MicrosoftI'm really afraid of this change. I've noticed this feature in an Ignite session and it sounded great. But as Benjamin Niaulin I've got confused about the implementation. If this is replacing the current option this will be a major step back for all users receiving an invitation having an AAD account. In the "past" this was a great experience and in my opinion super secure. Now you replace this feature with a less secure method. For example:
In Tenant Contoso I create a O365 Group and allow external email communication (fake.marco.scheel@contoso.onmicrosoft.com). On Tenant Fabrikam a user wants to share with Contoso. So I give the Fabrikam user my fake email address and I will receive all communication in the O365 Group and now everyone with access to the group at Contoso can access the shared files/folder in the Fabrikam tenant. Even without a group I could easily share the "account" with my colleagues if I forward the PIN to the other user. The current system is not bullet proof, but we have a lot of control. We have customers that apply conditional access to all #EXT# users to enforce additional Microsoft MFA to access tenant content.
Yes all of this is still solvable with a proper custom Azure AD B2B collaboration solution, but this is not a OOB solution. Any chance to postpone this change? It solved the problem of people not getting the Invite Redeem model (current version). I didn't see any uproar on twitter or blogs so far. Not sure if I'm the only one, but I think this is a pretty dramatic change. I'm open to any calls or discussions you want/should start :)
