Microsoft to Retire SharePoint One-Time Passcodes, Requiring Entra B2B Guest Accounts for External Access

Microsoft is retiring SharePoint One-Time Passcodes (OTP) within SharePoint Online and OneDrive for Business. The change will take effect across Microsoft 365 commercial and government environments, with the legacy authentication method fully phased out in August 2026.

SharePoint One-Time Passcodes (OTP) are email‑based passcodes that let external users access shared SharePoint or OneDrive content without needing a full Microsoft or organizational account. Instead, they receive a temporary code sent to their inbox to verify their identity for that session. This method was designed to make external collaboration simple, but it offers limited identity governance and weaker enforcement of security policies.

Microsoft Entra B2B to replace SharePoint One-Time Passcodes

By May 2026, external sharing in SharePoint Online and OneDrive for Business will begin transitioning from One-Time Passcodes to Microsoft Entra B2B guest accounts. In July 2026, the retirement of SPO OTP officially begins, and external users without guest accounts will start receiving access‑denied errors on previously shared links. Microsoft expects the full retirement of the legacy OTP system to be complete by August 31, 2026.

“Beginning in May 2026, new external sharing invitations and authentication will start using Microsoft Entra B2B instead of SPO OTP. This transition simplifies external collaboration, aligns authentication with Microsoft identity standards, and enables consistent guest lifecycle management, governance, and Conditional Access coverage across Microsoft 365,” the company explained on the Microsoft 365 message center.

What does the change mean for organizations?

After May 2026, the EnableAzureB2BIntegration setting will no longer influence how external sharing behaves in SharePoint Online and OneDrive for Business. At the same time, organizations will lose the ability to disable Entra B2B integration. Consequently, all external access will require directory‑backed guest accounts to stronger governance and consistent Conditional Access enforcement across Microsoft 365.

Customers who already have Entra B2B guest accounts will not see any changes and can continue accessing shared content as usual. However, users without guest accounts will experience different outcomes depending on when items were shared.

A guest account will be automatically created through the Entra B2B Invitation Manager for items shared after the new behavior rolls out. Meanwhile, items shared before the rollout will continue using SPO OTP until July 2026. Going forward, those users will be denied access until a corresponding guest account is created.

Admins or internal users can restore access for external collaborators either by manually creating a guest account or by re‑sharing the required file, folder, or site to automatically generate one through the Entra B2B process.

How to prepare for the retirement of SharePoint One Time Passcodes?

To ensure a smooth experience, IT admins should inform employees that some external collaborators may start encountering access‑denied errors starting in July 2026 if they were previously using SPO OTP for older shared links. Administrators who rely on email‑based OTP through Entra should confirm the feature remains enabled in External ID settings.

Organizations should also review external sharing and Conditional Access policies for guest users across SharePoint and Entra admin centers. Moreover, admins may choose to identify external users who do not yet have guest accounts and proactively create them to avoid disruptions.