SharePoint and Microsoft 365 External Sharing with Non-Microsoft Accounts

I wrote a number of posts in the past about different types of external sharing. You can share a given file or folder, site, team, or group, and you will always get different user experiences from the recipient’s point of view.

Today, I want to explain external sharing again, but instead of focusing on what is shared, I want to focus on who we are sharing with. Though I blogged a bit already about external sharing in the past, Microsoft recently made some changes to how external users authenticate with your organizations, and so I would like to share the new experience with you in this article.

From the Microsoft 365 standpoint, there are 3 types of external users you can have:

1. Users with Microsoft 365 Accounts from their respective organizations
2. Users with Microsoft Accounts (i.e., Outlook.com, Live.com, Hotmail.com, etc.)
3. Users with Non-Microsoft Accounts (i.e., Gmail.com, Yahoo.com, etc.)

The first two groups are not that much of a concern usually as those get a smoother user experience due to those accounts being Microsoft accounts already. The group I want to focus on today is the 3rd one. Essentially, these are the users who do not have a Microsoft account and do not have Microsoft 365 in their organizations. I am talking about users with Gmail.com emails, Yahoo.com emails, or just regular work emails (i.e., ) that are not part of Microsoft 365.

As stated above, Microsoft recently made significant changes to how Non-Microsoft Accounts accessed your company’s resources. In the past, if you had a Non-Microsoft account (i.e., Gmail.com), you were forced to create a Microsoft Account. This was a pretty complicated process that drove many people crazy and required many extra steps. With the change, those Non-Microsoft accounts can simply access the resources via a temporary passcode. There are pros and cons to this approach, all of which are mentioned in this article.

To demonstrate the user experience for Non-Microsoft Accounts, I chose external sharing for the following 3 typical use cases:

• Scenario # 1: External Sharing of a Team in MS Teams
• Scenario # 2: External Sharing of a SharePoint Site
• Scenario # 3: External Sharing of a file or folder

For each scenario above, I document the following:

1. How to Share with a Non-Microsoft Account
2. User Experience for a Non-Microsoft Account
3. What happens to a Non-Microsoft Account behind the scenes in Active Directory
4. How a Non-Microsoft Account can access the shared resource again

Scenario # 1: Inviting External Non-Microsoft Account User to the Microsoft Team

How to share a Team with a Non-Microsoft Account

1. Click three dots next to a Team in Teams, then Manage team
2. Click Add member
3. Type in the external user’s email address
4. Click Add
5. You will get a confirmation that the user was added to the Team

Experience for the Recipient

1. The user receives an email and clicks Open Microsoft Teams
2. The user then requests the temporary code
3. The recipient then receives another email with a temporary verification code.
4. The user types in the code and clicks Sign in
5. User accepts Terms & Conditions
6. The user then gets access to a shared Team in Microsoft Teams

What happens behind the scenes

Let’s see what happens when the user accepts the invite to join your Team. The user’s email is actually added to your Active Directory!

1. Click on Admin from the Microsoft 365 App Launcher
2. Click on Users > Guest Users
3. The user will appear in a list of guest users

Accessing a shared Team again

Since the recipient does not utilize Teams (since there is no Microsoft 365 in the organization), the user would need to navigate to a Teams URL to be able to access the shared Team again.

1. User navigates to https://teams.microsoft.com/
2. The user enters an email address (Non-Microsoft account). Since the is no formal account with a password here, the user would need to click on sign-in with a one-time code sent to your email option.
3. The user will then have access to Team in Teams again

Scenario # 2: Inviting External Non-Microsoft Account User to the SharePoint Site

How to share a SharePoint Site with a Non-Microsoft Account

1. From the site you would like to share, click Gear Icon > Site permissions
2. Click Add members > Share site only. This is important since we are not inviting users to the whole Microsoft 365 Group but to the SharePoint site itself.
3. Type the external user’s email address, select the appropriate permission level you want to give them (i.e., Read), and click Send email.

Experience for the Recipient

1. Once the invite is sent, the external user receives an email like the one below. The user just clicks on a link shared.
2. The user will need to enter an email address, then Next.
3. Just like with sharing a Team, the user would need to authenticate via a temporary passcode.
4. The user gets another email and copies the code.
5. The user types in the code and clicks Sign-in
6. The user will need to Accept Terms & Conditions
7. And finally, the user gets access to the site!

What happens behind the scenes

Just like with Teams sharing, when you invite the user to the SharePoint site, they become part of your Active Directory.

Accessing a shared SharePoint Site again

If the external user needs to access the same SharePoint site again, they would need to navigate to the site’s URL, enter their email address, and receive and enter a new temporary passcode. This would need to be done every single time the user wants to access the shared SharePoint Site!

Scenario # 3: Inviting External Non-Microsoft Account User to a File or Folder

How to share a file or folder with a Non-Microsoft Account

Sharing a file or folder externally has not changed at all recently in terms of user experience, but I will still document it below.

1. Click three dots next to a file or folder you want to share, then choose Share.
2. On the pop-up, type the external user’s email address.
3. The system will recognize the fact that the user is outside the organization and will display a warning. Click Continue.
4. You can then specify the access level to a given file or folder (View Only or Edit), type the optional message, and click Send.
5. You then get confirmation that a link to a file or folder has been shared.

Experience for the Recipient

1. The recipient receives an email and clicks Open.
2. Again, the user needs to request a temporary code.
3. The recipient receives another email with the code, and copies it.
4. The external user then pastes the code and clicks Verify. There is a checkbox that the user can check that will keep them signed in for a period of time (to avoid constant entry of passcodes).
5. And that is it. The user will be granted access to the shared file or folder.
6. Depending on the access role given, the user might only be able to view or edit contents.
7. The user cannot access anything else on a site – just the shared file or folder.

What happens behind the scenes

Nothing! Unlike the previous two scenarios, where the external user ended up in the Active Directory when you just share files or folders externally (not SharePoint Sites, Microsoft 365 Groups, or Teams), the external users do not end up in the Active Directory!

Accessing a shared file or folder again

This is where it is a bit of a pain. Since the external user was invited to a specific file or folder, the user would need to locate that email with an initial invitation to access the shared file or folder again! And then, of course, go through the verification code authentication as well! This process is much smoother for those with Microsoft 365 accounts, as shared files and folders appear in the User’s OneDrive Shared section. But Non-Microsoft 365 accounts like Gmail and others do not have such a luxury since there is no Microsoft 365/OneDrive in the first place!