Confusion with Guest Accounts

%3CLINGO-SUB%20id%3D%22lingo-sub-528779%22%20slang%3D%22en-US%22%3EConfusion%20with%20Guest%20Accounts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-528779%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20some%20confusion%20with%20users%20when%20it%20comes%20to%20sharing%20files%20with%20external%20guest.%26nbsp%3B%20Some%20external%20guest%20are%20getting%20the%20expected%20PIN%20email%3B%20while%20others%20are%20being%20prompted%20to%20login.%20For%20example%2C%20if%20I%20sent%20to%20an%20live.com%20email%20address%2C%20it%20seems%20it%20just%20wants%20me%20to%20login%20to%20my%20live%20account%20to%20access%20the%20file.%26nbsp%3B%20Can%20someone%20explain%20or%20verify%20this%20is%20how%20it%20is%20intended%3F%20If%20a%20persona%20has%20an%20Office365%20account%20or%20their%20company%20uses%20Office365%2C%20does%20it%20revert%20to%20them%20logging%20into%20their%20subscription%20in%20order%20to%20access%20a%20shared%20file%20instead%20of%20the%20new%20guest%20PIN%20procedure%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-528779%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EFiles%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPermissions%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-528916%22%20slang%3D%22en-US%22%3ERe%3A%20Confusion%20with%20Guest%20Accounts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-528916%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20there%20is%20a%20difference%20in%20how%20users%20with%20O365%20accounts%20are%20handled%20compared%20to%20how%20users%20with%20generic%20IDs%20are%20handled.%20Check%20out%20this%20article%20for%20more%20info%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fwhat-s-new-in-sharing-in-targeted-release%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fwhat-s-new-in-sharing-in-targeted-release%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-529174%22%20slang%3D%22en-US%22%3ERe%3A%20Confusion%20with%20Guest%20Accounts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-529174%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20way%20to%20see%20this%20in%20the%20logs.%20We%20are%20sharing%20a%20file%20to%20external%20recipients%20that%20are%20not%20part%20of%20IT.%20They%20do%20not%20know%20how%20this%20all%20works%20and%20it%20would%20be%20great%20for%20us%20to%20be%20able%20to%20review%20the%20logs%20and%20confirm%20they%20have%20a%20O365%20tenant.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20guess%20right%20now%20is%20that%20they%20were%20using%20O365%20and%20changed%20to%20Google%20Docs%20(the%20users%20confirm%20they%20use%20Google%20Docs%20now).%20But%20some%20how%20their%20IT%20department%20did%20not%20switch%20off%20their%20O365%20accounts%20causing%20this%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENeed%20a%20way%20to%20confirm%20this%20as%20the%20users%20don%E2%80%99t%20know%20or%20remember.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-532699%22%20slang%3D%22en-US%22%3ERe%3A%20Confusion%20with%20Guest%20Accounts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-532699%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20it%20should%20be%20reflected%20in%20the%20Unified%20audit%20log%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fsearch-the-audit-log-in-security-and-compliance%23sharing-and-access-request-activities%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fsearch-the-audit-log-in-security-and-compliance%23sharing-and-access-request-activities%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-534450%22%20slang%3D%22en-US%22%3ERe%3A%20Confusion%20with%20Guest%20Accounts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-534450%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%20I%20would%20have%20thought%20one%20of%20those%20would%20provide%20such%20information%20but%20it%20does%20not%20or%20at%20least%20not%20in%20whatever%20the%20case%20we%20are%20running%20into.%26nbsp%3B%20When%20these%20users%20attempt%20to%20access%20this%20resource%20and%20are%20prompted%20to%20login%20(which%20they%20do%20not%20know%20that%20information)%2C%20the%20activity%20is%20not%20reported%20in%20these%20logs.%26nbsp%3B%20%26nbsp%3B%20I%20have%20been%20able%20to%20confirm%2C%20that%20an%20anonymous%20link%20will%20work%2C%20so%20whatever%20the%20case%20is%2C%20it%20is%20related%20to%20this%20login%20issue.%26nbsp%3B%20Still%20waiting%20on%20Santa%20(I%20mean%2C%20Microsoft)%20to%20assist%20on%20this%20issue.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-542678%22%20slang%3D%22en-US%22%3ERe%3A%20Confusion%20with%20Guest%20Accounts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-542678%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6398%22%20target%3D%22_blank%22%3E%40Jeff%20Harlow%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHopefully%20I%20can%20help%20out%20here!%20Is%20the%20goal%20to%20be%20able%20to%20determine%20which%20type%20of%20user%20is%20accessing%20content%20via%20the%20audit%20logs%3F%20Thanks!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EStephen%20Rice%3C%2FP%3E%0A%3CP%3EOneDrive%20Program%20Manager%20II%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-542784%22%20slang%3D%22en-US%22%3ERe%3A%20Confusion%20with%20Guest%20Accounts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-542784%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F181%22%20target%3D%22_blank%22%3E%40Stephen%20Rice%3C%2FA%3E%26nbsp%3B%20Yes.%20Need%20to%20see%20in%20the%20logs%20in%20this%20case%20the%20user%20is%20another%20O365%20Tenant%20and%20having%20some%20form%20of%20failure.%20I%20think%20what%20I%20want%20to%20see%20is%20probably%20not%20possible%20as%20they%20are%20trying%20to%20log%20into%20their%20tenant%20and%20getting%20rejected%20but%20for%20whatever%20reason%2C%20it%20is%20wanting%20them%20to%20login%20to%20their%20tenant%20to%20access%20a%20document%20in%20our%20tenant.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20make%20things%20worse%20and%20what%20I%20am%20trying%20to%20get%20MS%20to%20provide%20a%20workaround.%20These%20users%2C%20a%20client%20of%20ours%2C%20no%20longer%20uses%20O365%20however%20their%20IT%20department%20apparently%20failed%20to%20disable%20their%20tenant.%20We%20are%20still%20trying%20to%20work%20with%20them%20to%20get%20into%20contact%20with%20their%20IT%20specialist.%26nbsp%3B%20But%20it%20seems%20that%20MS%20would%20have%20a%20way%20to%20provide%20us%20a%20bypass%20so%20they%20can%20still%20get%20in%20with%20the%20guest%20PIN.%26nbsp%3B%20Users%20are%20not%20the%20same%20as%20admins.%20%3A)%3C%2Fimg%3E%26nbsp%3B%20They%20know%20no%20different.%26nbsp%3B%20As%20I%20mentioned%20in%20my%20support%20case%2C%20MS%20needs%20to%20take%20in%20consideration%20when%20companies%20move%20from%20O365%20to%20another%20provider%2C%20in%20this%20case%20Google%20Docs.%26nbsp%3B%20%26nbsp%3B%20Sure%20we%20love%20to%20have%20everyone%20in%20one%20happy%20family%20but%20that%20is%20not%20always%20going%20to%20happen.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20took%20us%20two%20days%20just%20to%20determine%20they%20had%20an%20old%20O365%20tenant%20configuration.%20That%20too%20has%20been%20requested.%20There%20should%20be%20a%20way%20to%20check%20if%20a%20company%20is%20using%20O365.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Regular Contributor

