If you manage Microsoft 365 for a school district, university, or government agency, the next 60 days come with some important deadlines. Microsoft is rolling out two significant platform changes that directly affect how your users collaborate externally and how macOS devices access Microsoft Teams. For IT administrators in the education and state and local government (SLG) space — where external collaboration is routine and device fleets are diverse — these changes demand attention now, not later.
Here’s what’s changing, why it matters for your organization, and what you should be doing today.
SharePoint External Sharing Is Getting a Security Upgrade — But There’s a Catch
What’s Happening
Microsoft is retiring SharePoint One-Time Passcode (SPO OTP) authentication and replacing it with Microsoft Entra B2B (Business-to-Business) guest collaboration. This transition began in May 2026 with new sharing invitations, ramps up through June, and hits a hard wall in July 2026 — when SPO OTP authentication officially retires for previously shared links.
By August 31, 2026, the retirement will be complete across all commercial, government, and sovereign Microsoft 365 tenants.
Why This Matters in Education and Government
External collaboration is a cornerstone of how educational institutions and government agencies operate. Think about the workflows that rely on SharePoint and OneDrive sharing:
- K–12 districts sharing resources with parent organizations, contractors, or neighboring districts
- Higher education collaborating with research partners, grant agencies, and accreditation bodies
- State and local government agencies sharing files with vendors, auditors, constituent organizations, and inter-agency partners
Many of these external users were previously accessing shared content using SPO OTP — receiving a one-time passcode by email with no formal guest account in your directory. After July 2026, users who still rely on old SPO OTP links will encounter “access denied.” That means disruption to real workflows — and frustrated external stakeholders who may not understand why access suddenly stopped working.
What Changes for Your Users
The good news: external users who already have a Microsoft Entra B2B guest account in your directory will see no interruption whatsoever. New sharing invitations created after May 2026 will automatically provision guest accounts via Entra B2B, so future collaborations are covered.
The risk lies in legacy links — files, folders, or sites that were shared before the changeover using the old SPO OTP method. Those links will continue to work until July 2026, and then they won’t. Admins can restore access by manually creating a guest account, or internal users can simply re-share the content to trigger automatic provisioning.
Recommended Actions for Education and SLG IT Teams
No immediate admin action is technically required by Microsoft, but doing nothing is a recipe for avoidable disruption. Here’s what Guardian 365 recommends:
- Run an external sharing report to identify external users who do not yet have a B2B guest account in your directory. Prioritize those with access to frequently used or mission-critical resources.
- Proactively create guest accounts for known collaborators, or ask internal users to re-share content to trigger automatic provisioning before the July deadline. Microsoft’s documentation on adding and managing B2B collaboration users walks through this process step by step.
- Verify your Entra External ID settings to confirm that email OTP authentication is not disabled — this is needed for the B2B guest invitation flow to work correctly. See Microsoft’s guidance on email one-time passcode authentication for B2B guests for configuration details.
- Review Conditional Access policies for guest users in both your SharePoint and Entra admin centers. Many education and government tenants have strict Conditional Access rules that could inadvertently block newly provisioned guests.
- Communicate proactively — let department heads, faculty, and agency staff know that some external collaborators may experience access issues and provide a simple escalation path.
For deeper technical background, Microsoft has published a full FAQ on improvements to external sharing in OneDrive and SharePoint and documentation on the SharePoint and OneDrive integration with Microsoft Entra B2B that are worth bookmarking for your planning process.
The window to get ahead of this is now. Once July arrives, the support tickets will follow.
macOS 13 Users Will Be Locked Out of Teams This Summer — Action Required
What’s Happening
Microsoft Teams is ending support for its desktop client on macOS 13 (Ventura). Updates to the desktop client on macOS 13 stopped in May 2026. Starting in mid-June 2026, users on macOS 13 will begin seeing in-app notifications prompting them to upgrade their operating system. By mid-July 2026, those users will hit a blocking screen preventing them from using the Teams desktop client entirely.
This change is automatic and cannot be disabled or delayed by IT administrators.
The Challenge for Education and Government Device Fleets
Device refresh cycles in education and government are notoriously longer than in the private sector. Budget constraints, procurement timelines, and the volume of managed endpoints can make rapid OS upgrades a significant logistical challenge. A mid-July blocking screen is not a soft nudge — it’s a hard stop on productivity for anyone running macOS 13 who hasn’t upgraded.
In higher education especially, where faculty and staff often use personally managed devices or equipment on slower refresh cycles, the risk of unplanned disruption is real. Similarly, in state and local government environments where compliance and change management processes slow OS deployments, mid-July could arrive before approved upgrade windows.
What IT Teams Should Do Now
- Inventory your macOS devices immediately. Use your MDM (Intune, Jamf, or similar) to pull a report of all managed devices running macOS 13. Don’t forget to inventory unmanaged or BYOD devices where possible.
- Plan and schedule OS upgrades before mid-July. macOS 14 (Sonoma) and macOS 15 (Sequoia) are both supported. Coordinate upgrade rollout with departmental IT contacts and your helpdesk.
- Brief your helpdesk teams. When the blocking screen appears, helpdesk staff need to know immediately why it’s happening and what the resolution is — so they can guide users efficiently.
- Update compliance and security policies to flag macOS 13 as non-compliant going forward. This helps surface at-risk devices in future reporting.
- Communicate the deadline to end users. Faculty, staff, and employees should know the timeline so they’re not surprised. A brief email or IT bulletin ahead of mid-June notifications will reduce help desk volume.
- Use Teams on the web as a bridge. For users who cannot immediately upgrade, Microsoft Teams is available via supported web browsers and will continue to function. This is a workable short-term fallback while upgrades are being processed.
The Bigger Picture: Staying Ahead of Microsoft’s Release Cadence
Microsoft’s M365 release cadence doesn’t slow down for budget cycles or summer break. For education and SLG organizations, which often operate with leaner IT staffing over summer months, changes like these can catch teams off guard at the worst possible time.
Guardian 365’s monthly M365 bulletin process exists precisely to surface changes like these before they create incidents. But reading a bulletin is just the starting point — the real work is translating awareness into action items, owner assignments, and timelines that fit your organization’s operational reality.
If your team needs help assessing the impact of these changes on your specific environment, reviewing your Entra B2B and Conditional Access posture, or building out a communications plan for affected users, Guardian 365 is here to help.
