← Back
(Updated) Retirement of SharePoint One-Time Passcode (SPO OTP) and transition to Microsoft Entra B2B
MC1243549 · build prod-20251231-200323
Category
planForChange
Severity
normal
Major change
True
Last modified
2026-05-07 19:44:32
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
Action by (AI)
2026-05-01 00:00:00
Services
SharePoint Online, Microsoft OneDrive
Tags
Updated message, User impact, Admin impact, Retirement
Master tags
User, Admin, Security
Roadmap IDs

One-line summary

SharePoint and OneDrive are retiring One-Time Passcode (SPO OTP) authentication, moving all external sharing to Microsoft Entra B2B starting May 2026, with SPO OTP retired beginning July 2026.

Similar updates

More like this
MC1184649 Microsoft SharePoint: Retirement of IDCRL authentication protocol and enforcement of OpenID Connect and OAuth protocols
Microsoft SharePoint: Retirement of IDCRL authentication protocol and enforcement of OpenID Connect and OAuth protocols Legacy IDCRL authentication in SharePoint Online and OneDrive for Business will be retired; legacy auth blocked Feb 16, 2026, and permanently disabled after May 1, 2026. ...ative (SFI) and in alignment with the “Secure by.
MC1103608 Microsoft Entra ID: Change in guest authentication experience for B2B collaboration
Microsoft Entra ID: Change in guest authentication experience for B2B collaboration Starting July 2025, guest users signing in via Entra ID B2B will use their home organization's sign-in page, improving clarity and reducing confusion during cross-tenant authentication. ...es to tenants that use B2B (business-to-business) collaborationWe will.
MC999442 Microsoft Purview | Data Lifecycle Management: Retention based on “last accessed” for OneDrive and SharePoint files
Microsoft Purview | Data Lifecycle Management: Retention based on “last accessed” for OneDrive and SharePoint files Admins can soon apply retention policies/labels in OneDrive and SharePoint based on files' last accessed date to help manage obsolete data and improve Copilot response quality. Updated February 4, 2026: We have updated the timeline..
MC1189663 (Updated) Retirement of external access token for actionable messages – moving to Microsoft Entra authentication
(Updated) Retirement of external access token for actionable messages – moving to Microsoft Entra authentication External access tokens for actionable messages retire May 15, 2026; update integrations to use Microsoft Entra authentication to avoid failures. Updated May 21, 2026: Phasing out to Legacy Auth Token (EAT) has been initiated and will.
MC693865 (Updated) SharePoint Add-In retirement in Microsoft 365
(Updated) SharePoint Add-In retirement in Microsoft 365 SharePoint Add-Ins will retire and stop working after April 2, 2026; admins must migrate to SharePoint Framework (SPFx) as Add-Ins will become unusable. Updated March 2, 2026: This update serves as a final reminder that SharePoint Add-Ins will retire and stop working 1 month from now (April.
MC693863 (Updated) Azure ACS retirement in Microsoft 365
(Updated) Azure ACS retirement in Microsoft 365 Azure Access Control Services (ACS) retires for SharePoint Online on April 2, 2026; update custom apps and integrations to use Microsoft Entra ID for authentication. Updated March 2, 2026: This update serves as a final reminder that Azure ACS in Microsoft 365 will retire and stop working 1 month.

Details

Summary
SharePoint One-Time Passcode (SPO OTP) authentication will retire by August 31, 2026, transitioning external sharing and authentication in OneDrive and SharePoint to Microsoft Entra B2B starting May 2026. External users must have Entra B2B guest accounts for access, enabling unified guest management and Conditional Access enforcement.

Body (from Message Center)

Updated May 7, 2026: We have updated the content. Thank you for your patience. 

[Introduction]

We are retiring SharePoint One‑Time Passcode (SPO OTP) authentication in OneDrive and SharePoint starting July 2026. Beginning in May 2026, new external sharing invitations and authentication will start using Microsoft Entra B2B instead of SPO OTP. This transition simplifies external collaboration, aligns authentication with Microsoft identity standards, and enables consistent guest lifecycle management, governance, and Conditional Access coverage across Microsoft 365.

[When this will happen]

  • May & June 2026: Invitation and authentication for new external sharing transitions to Microsoft Entra B2B. Users who previously authenticated via SPO OTP will continue to have access to specific people links even without a B2B guest account yet.
  • July 2026: Retirement of SPO OTP authentication begins. External users without a guest account get access denied on previously shared specific people links. To restore access, a guest account must be created in Entra B2B, or an allowed user must share/re-share at least one file/folder/site.
  • Retirement is expected to complete by August 31, 2026.

