Microsoft is retiring the email passcode system long used to grant temporary access to shared files in SharePoint Online and OneDrive for Business. The company plans to replace it with Microsoft Entra B2B guest accounts, shifting external collaboration toward a fully identity-based model across Microsoft 365.
The change affects both commercial and government cloud environments. Beginning in May 2026, new external sharing invitations will start using Entra B2B instead of the existing one-time passcode system. The transition will accelerate through the summer, with the older authentication method beginning its shutdown in July and disappearing completely by the end of August 2026.
For years, SharePoint’s email passcodes offered a quick way to share documents with people outside an organization. A recipient would receive a temporary code in their inbox and enter it to verify access to a shared file, folder, or site. The system worked without requiring a Microsoft account, which made it convenient for casual collaboration. It also meant administrators had little visibility into who those external users actually were.
Microsoft is now pushing organizations toward a model where every external collaborator exists as a directory object. Under the new process, anyone who receives a shared link will be added as a guest identity through Microsoft Entra B2B. That account becomes part of the organization’s directory, allowing administrators to apply Conditional Access policies, audit activity, and manage the lifecycle of the guest account.
The shift removes several configuration choices administrators previously controlled. Once the rollout begins, organizations will no longer be able to turn off Entra B2B integration for SharePoint or OneDrive sharing. Settings that once allowed email passcodes to function independently of guest accounts will effectively become irrelevant. All external collaboration will rely on directory-backed identities moving forward.
For organizations that already rely on Entra guest accounts, the transition should be mostly invisible. Existing guests will continue accessing shared content normally. The bigger impact will fall on links that were shared with external users who never had guest accounts created for them.
Files or sites shared after the new system takes effect will automatically create guest accounts through the Entra invitation process. Older links are a different story. Those links will continue working with passcodes until July 2026, when the retirement phase begins. At that point, external users relying on the old authentication flow may suddenly encounter access denied messages.
Restoring access is straightforward but requires action. Administrators or employees inside the organization will need to either create guest accounts manually or share the content again. When the item is reshared, Microsoft Entra will automatically generate the required guest identity for the external collaborator.
The retirement reflects a broader push by Microsoft to centralize identity and security controls inside Entra. Email passcodes were convenient, but they existed outside the main identity system. That made it difficult to apply consistent policy enforcement such as multi-factor authentication, sign-in monitoring, or access reviews. Moving external users into the directory allows those protections to work the same way they do for internal employees.
Organizations that rely heavily on external sharing should begin preparing well before the summer deadline. IT teams may want to review current guest access policies, confirm Conditional Access rules apply to external identities, and identify collaborators who frequently receive shared links but do not yet exist in the directory. Creating guest accounts ahead of time can prevent confusion once the passcode system disappears.
The timeline gives companies several months to adjust, but the direction is clear. Temporary email verification is going away. External collaboration in Microsoft 365 will soon require a proper identity inside the organization’s directory.
