In this post you can read a summary and the news update on Azure B2B for OneDrive and SharePoint Online. Furthermore, I describe how you can enable Azure B2B for OneDrive and SharePoint Online to get the most out of your Microsoft 365 and go for a more seamless guest user experience for collaboration.

Source: https://pixabay.com/de/illustrations/lernen-hinweis-schule-betreff-3245793/
Source: https://pixabay.com/de/illustrations/lernen-hinweis-schule-betreff-3245793/

What’s Azure B2B in general?

Azure B2B is a service to manage and authenticate guests, to keep it short and simple.

What does the Azure B2B update deliver for your SharePoint Online and OneDrive for Business collaboration?

If you enable the Invitation Manager in Azure B2B (by default it’s off) you can extend your secure external collaboration, i.e. collaboration with people outside of your organization:

  • files
  • folders
  • list items
  • document libraries
  • sites

People, external persons, who do not have a work, school or Microsoft account can securely access shared items using one-time passcodes to verify their identity.

It does not affect existing sharing configurations.

Source: Microsoft 365 Roadmap | Microsoft 365 [Feature ID 81955]

Azure B2B behaviour

I’m not going to explain this in-depth, but I like to note two key aspects you should know if you enable the feature.

  • Enabling the features does not require re-sharing but it will create a B2B guest accounts if the guest/external person opens the shared item.
  • Accessing a shared item of a removed user or user who has no longer the permission to share something will not create a B2B guest account in the Azure AD and the item must be shared again for further access.

Azure B2B advantages

  • Azure AD access policies get applied
  • Azure AD organizational relationships (apply for SPO/ODFB sharing settings)
  • No need to create a Microsoft account
  • Google federation support

How to enable Azure B2B for SharePoint Online and OneDrive for Business?

To enable the feature you need to do two things, as follows:

Enable OTP

Enable OTP in your Azure AD first. To do so, it needs some further steps:

First you should turn Enable guest self-service sign up via user flows on which can be found in the External collaboration settings space: https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/CompanyRelationshipsMenuBlade/Settings

Enable guest self-service sign up via user flows

Afterwards go to External Identities \ All identity providers.

Enable one-time passcode
Enable email one-time passcode for guests effective now.

Now you can proceed with the next step using SharePoint Online PowerShell.

Enable Azure B2B for SharePoint Online and OneDrive for Business

For this you need to open and run some PowerShell cmdlets. This is an example.

#Update SPO moduel (if you use an older version)
Update-Module -Name Microsoft.Online.SharePoint.PowerShell
#Connect using a global admin or SharePoint Online admin
#Connect SharePoint Online
Connect-SPOService -Url https://<yourtenant>-admin.sharepoint.com

#Enable Azure B2B for SPO and ODFB
Set-SPOTenant -EnableAzureADB2BIntegration $true 
Set-SPOTenant -SyncAadB2BManagementPolicy $true

#Disable Azure B2B for SPO and ODFB (require re-sharing)
#Set-SPOTenant -EnableAzureADB2BIntegration $false

#Disconnect SharePoint Online
Disconnect-SPOService

Additional resources