External Sharing in SharePoint and OneDrive is changing: What You Need to Know

on
In an ongoing effort to create a more secure environment by default, Microsoft is introducing an important security update that will affect how external users access content shared through SharePoint and OneDrive. Starting July 1, 2025, any links shared with external users before your organization enabled Microsoft Entra B2B integration will no longer work. This change applies to all organizations that have already enabled or will enable SharePoint and OneDrive integration with Microsoft Entra B2B (Most organizations I have looked into so far). External users trying to use old links will see an error message saying the organization has updated its guest access settings. To regain access, the content must be reshared. Highlights of how the change affects organizations who have enabled B2B: All external sharing will require guest registration. External users must be added as guests in your Microsoft Entra directory. Access will be managed through Microsoft Entra B2B Invitation Manager. T...

Sensitivity labels in Teams

on
A new feature for Sensitivity labels in Azure AD will soon be available to Teams, and can really ensure guests are not invited accidentally into a team with internal or sensitive information.

The feature behind this is currently in preview and can be found described on this page. After the preview has been enabled, a new option appears when labels are created (I have not discovered a way to update existing labels, but I'm hoping this will be a possibility once the feature goes into GA).

By not selecting the highlighted option, it suddenly becomes "impossible" to invite guests to the Team, the site or the group in question.

Please note the current defaults on the image was to not to allow any guests, and the section on managed devices was to block all non-compliant. Be careful not to set policies that could possibly block users from doing their job.

Once the label has been created, it can must be published before group creators have the labels available to them. Existing groups and teams can also have this label added once it is available.

This addition, described as road-map item 57275, is a most welcomed one for my customers who are concerned about the accidental addition of guests into groups or teams where they have sensitive information stored.

The feature requires Azure AD P1 licenses. It is already rolling out, and should be completed by the end of this year according to a message in the O365 admin portal last week.