This document is intended to help end users understand what options to select when sharing with external users and what the end-user experience will be.
We also provide resources for end-users so that they understand what to expect.
How to Share
End-users should follow the instructions below to share with external recipients:
There are currently several different possible recipient experiences depending on the type of Sharing link selected by the sharing user (either Anyone or Specific Users) and how the tenant is configured.
The Standard Sharing configuration doesn’t allow users to open files in Office Apps in most configurations, and for most users requires users to authenticate with a one-time password every time. However the recently released “SharePoint and OneDrive Integration for Azure AD B2B” feature extends the options available significantly.
This table and the accompanying notes explain what you can expect when sharing Files and Folders in SharePoint or OneDrive:
|Type of Sharing link||Tenant Config||Sign-in experience?||Access Methods|
|Anyone with the link||Standard Sharing||None required||Web Browser|
|Anyone with the link||Azure B2B||None required||Web Browser|
|Specific Users||Standard Sharing||OTP (every time)1||Web Browser|
|Specific Users||Azure B2B||Guest/Federated or OTP2||Web Browser, Office Apps3|
1 OTP will be required every time, with the exception of users who have a corresponding Microsoft Account.
2 Users with any Office 365 account or Google/Gmail account will typically be asked to do OTP authentication the first time they access files and then will be able to sign in with their accompanying 365 or Google account on following attempts. Other users will be authenticated by OTP each time.
3 Users will be able to open shared files in the Office Suite, but a licensed copy of Office 365 corresponding to the account they are using is required. It is also possible for the sharing tenant to assign a license to their Guest account, if Office Suite capability is required.
Based on the above, GreenLoop recommends the following configuration in order to achieve the optimal recipient-user experience:
- Make the Share with Specific Users option the default org-wide setting.
- Configure the “SharePoint and OneDrive Integration for Azure AD B2B” feature setting.
If you’re not sure whether either of these options are enabled, please reach out to GreenLoop and we’d be glad to confirm this for you, or provide recommendations for how to implement this smoothly.
Optimal Recipient-User Experience
Once those recommended features are in place, the recipient experience will be as follows:
- They will receive a link notifying them that a file has been shared with them:
- If they haven’t logged in to this tenant before (this is the first time anyone in your organization has shared files with them), they will be prompted to sign in with a one-time code that will be sent as a separate email:
- They may be asked to Review and Accept permissions. It is safe for them to do so; they’re just allowing us to create a guest account for them:
- On subsequent logins, or if they have signed in before:
- Users with an existing Office 365, Microsoft, or Google Account will be able to login directly with that account.
- Users without one of those accounts will be prompted to authenticate with OTP.
- Users will be able to open shared files in the Office Suite, if they have appropriate licensing. You can also assign licensing to their Guest account in your Office 365 tenant.