Azure AD supports guest collaboration with any account

Two years ago, when Microsoft began rolling out Azure AD, it allowed companies to collaborate with people in external organizations to access internal corporate documents and resources. However, the external personnel account can only use the Microsoft account or the Azure AD account at that time, otherwise, the user will pop up an error prompt when trying to send an invitation. Since then, Microsoft has also included Google social IDs, but even so many restrictions.

To solve the usability problem, Microsoft “announce the next major step for B2B Collaboration—the public preview of email one-time passcodes (OTP), which lets you support B2B sharing with anyone in the world with an email account!”

“With email OTP, any partner who doesn’t have an existing Microsoft-backed account or Google social ID can seamlessly access shared resources and collaborate without having to create a new account. When you invite a guest who doesn’t have an Azure AD, Google, or Microsoft Account, they can use their existing email account to collaborate. Each time they sign-in using Azure AD, they receive an OTP code via email, which they can enter to prove continued ownership of the email inbox.”

The timeout period after a one-time verification password is successfully registered is 24 hours. After the expiration, the password is invalid. The invitee cannot log in, so you need to re-apply for the password. This ensures that the company can completely control the sharing of resources while ensuring security, making it easier for companies to work closely with outsiders.

Enterprises can also turn on 2-step verification when needed, to ensure that internal resources can continue to improve overall security while facilitating collaboration. Under the premise of ensuring security, enterprise users and external organization personnel can access the network at any time, support PCs and various mobile devices, and so on.