Skip to main content
Version: 2.1.1-preview

CIS.M365.7.2.2 - Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled

Overview​

7.2.2 (L1) Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled

Entra ID B2B provides authentication and management of guests. Authentication happens via one-time passcode when they don't already have a work or school account or a Microsoft account. Integration with SharePoint and OneDrive allows for more granular control of how guest user accounts are managed in the organization's AAD, unifying a similar guest experience already deployed in other Microsoft 365 services such as Teams.

Note: Global Reader role currently can't access SharePoint using PowerShell.

Rationale​

External users assigned guest accounts will be subject to Entra ID access policies, such as multi-factor authentication. This provides a way to manage guest identities and control access to SharePoint and OneDrive resources. Without this integration, files can be shared without account registration, making it more challenging to audit and manage who has access to the organization's data.

Impact​

B2B collaboration is used with other Entra services so should not be new or unusual. Microsoft also has made the experience seamless when turning on integration on SharePoint sites that already have active files shared with guest users. The referenced Microsoft article on the subject has more details on this.

Remediation​

  1. Connect to SharePoint Online using Connect-SPOService
  2. Run the following command:
Set-SPOTenant -EnableAzureADB2BIntegration $true

Default Value: False

Test Metadata​

FieldValue
Test IDCIS.M365.7.2.2
SeverityUnknown
SuiteCIS
CategorySharePoint Online
PowerShell testTest-MtCisSpoB2BIntegration
TagsCIS, CIS E3, CIS E3 Level 1, CIS E5, CIS E5 Level 1, CIS M365 v6.0.1, CIS.M365.7.2.2, L1, OneDrive, SharePoint Online

Source​

  • Pester test: tests/cis/Test-MtCisSpoB2BIntegration.Tests.ps1
  • PowerShell source: powershell/public/cis/Test-MtCisSpoB2BIntegration.ps1