I have some confusion with users when it comes to sharing files with external guest.  Some external guest are getting the expected PIN email; while others are being prompted to login. For example, if I sent to an live.com email address, it seems it just wants me to login to my live account to access the file.  Can someone explain or verify this is how it is intended? If a persona has an Office365 account or their company uses Office365, does it revert to them logging into their subscription in order to access a shared file instead of the new guest PIN procedure? 

 

6 Replies
Highlighted

Yes, there is a difference in how users with O365 accounts are handled compared to how users with generic IDs are handled. Check out this article for more info: https://docs.microsoft.com/en-us/sharepoint/what-s-new-in-sharing-in-targeted-release

Highlighted

Is there a way to see this in the logs. We are sharing a file to external recipients that are not part of IT. They do not know how this all works and it would be great for us to be able to review the logs and confirm they have a O365 tenant.

 

My guess right now is that they were using O365 and changed to Google Docs (the users confirm they use Google Docs now). But some how their IT department did not switch off their O365 accounts causing this issue.

 

Need a way to confirm this as the users don’t know or remember.

Highlighted
Highlighted

@Vasil Michev  I would have thought one of those would provide such information but it does not or at least not in whatever the case we are running into.  When these users attempt to access this resource and are prompted to login (which they do not know that information), the activity is not reported in these logs.    I have been able to confirm, that an anonymous link will work, so whatever the case is, it is related to this login issue.  Still waiting on Santa (I mean, Microsoft) to assist on this issue. 

Highlighted

Hi @Jeff Harlow,

 

Hopefully I can help out here! Is the goal to be able to determine which type of user is accessing content via the audit logs? Thanks!

 

Stephen Rice

OneDrive Program Manager II

Highlighted

@Stephen Rice  Yes. Need to see in the logs in this case the user is another O365 Tenant and having some form of failure. I think what I want to see is probably not possible as they are trying to log into their tenant and getting rejected but for whatever reason, it is wanting them to login to their tenant to access a document in our tenant.  

 

To make things worse and what I am trying to get MS to provide a workaround. These users, a client of ours, no longer uses O365 however their IT department apparently failed to disable their tenant. We are still trying to work with them to get into contact with their IT specialist.  But it seems that MS would have a way to provide us a bypass so they can still get in with the guest PIN.  Users are not the same as admins. :)  They know no different.  As I mentioned in my support case, MS needs to take in consideration when companies move from O365 to another provider, in this case Google Docs.    Sure we love to have everyone in one happy family but that is not always going to happen. 

 

It took us two days just to determine they had an old O365 tenant configuration. That too has been requested. There should be a way to check if a company is using O365.