If XYZ Inc disables John Smith's Azure AD account, will John still be able to access documents shared on my company's SharePoint and OneDrive as a Guest User in my Azure AD?

frob 4,216 Reputation points
2021-09-30T00:12:54.887+00:00

Hi there

  • My company's users shared some files on OneDrive and SharePoint with an external user at john@xyz .com (by adding him as a Guest User).
  • Now, XYZ.com (external company) disables john@xyz .com's account in their Azure AD.
  • Will this external user john@xyz .com still be able to access documents shared by our users on our company's SharePoint and OneDrive (if he still exists in our Azure AD as a Guest user)?

Thank you.

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,680 questions
OneDrive Management
OneDrive Management
OneDrive: A Microsoft file hosting and synchronization service.Management: The act or process of organizing, handling, directing or controlling something.
1,135 questions
Accepted answer
  1. JoyZ 18,041 Reputation points
    2021-10-05T09:22:38.547+00:00

    @frob ,

    There is no official article to confirm this behavior, however as long as the account is disabled, no matter what Microsoft 365 service is logged in, an error will appear:

    Your account has been locked. Contact your support person to unlock it, then try again.

    Here is my simple test for your reference:

    1.This is an external user in Tenant A:
    137713-image.png
    2.Share a file link via "People you specify can view" as shown below:
    137741-image.png
    3.Diable the user in Tenant B:
    137733-image.png
    4.Wait a few minutes, when I copy the link and open it in the browser privacy mode, when I try to log in, an error appears:
    137751-image.png

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Echo Du_MSFT 17,116 Reputation points
    2021-09-30T06:52:05.287+00:00

    Hi @frob ,

    According to my test, if you select "Anyone with the link" option to share files with jone@xyz .com. Then even if jone@xyz .com is disabled in Azure AD, jone@xyz .com can still access view these shared files.

    But if you share files with jone@xyz .com through other options, jone@xyz .com will be affected, that is, he cannot see these shared files.

    136582-share-with.png

    Share Link Settings:

    • Anyone with the link
    • People in <your organization> with the link
    • People with existing access
    • Specific people

    Note: Except for the first option, which can be accessed anonymously, all other options require authentication.

    Reference:

    Thanks,
    Echo Du

    =========================

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.