Hi @Maxwell Shifman ,

Hopefully I can shed some light here :) 

At the moment, when you share to an entirely new person (i.e. never been shared to before) from ODB and share via the "specific people" option, one of two things can happen. If the recipient is an O365 user, when they redeem the link, they will be added to your directory as a full guest user (note that there are some cases where this may not occur). If they are not an O365 user, they are only instantiated on that site collection (or OneDrive).

This will all change in a few months when we fully migrate over to Azure B2B as the backing guest account service for ODB/SPO (as announced/demo'd at Ignite). Once done, all new shares will result in guest accounts being created.

The biggest difference between guest account created/not created is how you apply management & policy to those users.

Hope that helps!

Stephen Rice

OneDrive Program Manager II

Hi @Stephen Rice 

Could you please update whether currently, every share creates a guest user in AAD? 

Thanks

Hi @roniy,

As of this moment, the answer is no, every share (from OneDrive or SharePoint) does not create a guest user. Some do (as discussed above) but the Azure B2B integration I mentioned previously is still opt-in at the moment. Hope that helps!

Stephen Rice

Senior Program Manager, OneDrive

Thank you @Stephen Rice for the quick reply.

I would like to understand exactly in which cases a guest user is created. Is there any documentation about this you can point me to? 

Hi @roniy,

The closest we have is this: https://docs.microsoft.com/en-us/sharepoint/what-s-new-in-sharing-in-targeted-release

Hope that helps!

Stephen Rice

Senior Program Manager, OneDrive

Thank you @Stephen Rice!

Last question: is there a difference between sharing a site and sharing a file/folder in this regard? 

Hi @roniy,

Do you mean for the expiration feature? There is no difference for this feature. 

Going a little more technical: Each site/OneDrive has an object called the User Info Table which stores information about the users who have access to content (regardless of whether they were added to the entire site or to a single file or folder). This expiration feature adds an expiration date to that user's entry in the User Info Table so that when they expire, they lose access. 

Hope that helps!

Stephen Rice

EDIT FOR POSTERITY: This probably belonged in a different thread and isn't directly related to this subject matter :)

@Stephen Rice 

That's helpful, thanks! 

Actually I was asking about the creation of guest users in AAD - is there a difference between sharing a site and sharing a file/folder? 

I commented on a few different threads so sorry for the confusion :)

@roniy,

Ha! You are totally right! My mistake :)

To answer your actual question, yes, there are differences between file/folder sharing and site sharing (especially when Azure B2B integration is disabled). Site sharing requires account creation (either AAD or MSA) while file/folder sharing go through the One Time Passcode flow (which doesn't always result in account creation).

Once Azure B2B is enabled, both file/folder sharing and site sharing go through the same B2B flow which results in guest account creation :) 

Hopefully this answers your actual question this time! :D

Stephen

Hi @Stephen Rice , I have a related question:

 Can external users (not in AAD) be added to SharePoint groups?

@Stephen Rice Just wondering about the "Azure B2B as the backing guest account service for ODB/SPO"? Are all tenants now using the new way of sharing?

@Jonas Back, the short answer is "it's complicated, but getting less so" :)

All new tenants as of June 2023 have Entra B2B Integration with SPO on by default. All guest sharing will go through B2B as a result.

For existing tenants, they can opt into using B2B in all cases if desired. Otherwise file/folder sharing will use B2B accounts (if the guest already exists) or SharePoint one time passcode (if they do not). Sharing a site with a guest will always use B2B. There are a few other minor edge cases that use the legacy SharePoint Invitation Manager but we are working on deprecating those.

Hopefully this all makes sense but let me know if you have any questions!

Stephen Rice

Principal Product Manager, OneDrive

@Stephen Rice It's mainly the scenario when sharing a file/folder (if user that does not exist) I'm wondering about - any timeline when this will default to B2B rather than SharePoint OTP?

@Jonas Back nothing to share as of yet. Directionally, this is where we are going but will take us time to get there. As we start moving there, you can expect to see a Message Center post with the plan and timelines (with plenty of time for organizations to prepare!). Thanks!

Stephen Rice

Principal Product Manager, OneDrive