Why would SharePoint guest users be locked out daily, temporarily, for indeterminate periods?

Question

Why would SharePoint guest users be locked out daily, temporarily, for indeterminate periods?

Chad Woodward 0

Every day our guest users get locked out of SharePoint, receiving an access denied error message. After a while, minutes or hours, the problem goes away and they can access normally again. Some weeks it happens at 9am every day, and some it increments by an hour daily (9am, 10am, 11am…) which indicates some kind of scheduled event on the backend. We did find a workaround after the first couple weeks; sending an invite to any existing guest users, with or without email notification, jiggles something loose and restores everyone’s access.

This has been ongoing for weeks, with open MS support tickets sent but no solutions found. Support doesn’t know, the engineers think everything is fine, and I can’t find relevant incidents online. Anyone have any ideas?

Ryan-N 3,015 Reputation points Microsoft External Staff Moderator

2025-08-15T17:57:44.27+00:00

Hi @Chad Woodward,

I hope the information I shared earlier was at least somewhat helpful in addressing your issue. If the previous methods haven’t been effective, please feel free to let me know. I’d be happy to explore the issue more deeply with you so we can work together toward a better solution.

If you found the answer helpful, we kindly invite you to mark it as the accepted answer. Once marked, it will automatically be pinned to the top. Since many other users also search for information in this community, your valuable contribution will help them easily find the right channel and useful insights more quickly.

Thank you very much, and I wish you a great day.
Ryan-N 3,015 Reputation points Microsoft External Staff Moderator

2025-08-16T15:43:04.56+00:00

Hi @Chad Woodward,

I hope this message finds you well.

This is my second follow-up to check whether your issue has been resolved. I truly want to ensure your experience is as smooth as possible. If your problem is still ongoing or if you have faced any new difficulties, please share more details about the current steps you are stuck on. I am here and happy to provide further help whenever you need it.

If you found the answer helpful, we kindly invite you to mark it as the accepted answer

. Once marked, it will automatically be pinned to the top. Since many other users also search for information in this community, your valuable contribution will help them easily find the right channel and useful insights more quickly.

Thank you very much, and I wish you a great day.
Rich S 0 Reputation points

2025-08-25T13:23:45.47+00:00

Chad,

I believe I have the same problem. Have you been able to figure this out? Users at my location have also been blocked out of SharePoint after repeated resets. Everything checks off as correct under sharing and permissions settings, but it keeps happening after a few days after being reset. They can sign into MS 365 just fine. SharePoint site access is the issue.
Chad Woodward 0 Reputation points

2025-08-25T15:02:49.34+00:00

Still ongoing, daily. Even went through Azure and Entra settings looking for a rogue policy or event that would be root cause, nothing. It’s been weeks, pretty much getting the silent treatment from MS support while the technical team ‘looks into it’. Worst part is I have multiple unrelated tenants affected, and a ticket open with each. Worked smoothly for a couple years then suddenly out of the blue this happens.

1 answer

Your answer

Ryan-N 3,015 Reputation points Microsoft External Staff Moderator

2025-08-15T17:57:44.27+00:00

Hi @Chad Woodward,

I hope the information I shared earlier was at least somewhat helpful in addressing your issue. If the previous methods haven’t been effective, please feel free to let me know. I’d be happy to explore the issue more deeply with you so we can work together toward a better solution.

If you found the answer helpful, we kindly invite you to mark it as the accepted answer. Once marked, it will automatically be pinned to the top. Since many other users also search for information in this community, your valuable contribution will help them easily find the right channel and useful insights more quickly.

Thank you very much, and I wish you a great day.
Ryan-N 3,015 Reputation points Microsoft External Staff Moderator

2025-08-16T15:43:04.56+00:00

Hi @Chad Woodward,

I hope this message finds you well.

This is my second follow-up to check whether your issue has been resolved. I truly want to ensure your experience is as smooth as possible. If your problem is still ongoing or if you have faced any new difficulties, please share more details about the current steps you are stuck on. I am here and happy to provide further help whenever you need it.

If you found the answer helpful, we kindly invite you to mark it as the accepted answer

. Once marked, it will automatically be pinned to the top. Since many other users also search for information in this community, your valuable contribution will help them easily find the right channel and useful insights more quickly.

Thank you very much, and I wish you a great day.
Rich S 0 Reputation points

2025-08-25T13:23:45.47+00:00

Chad,

I believe I have the same problem. Have you been able to figure this out? Users at my location have also been blocked out of SharePoint after repeated resets. Everything checks off as correct under sharing and permissions settings, but it keeps happening after a few days after being reset. They can sign into MS 365 just fine. SharePoint site access is the issue.
Chad Woodward 0 Reputation points

2025-08-25T15:02:49.34+00:00

Still ongoing, daily. Even went through Azure and Entra settings looking for a rogue policy or event that would be root cause, nothing. It’s been weeks, pretty much getting the silent treatment from MS support while the technical team ‘looks into it’. Worst part is I have multiple unrelated tenants affected, and a ticket open with each. Worked smoothly for a couple years then suddenly out of the blue this happens.

