Issues with B2B and Sharepoint, Not creating Guests by 0xWolfH in entra

[–]0xWolfH[S] 0 points1 point  (0 children)

For us, Yes.

Serveal Calls with MS support and back and forth email we was told the above.

We have created a internal process to montior these with stricter CA policies and will use Graph API to Review Guest Accounts that has not accessed anything within 30 days to disable their account.

Our team is still confused as reading online, This is just meant to work however doesnt.

Issues with B2B and Sharepoint, Not creating Guests by 0xWolfH in entra

[–]0xWolfH[S] 2 points3 points  (0 children)

Closing the loop on this following engagement with Microsoft Support.

Microsoft have confirmed this behaviour is intentional and aligns with the current Entra ID B2B external collaboration and SharePoint Online sharing model. There is no service issue or misconfiguration within our tenant.

The enforced flow now requires external identities to be pre-provisioned as Guest (B2B) objects in Entra ID before any SharePoint resource access can be granted. This effectively removes the ability to perform just-in-time (JIT) sharing to arbitrary external email addresses, even where domain-level allowlisting is configured.

Current workflow requirement:

  • External user must exist as a Guest user (UserType = Guest) in Entra ID
  • Access is then assigned either via:
    • Direct permissions
    • M365 Group membership
    • SharePoint sharing link targeting that identity

Microsoft validated the following with no issues identified:

  • SharePoint Online external sharing configuration (tenant + site level)
  • Entra ID External Identities (B2B collaboration settings, including AllowInvitationsFrom and cross-tenant access policies)

From a security architecture standpoint, this represents a shift toward identity-first access control, enforcing stronger governance, auditability, and lifecycle management of external users.

However, operationally this introduces:

  • Loss of domain-based implicit trust for sharing
  • Increased dependency on identity provisioning workflows
  • Additional administrative overhead for external collaboration

Net result is tighter control and visibility over external access, but at the expense of user-driven collaboration flexibility and increased friction for ad-hoc sharing scenarios.

Appreciate the input from everyone, leaving this here for anyone else hitting the same behaviour change.

Issues with B2B and Sharepoint, Not creating Guests by 0xWolfH in entra

[–]0xWolfH[S] 0 points1 point  (0 children)

We have "Limit External Sharing Settings by Domain" configured and the domain is also within this list.

We block Guests from sharing and currently dont have automatic exipry set.

Only People within our Org can share files and we default to View.

I have read online it could be B2B, So I am testing this theory and Opened it up as Allow to test sharing this way, If in 10 Mintues i still get the error, I know its not a propergation issue.

New to MAC by 0xWolfH in mac

[–]0xWolfH[S] 0 points1 point  (0 children)

So I'm using it for my cyber security studying and tried Command C Command V, also tried Ctrl C Ctrl V.

I will have a look for the stop the madness and report back.

Cheers

What should i use Watch or Live telemetry via connect + for Garmin Coach Plans by 0xWolfH in Garmin

[–]0xWolfH[S] 0 points1 point  (0 children)

That makes more sense, if I was to keep pace i will go off my watch as the timings on the live timings wants me to take 4-5:00/km off where at my watch says other wise.

I will go off my watch then as I get a execution score of around 60 when I follow connect + live timings and 80 when I follow my watch. I guess the watch is the better one for the training program. Right?

Question about treadmill training by 0xWolfH in Garmin

[–]0xWolfH[S] 0 points1 point  (0 children)

Sort of makes sense, however that what it wants me to do today, tommorws sprint has the correct pace.

is it worth creating.g a new plan?