External Sharing

Last updated: November 15, 2023

Overview 

This document has been written for site owners who are sharing SharePoint content with external users (i.e., non-UW email addresses).  It is meant to clarify the external user’s experience and troubleshoot issues they may be having.  

The external user’s experience differs depending on if you (the site owner) are sharing files and folders, or a SharePoint Online site. In most instances, sharing files and folders will prompt the user to enter a verification code. The verification code will be sent by Microsoft to the external user’s email address 

When sharing a site, however, the external user may be prompted to enter their email account username and password (i.e., credentials). 

In addition to the type of item that is being shared, the type of email account of the external user also determines their experience. 

Types of external user accounts 

  • A non-Microsoft account like @gmail.com, @yahoo.com, or other commercial email accounts.  

NoteThese accounts can also be registered with Microsoft, and by doing so, will be recognized by Microsoft and be referred to as a Microsoft account. 

  • An actual Microsoft account like @outlook.com, @hotmail.com, @live.com, or other Microsoft account. 
  • An Office 365 account from another Office 365 “tenant”, referred to as an organization account. 

Types of external sharing 

UW allows site owners to share items externally in two different ways:  

  • External sharing requiring the external user to sign-in as an authenticated user or enter a verification code 
  • External sharing via anonymous links, i.e., links that do not require sign-in 

Sharing files and folders will require a verification code, which will be provided by Microsoft via a subsequent email. 

When sharing sites, the user will be asked to log in with a Microsoft account. If the user does not have a Microsoft account, they can create one at that point. Once they log in with their Microsoft account, they will gain access to the site. They will not be required to log in on subsequent access. 

Sharing Files and Folders 

Recipients of Shared Files and Folders will receive an email with a link to a file or folder. Clicking on the link will present the following dialog:  

They will click on the Send Code button and Microsoft will send an email with a verification code for them to enter and press the Verify button to be directed to the folder or file. 

If Anonymous sharing is enabled, you will have the sharing option Anyone with the link”. 

The “Anyone with the link” option will send the recipient an email like the following: 

Clicking on the button will automatically open the document. No verification code will be required. 

Sharing Site 

When sharing sites, the user will be asked to log in with a Microsoft account. If the user does not have a Microsoft account, they can create one at that point. Once they log in with their Microsoft account, they will gain access to the site. They will not be required to log in on subsequent access.   On the initial sign-in, the recipient will be prompted to enter credentials.  The following Welcome page will be displayed and the recipient will select the type of account they will be using. 

Which account to select: 

Microsoft Account:  

By default, emails such as outlook.com, live.com, Hotmail.com …etc… are all Microsoft accounts 

For commercial accounts such as gmail.com, yahoo.com…etc, the user will need to register the account with Microsoft to become a Microsoft account. The Welcome page contains a link to “Create a Microsoft account”. Once the account has been registered with Microsoft, it will be recognized with any SharePoint Online tenant. 

Organization Account:  

A Work or School account that is an O365 account. 

On the initial sign-in, Microsoft Account users will be prompted to enter their Microsoft Account credentialsThe initial sign-in will also store the recipient’s email address as a Guest account in Azure Active Directory.   

Recipients with O365 account will not be prompted for credentials.  

Troubleshooting External User Issues 

Site Sign-in Issues 

The most common reason external users are unable to access a shared SharePoint site is because they are not logged into the UW network via their UW Microsoft account. 

To correct this issue, have the user: 

  1. Open a browser and navigate to any Microsoft site (Outlook.com, Office.com, etc.) 
  2. Sign-in using the credentials for the account that the invite was sent to 
  3. The user may need to log out first if the site automatically signs them in under another account 
  4. Select the invite link again 

Alternatively, the user could open an “in-private” browser session, log into the correct account that the email was sent to, and then copy/paste the SharePoint site invite link into the browser URL field. 

Verify SharePoint Access 

As a SharePoint site owner, you can verify that a user has signed in successfully by viewing the Users list in Microsoft Entra ID. A successful login will display the user’s account/email address in the Entra ID Users list. 

To verify the Users list in Entra ID: 

  1. Log into Users – Microsoft Azure 
  2. Search for the account the invite was sent to 

If the account does not appear in the users list in Entra ID, it is possible the user may have accepted the invite using another account. The unknown account will have the User type of Guest. You will need to find out from the user what other possible email addresses/Microsoft account name(s) they may have used to accept the invite at this point. Filtering the Users list in Entra ID by Guest may help you assist the user in determining the name of the account they may have used. 

Note: All external user accounts, those without the @uw.edu domain, will have Guest in the user type. 

Access to the SharePoint site is controlled by the invitation settings when sharing. If you select the option that “anyone with the link” can access, and a recipient accepts the access with the wrong account, they can still access the SharePoint site. Future problems may occur when they try to access other content if this is not corrected. 

Identities 

In the Identities column you will see one of three options: 

  1. Uwnetid.onmicrosoft.com
    The user account is a UW NetId that exists in Entra ID 
  2. ExternalAzureAD
    The user account has an M365 account in their external Azure tenant 
  3. MicrosoftAccount
    This identity issuer type will appear for the following reasons: 

    1. The user account is a Microsoft account like hotmail.com, outlook.com, liveid.com, etc. These types of accounts are automatically recognized by Microsoft or; 
    2. The account is a personal account or a work account that has been registered with Microsoft 

If the Identity Issuer in the Identities column does not reflect the type of account that the user should have, the user can reset their account by leaving the UW organization and have the inviting party resend the invitation. 

Note: Sharing a folder or document will not automatically add individuals to the User list in Entra ID. 

How to Leave UW Organization  

Leaving the UW Organization is a way to reset an external user’s account within Entra ID. There are two ways an external user can leave the UW Organization: 

For users whose account does appear as a in UW Entra ID, have the user: 

  1. Log into the UW Microsoft My Account page 
  2. Select Organizations in the lefthand panel 
  3. Select Leave  

After the user has selected the option to leave, it may take 15 minutes for the account to be removed from Entra ID. 

For individual’s whose account does not appear in the UW Entra ID, have the user: 

  1. Log into the Microsoft My Apps page 
  2. Select the Organization chart icon in the top right corner next to the help and profile icons 
  3. Select Manage organizations at the bottom of the panel 
  4. Select Leave 

After the user has selected the option to leave, it may take 15 minutes for the account to be removed from Entra ID. 

Note: Once the user has removed themselves from the UW Organization, verify that they do not exist in the Azure Users list. Also check, and remove, the user from the SharePoint site prior to sending another invite. 

Adding Guest Users in Azure  

You may want to add your external user as a Guest in Entra ID prior to sending an invite to share. By adding a user as a Guest, you are inviting the user into the UW Organization. Depending on the type of account you invite, the user may need to register the account with Microsoft. 

To add a guest user: 

  1. Select the New Guest link at the top of the Entra ID user page 
  2. Enter the email address of the person you would like to invite 

Other access issues 

In some cases, external organizations have blocked users from accessing UW SharePoint sites. If all guest users from a specific organization are unable to access the shared content, those users will need to work with their IT department to allow access. 

If there is a situation where only some users within an organization can access content, those who are having issues are most likely attempting to access with a different account. As stated above in the Site Sign-in Issues section, this typically occurs when the user has not logged into the UW network with their UW Microsoft-enabled account. 

As the site owner, you can follow the steps above in the Verify SharePoint Access to determine how successful users are logging in and share that information with those who cannot.

Additional guidance from Microsoft

Click here for an external sharing overview from Microsoft