question

frob avatar image
0 Votes"
frob asked AlexZhu-MSFT edited

If XYZ Inc disables John Smith's Azure AD account, will John still be able to access documents shared on my company's SharePoint and OneDrive as a Guest User in my Azure AD?

Hi there

  • My company's users shared some files on OneDrive and SharePoint with an external user at john@xyz.com (by adding him as a Guest User).

  • Now, XYZ.com (external company) disables john@xyz.com's account in their Azure AD.

  • Will this external user john@xyz.com still be able to access documents shared by our users on our company's SharePoint and OneDrive (if he still exists in our Azure AD as a Guest user)?

Thank you.












office-sharepoint-onlineoffice-onedrive-client-itpro
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @frob ,

Nice to see you again.

Can you tell me whether jone@xyz.com belongs to an external user or an internal user?

Thanks,
Echo Du

0 Votes 0 ·

Hi @EchoDu-MSFT
Good to see you as well.
john@xyz.com is an external user and his company disabled his account in their Azure AD.
I just edited and clarified my question as well,

Thanks.

0 Votes 0 ·
JoyZ avatar image
0 Votes"
JoyZ answered EchoDu-MSFT commented

@frob,

There is no official article to confirm this behavior, however as long as the account is disabled, no matter what Microsoft 365 service is logged in, an error will appear:

Your account has been locked. Contact your support person to unlock it, then try again.

Here is my simple test for your reference:

1.This is an external user in Tenant A:
137713-image.png
2.Share a file link via "People you specify can view" as shown below:
137741-image.png
3.Diable the user in Tenant B:
137733-image.png
4.Wait a few minutes, when I copy the link and open it in the browser privacy mode, when I try to log in, an error appears:
137751-image.png



image.png (28.4 KiB)
image.png (11.2 KiB)
image.png (29.7 KiB)
image.png (44.5 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @JulieWang-MSFT
Thank you so much. As your answer is a comment so I am unable to mark this as the Accepted Answer.
If you post this as an answer, I can mark this as accepted (hopefully this can help anyone else who comes to this thread).

The test screenshots are really appreciated.

Thank you again!

0 Votes 0 ·

Hi @frob ,

Thanks for you reply. I have converted the comment into an answer.

Thanks,
Echo Du

0 Votes 0 ·
EchoDu-MSFT avatar image
0 Votes"
EchoDu-MSFT answered EchoDu-MSFT converted comment to answer

Hi @frob ,

According to my test, if you select "Anyone with the link" option to share files with jone@xyz.com. Then even if jone@xyz.com is disabled in Azure AD, jone@xyz.com can still access view these shared files.

But if you share files with jone@xyz.com through other options, jone@xyz.com will be affected, that is, he cannot see these shared files.

136582-share-with.png

Share Link Settings:

  • Anyone with the link

  • People in <your organization> with the link

  • People with existing access

  • Specific people

Note: Except for the first option, which can be accessed anonymously, all other options require authentication.

Reference:

Thanks,
Echo Du
=========================
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.





share-with.png (27.5 KiB)
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @EchoDu-MSFT
I understand your first comment that after xyz.com disables John@xyz.com, he can still see the link if shared via "Anyone with the link".
However, please rephrase or confirm what happens when the link was shared by other means? Did you mean to say john@xyz.com CAN or CANNOT see the link?

Thank you.

0 Votes 0 ·

Hi there

Any update on this, please?

Thank you.

0 Votes 0 ·

@frob,

If john@xyz.com is not shared through anyone link, however through the following methods:

People in <your organization> with the link

People with existing access

Specific people

When he tries to open the sharing link, he needs to log in with his account,however his account has been disabled, which prevents him from accessing the sharing link.

0 Votes 0 ·

@JulieWang-MSFT

Got it! BTW, is there any Microsoft link that can confirm this behavior (If an external user is disabled by their org, they cannot enter my SharePoint and OneDrive even if they exist as a Guest User)?

Thank you so much,

0 Votes 0 ·