SharePoint Online to Phase Out OTP Authentication for Shared Content

Microsoft is retiring its outdated one-time passcode (OTP) sharing method and replacing it with the more secure Microsoft Entra B2B Collaboration. According to the Microsoft 365 admin center, all previously shared links using OTP authentication will soon stop working.

Microsoft Entra B2B Collaboration is a secure way for organizations to work with external partners by allowing them to access internal resources (such as Microsoft Teams, SharePoint, or apps) using their credentials. Instead of relying on temporary codes or links, external users are added as guest accounts in the organization’s directory.

Why is Microsoft retiring OTP-based sharing?

Starting July 1, external users who previously accessed shared content (such as files, folders, or sites) via one-time passcode (OTP) links will lose access to that content. Anyone attempting to use these outdated links will see the following error: “Sorry, something went wrong. This organization has updated its guest access settings. To access this item, please contact the person who shared it with you and ask them to reshare it with you.”

This change will affect organizations that have enabled or plan to enable SharePoint and OneDrive integration with Microsoft Entra B2B. Once integrated, all new external sharing will use Microsoft Entra B2B Invitation Manager.

In July, previously shared content using SPO OTP links will no longer be accessible to external users. To restore access, the original sender (or another authorized person) must reshare the file, folder, or site with the intended recipient. However, the overall sharing process remains unchanged, and users can continue to share content as usual.

How does Microsoft Entra B2B collaboration enhance security and access control?

According to Microsoft, this update is part of a broader effort to enhance SharePoint and OneDrive security through Microsoft Entra B2B collaboration. The feature requires external users to be added as guests in the organization’s directory, supports multi-factor authentication (MFA), and offers improved access control and auditing capabilities.

Microsoft recommends that administrators notify employees who collaborate with external users that previously shared links will no longer work after Entra B2B integration. The company says that users will be required to complete MFA registration as part of the Entra ID B2B onboarding process.