Skip to main content
Image

r/entra

Feed About
Best
Open sort options
Change post view
Microsoft, please, make PIM great!
u/jM2me avatar u/jM2me
Microsoft, please, make PIM great!
ID Governance

As a user I have a list of roles available to me via PIM activation. Roles have permissions.

When I attempt to complete an action that requires a permission that I do not have active, how about instead of showing me access denied just show all the roles that are available to me for activation with least privileged first.

Instead of graying out an action button or link because I lack a required permission, put a shield or other indicator and when clicked on give a prompt, popup, or any other option to activate an available role.

Maybe stating the obvious and/or preaching to the choir, but is this not a simple workflow that will benefit all the admins and improve PIM experience?

Build your online store and start selling today. No tech skills needed.
media poster
shopify.com
Sign Up
Important Microsoft 365 external sharing update: SharePoint and OneDrive are moving fully to Microsoft Entra B2B
u/sreejith_r
Important Microsoft 365 external sharing update: SharePoint and OneDrive are moving fully to Microsoft Entra B2B

Microsoft is making an important change to how external sharing works in SharePoint Online and OneDrive.

Starting May 2026, SharePoint and OneDrive integration with Microsoft Entra B2B will be enabled across all tenants. The existing tenant setting used to disable this integration will no longer control the sharing behavior.

This is not just a SharePoint sharing update. This is an identity governance change.

Today, many organizations still have external users accessing shared files through the SharePoint One-Time Passcode experience. With the upcoming change, external collaboration will be aligned with Microsoft Entra B2B guest identities.

Why this matters:

External users who already have a Microsoft Entra B2B guest account in your tenant should retain access to previously shared files.

However, external collaborators who were only using the older SPO OTP-based sharing experience and do not have a Microsoft Entra B2B guest account may start seeing access denied from July 2026.

The good news:

1. Duplicate guest accounts will not be created if the external user already exists as a B2B guest
2. Anyone / Anonymous links are not impacted
 3.Admins can proactively create guest accounts for external collaborators
 4.Once users are represented as Entra B2B guests, they can be governed using identity controls

How to prepare:

1. Check your tenant status
Use SharePoint Online PowerShell:

Get-SPOTenant | Select EnableAzureADB2BIntegration

2. Identify external collaborators without guest accounts
At the site level, use the SharePoint external sharing report. Review the User E-mail column to identify users invited through SPO OTP who do not yet have a Microsoft Entra B2B guest account.

 3. Proactively create or remediate guest accounts
For external collaborators without a B2B guest object, admins can create the guest account in Microsoft Entra ID to help retain access to previously shared files.

 4. Review your external collaboration controls
Validate:

• Microsoft Entra External Identities settings
• Cross-tenant access settings
• SharePoint domain allow/block lists
• Guest invitation restrictions
• Conditional Access policies for guests
• MFA requirements for external users
• Guest lifecycle and access review process

 5. Prepare end-user communication
Business users may need to reshare files, folders, or sites if external users face access issues after the change.

This is a good security direction because external users become manageable identities in Microsoft Entra ID instead of being handled only through application-level sharing.

But organizations with heavy external sharing vendors, auditors, consultants, customers, partners , should not wait until July 2026 to review their exposure.

My recommendation:

Start by running sharing reports for critical SharePoint sites, identify OTP-based external users, clean up stale sharing, and move your external collaboration model towards Microsoft Entra B2B governance.

External sharing should not be just “send link and forget.”

It should be identity-driven, governed, reviewed, and auditable.

ref: https://learn.microsoft.com/en-us/sharepoint/sharepoint-azureb2b-integration

Entra ID - Backup Recovery
u/Temporary-Myst-4049 avatar u/Temporary-Myst-4049
Entra ID - Backup Recovery

Anyone really planning Entra ID failover to another tenant?

We are looking at Entra ID backup/recovery vendor now because of some gaps with Microsoft recovery for hard deleted objects. One vendor is pushing there ability to recovery to second tenant very heavily.

At first sound very good, but more we think about it, more it feels difficult in real life. Everything is tied to current tenant, mailbox, Teams, SharePoint, OneDrive, app registrations, integrations, company.onmicrosoft.com etc.

Do people actually keep second licensed tenant ready for this? In real incident, is it really faster to move to another tenant, or just recover the original tenant as fast as possible?

Curious if people are really testing this successfully or if this is more marketing from vendors?