We’re updating how secure external sharing works in OneDrive for Business and SharePoint Online. We’ll begin rolling this feature out in the next few days.
How does this affect me?
If your OneDrive and SharePoint Online external sharing settings are set to allow sharing with new external users, new external users (that have a file or folder securely shared with them) will be able to access the content without needing an Office 365 account or a Microsoft account. Instead, recipients who are outside of your organization will be sent an email message with a time-limited, single-use verification code when they access the file or folder. By entering the verification code, the user proves ownership of the email account to which the secure link was sent.
Securely sharing a file or folder is the process of sharing in a way where recipients must prove that they’re intended recipients that the original sharer specified. End-users can do this in the same way that they already do. (by changing the link settings to only work for specific people in the Share dialog)
We’re also introducing a new admin control which will allow you to specify how often external recipients must re-verify their email address and enter a new code. This protects your organization from cases where an external recipient’s employment status changes.
Because recipients must prove ownership of the email a link was secured to, this update removes the “External users must accept sharing invitations using the same account that the invitations were sent to” setting from the OneDrive admin center. It remains in the SharePoint Online admin center, but it will only affect external sharing of items other than files and folders (for example, SharePoint sites). When securely sharing files and folders in OneDrive or SharePoint, recipients must always prove that they own the email that a link was secured to.
As a reminder, creating secure links that only work for specific people is not the only way to share externally. If your admin controls allow it, it is also possible to create shareable links that work for anyone with the link. Those links can be opened without having to go through any additional process.
We’ll be gradually rolling this out to First Release customers in early October, and the roll out will be completed by the end of December.
What do I need to do to prepare for this change?
If you have auditing enabled and run queries to build external sharing reports based off of auditing data, you’ll need to make changes to your queries to capture newly securely shared files and folders. Please click Additional Information to learn more.