Invited a guest into your Microsoft Team and they cannot access files? Maybe your organisation has external sharing restrictions in place that only a SharePoint administrator can address. External sharing enabled but they cannot access your private channel? Private channels create completely seperate SharePoint sites and may need a script to be run.
“We can’t get your files. We’re working on getting them back“
“ID3035: The request was not valid or is malformed“
I recently covered the Administration and End User experience when adding a guest user into your organsitions team in my video here.
Guest Experience
In the video below, watch the guest experience where they are unable to access files in Teams. We will look at how your SharePoint Admin would resolve this via the SharePoint Admin centre or PowerShell (sample script below).
As a Team Owner, you have invited a guest into Teams. The guest accepts their invite and notices that whilst they can access the Team OK and be involved in the conversation, they cannot access the files. In fact, they get an error “We can’t get your files. We’re working on getting them back” or maybe “ID3035: The request was not valid or is malformed“. What does that mean and how can you get it sorted?
The most likely cause is SharePoint External Sharing settings, which your organisation can set at a global level but also local SharePoint level. Who can access your OneDrive and SharePoint, only your organisation or maybe New or Existing Guests on your tenant?
your guests will not be able to access files but will be able to engage in channel conversation in Teams
If globally on your Tenant, your organization allows External Sharing, there is a subsequent setting at SharePoint Administrator Centre level that your global SharePoint administrator must change for your SharePoint site. This is done either via the Admin Centre or via PowerShell which I will share later below. Remember that Teams provides an interface to files saved on SharePoint. So if external sharing is disabled, your guests will not be able to access files but will be able to engage in channel conversation in Teams.
Your SharePoint Global Admin must as a minimum change your site External Sharing setting to “Existing Guests Only”(assuming that your guest is already invited to your tenant and added to the Team).
If your Admin wishes to use PowerShell, the SharePoint Online CMDLets will support this requirement as follows:
#Please update your Tenant OrgName $orgName = "YourTenantName" #Connect to SPOService in order to run necessary CMDLets Connect-SPOService -Url https://$orgName-admin.sharepoint.com #Please Update URL to be Updated below $SiteURL="https://$orgname.sharepoint.com/sites/MySampleTeam" #Get SPOSite Parameters see https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/get-sposite $SiteToChange=get-SPOSite -Identity $SiteURL #Output Site URL and Current SharingCapability Write-Output "Site Being Updated" $SiteURL Write-Output "SharingCapability Pre-Update:" $SiteToChange.SharingCapability #Set SPOSite Parameter see https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/set-sposite #SharingCapability set to ExistingExternalUserSharingOnly but check which setting suits your organisations need above Set-SPOSite -Identity $SiteURL -SharingCapability ExistingExternalUserSharingOnly #Output Site URL once more and confirm the new SharingCapability $SiteToChange=get-SPOSite -Identity $SiteURL Write-Output "SharingCapability Post-Update:" $SiteToChange.SharingCapability #Please ensure you are happy with what this script does before running it on your environment
Now that your site External Sharing Settings are up to date and your guest can access the files OK, you notice that they cannot access the files on the Private Channel created previously. Did you realize that Private Channels create a unique SharePoint site and with that comes its own unique SharePoint settings? Whilst any new Private channel should in theory inherit the basic security settings, I have known historic Private Channel Sites not to sync. Therefore the Guest still cannot access the files specifically on the Private Channel. Now for a SharePoint admin familiar only with the Admin Centre, they will tell you that as things stand, you cannot access the settings of a Private Channel Site via the Admin Centre. Therefore they must use PowerShell in order to update the External Sharing Settings. Once updated, the change is almost immediate. Your guest should be able to join in with collaboration and access the files immediately.
Happy Collaborating!
