MicrosoftHello Rafael Lopez-Uricoechea,
Is what Marco Scheel describes accurate?
I.e. will the new sharing experience wholly replace the existing back-end B2B invite system creating guest accounts?
I think there should be a way to tweak the new experience and perhaps provide an option to disable it, at least for users with Azure AD domains (work accounts).
The way this is configured at the moment prevents any sort of management of guest accounts (conditional access, MFA) and makes for a cumbersome experience when the user has to keep track of links and check emails for one-time passcodes. Further, as they are not logged in, can they seamlessly jump between documents?
In my testing I found two OTP emails were sent out per request and contrary to what the original post implies, the "External users must accept sharing invitations using the same account that the invitations were sent to" checkbox has no bearing on whether this new system is used or not.
Another point to consider is it's much easier for a guest user to circumvent policy by sharing a link to a single resource and forwarding the OTP by email or IM rather than having to share their corporate user/pass which carries greater privacy/security risks.
With this new system it seems in order to maintain control of guest accounts and discoverability of where they are used we will be forced to manually (batch) add users to AD B2B rather than allow the (old) SPO External Sharing workflow take care of it. This completely negates the original benefits of moving responsibilities of creating external user accounts to site/content owners rather than admins.
