". 2) Enable the Azure AD B2B OneDrive and SharePoint integration.
You can read more about these two features here.
May 16 2022 06:55 PM
May 16 2022 10:14 PM