Answer 1

Hi @Chad Woodward,

Thank you for sharing the details regarding the issue of guest users being locked out of SharePoint on a daily basis. Based on the symptoms and patterns observed, we would like to propose the following steps to help identify the root cause and resolve the issue effectively:

Potential Causes

Azure AD Identity Protection: Guest accounts may be flagged as “high risk” on a scheduled basis, resulting in temporary access blocks.
Conditional Access Policies: Some policies may require conditions that guest users cannot meet (e.g., compliant devices, trusted IPs, or re-authentication every 24 hours).
Idle Session Sign-Out: SharePoint may be configured to sign users out at a specific time each day.
Automated Scripts or Cleanup Jobs: There may be scripts unintentionally modifying guest access on a schedule.
Microsoft Service Issues: There could be an undocumented issue in Microsoft’s guest authentication system.

Recommended Troubleshooting Steps

Step 1: Collect Diagnostic Logs

Review Azure AD sign-in logs at the time of the lockout.
Capture error codes (e.g., 530032) and the SharePoint Correlation ID from the access denied page for deeper analysis.

Step 2: Adjust Azure AD Identity Protection Policies

Create a dynamic group for all guest users using the rule (user.userType -eq "Guest").
Exclude this group from the “User Risk Policy” and “Sign-in Risk Policy”.

Step 3: Review Conditional Access Policies

Check for policies targeting “All Users” or “All Guests”.
Exclude guest users from restrictive policies or temporarily disable them for testing.

Step 4: Verify SharePoint Configuration

Ensure external sharing is set to “New and existing guests”.
Temporarily disable “Idle session sign-out” to rule out session timeout issues.

Step 5: Use the Temporary Workaround

Re-invite one guest user approximately 5 minutes before the usual lockout time (e.g., 8:55 AM) to “refresh” access for all guests.

Step 6: Communicate with Guest Users

Inform guests that the issue is being investigated.
If they have internal IT support, ask whether they’ve received any security alerts from Microsoft (e.g., account verification prompts).

Step 7: Consider Alternative Sharing Options

For non-sensitive content, use anonymous sharing links (“Anyone with the link”) to ensure uninterrupted access during troubleshooting.

After implementing the above adjustments, please monitor the system during the usual lockout window to verify whether the issue persists.

If the issue continues, I will assist you in escalating the case to Microsoft’s advanced technical support team for deeper investigation. As a moderator, I currently lack the tools to access backend logs or perform in-depth diagnostics within Azure AD.

Once you raise a support ticket, a Microsoft live agent will contact you and initiate a remote session to examine your tenant and policy configurations in detail. This step is essential to pinpoint the root cause if configuration changes alone do not resolve the issue.

Please let me know if you need help with any of the steps above or if you’d like assistance opening a support ticket with Microsoft.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

User's image

Chad Woodward 0 Reputation points

2025-08-13T03:24:55.6966667+00:00

Step 1: Users are either already signed in and interrupted, or they simply get a Cannot Access This Resource error. Either way, nothing shows up as sign in failures in the access logs. No error code, Correlation ID: 9559b3a1-f019-9000-9235-fd218138facd

Step 2: Both policies are disabled. Cannot create the group as described.

Step 3: No policies listed under conditional access.

Step 4: Those are the SharePoint configurations set.

Step 5: Tried this hoping to get ahead of the problem. Doesn’t work, have to wait for the event.

Step 6: They definitely know after this many weeks. Users from dozens of different organizations, all affected the same.

A remote session to review the tenant and configurations would be useful. Please assist in opening a ticket to do this.
Ryan-N 3,015 Reputation points Microsoft External Staff Moderator

2025-08-13T15:38:20.89+00:00

Hi @Chad Woodward,

Thank you for your response. Unfortunately, I’m unable to directly assist you in creating a support ticket for Microsoft’s technical team. However, you can follow the steps below to submit your request:

Step 1: Use an account with admin privileges to access https://admin.microsoft.com

Step 2: At the bottom-right corner of the screen, click on Help & Support

Step 3: Enter the subject of your issue and click the blue arrow

Step 4: Click on Contact Us

Step 5: Choose your preferred contact method (chat, email, phone, etc.)

Step 6: Fill in the required information as requested by the ticket form

After completing these steps, a live agent will contact you shortly to work directly with you and resolve your issue thoroughly.

Please feel free to reach out if you need any further assistance during the process.
Ryan-N 3,015 Reputation points Microsoft External Staff Moderator

2025-08-13T16:45:28.88+00:00

Hi @Chad Woodward,

To better assist you, I’ve sent you a private message (PM).

I look forward to your response and I look forward to hearing from you soon so that we can continue to work towards a resolution.

Share via

Why would SharePoint guest users be locked out daily, temporarily, for indeterminate periods?

1 answer

Your answer