[How this affects your organization]

Who is affected

  • All Microsoft 365 tenants (commercial, government, sovereign).
  • All external users who access OneDrive or SharePoint files, folders, or sites.

What will happen

  • The EnableAzureADB2BIntegration setting will no longer control external sharing behavior beginning May 2026.
  • SPO OTP authentication will retire beginning July 2026.
  • The option to disable Entra B2B integration will be removed.

Impact on external users

  • External users who already have an Entra B2B guest account in your directory:
    • No change in behavior.
  • External users without a B2B guest account:
    • Specific people links shared after changes rolled out to your tenant:
      • A guest account will be automatically created via the Entra B2B Invitation Manager.
      • Authentication will use Entra B2B (email OTP available if enabled).
    • Specific people links shared before changes rolled out to your tenant:
      • SPO OTP authentication continues until July 2026.
      • After July 2026, these users will receive access denied until a matching B2B guest account exists.

Restoring access after retirement

  • Admins can manually create a guest account for the external user at any time.
  • Alternatively, an internal user with permissions needs to share or re-share at least one file, folder, or site, which will automatically create the guest account and restore access to all previously shared content.

[What you need to do to prepare]

No admin action is required. However, to ensure a smooth transition:

  • Inform users that some external collaborators may see access denied beginning July 2026 for older links authenticated via SPO OTP.
  • If your organization relies on email OTP authentication via Entra, ensure it is not disabled in Entra External ID settings. See Email OTP for B2B guests.
  • Review external sharing policies and conditional access settings for guests in SharePoint and Entra admin centers.
  • Optionally, identify external collaborators without guest accounts via external sharing reports. Proactively create guest accounts to retain access.
  • Update internal documentation.

Learn more:

[Compliance considerations]

Compliance QuestionAnswer
Does the change alter how existing customer data is accessed, processed, or stored?Yes. This change retires SPO OTP authentication and requires all external users to authenticate using Microsoft Entra B2B guest accounts, which alters the authentication method used to access existing SharePoint and OneDrive content.
Does the change modify Conditional Access policies or enforcement?Yes. After retirement, all external users will authenticate through Entra B2B and become fully subject to Microsoft Entra Conditional Access, Identity Protection, and guest governance policies.
Does the change provide a new way of communicating between users, tenants, or subscriptions?Yes. External sharing invitations will be routed through Microsoft Entra B2B Invitation Manager instead of SharePoint’s OTP invitation flow.
Does the change alter how admins monitor, report on, or demonstrate compliance activities?Yes. Authentication events and guest lifecycle actions will be logged through Entra audit logs rather than SPO OTP logs, changing where admins review authentication and guest access activity.

Raw JSON (for debugging)

Expand/collapse the full payload below.
Show/hide raw 
{
  "snapshot_item": {
    "action_required_by": null,
    "ai_action_required_by": "2026-05-01T00:00:00Z",
    "ai_actions": [
      "Inform users of July 2026 changes for external access",
      "Review external sharing and guest policies",
      "Ensure Entra email OTP is not disabled if used",
      "Optionally create needed guest accounts proactively",
      "Update internal documentation"
    ],
    "ai_master_tags": [
      "User",
      "Admin",
      "Security"
    ],
    "ai_model": "gpt-4.1",
    "ai_summary": "SharePoint and OneDrive are retiring One-Time Passcode (SPO OTP) authentication, moving all external sharing to Microsoft Entra B2B starting May 2026, with SPO OTP retired beginning July 2026.",
    "ai_topics": [
      "SharePoint",
      "OneDrive",
      "Entra"
    ],
    "category": "planForChange",
    "details_map": {
      "Summary": "SharePoint One-Time Passcode (SPO OTP) authentication will retire by August 31, 2026, transitioning external sharing and authentication in OneDrive and SharePoint to Microsoft Entra B2B starting May 2026. External users must have Entra B2B guest accounts for access, enabling unified guest management and Conditional Access enforcement."
    },
    "id": "MC1243549",
    "importance": 5,
    "is_major_change": true,
    "last_modified": "2026-05-07T19:44:32Z",
    "ms_products": [
      "SharePoint",
      "OneDrive"
    ],
    "platforms": null,
    "roadmap_ids": [],
    "services": [
      "SharePoint Online",
      "Microsoft OneDrive"
    ],
    "severity": "normal",
    "tags": [
      "Updated message",
      "User impact",
      "Admin impact",
      "Retirement"
    ],
    "title": "(Updated) Retirement of SharePoint One-Time Passcode (SPO OTP) and transition to Microsoft Entra B2B"
  }
}