If your organization (like so many others) use the sharing feature in OneDrive and SharePoint for external collaboration in Microsoft 365, then this change is one of those changes that’s easy to underestimate at first glance. Behind the scenes, the authentication model for SharePoint and OneDrive sharing is being modernized, and it has some very real implications for how external users access content going forward.
SharePoint one‑time passcode authentication is being retired in favor of Entra B2B
Microsoft has announced the retirement of SharePoint One‑Time Passcode (SPO OTP) authentication for external sharing in OneDrive and SharePoint, replacing it with Microsoft Entra B2B as the standard authentication model. This shifts external access from email-based verification to managed guest identities in Entra. Existing Entra B2B guest users will see no change, while users who previously relied on OTP must transition to guest accounts. For new sharing, guest accounts are created automatically through the Entra B2B invitation flow, with authentication following Entra standards, including optional email OTP.
This change brings external collaboration in line with the broader Microsoft identity platform, ensuring consistent use of Conditional Access, Identity Protection, and lifecycle governance. It also moves authentication and access logging into Entra audit logs instead of SharePoint OTP logs. At the same time, the EnableAzureADB2BIntegration setting no longer controls behavior, and the option to disable Entra B2B integration is being removed.
During the transition, external users who accessed content via SPO OTP will retain access temporarily, but will lose access once retirement begins unless a corresponding Entra B2B guest account exists. Administrators can proactively create guest users (https://learn.microsoft.com/entra/external-id/add-users-administrator), or access can be restored through re-sharing, which triggers automatic guest account creation. Additional integration details are available here.
The rollout begins with new sharing moving to Entra B2B during May and June 2026, followed by retirement of SPO OTP starting July 2026 and completing by August 31, 2026. After that, all external access requires Entra B2B identities. You can follow the progress on the official Roadmap.
Thanks for taking the time to read through this update. If you want to stay on top of similar changes across Microsoft 365, feel free to follow me on LinkedIn, where I regularly share updates and insights. You can find the link in the main menu on the front page.
Comments