Common questions about guest accounts, MFA, SharePoint, B2B, and more.
A GDOTS guest account is a user account created within the GDOTS Microsoft 365 tenant that allows external users to access specific shared resources such as SharePoint sites. Your guest account username follows the format Firstname.Lastname@guest.gdots.com.
A guest account has limited permissions compared to a full GDOTS member account. You can only access the specific resources that have been explicitly shared with you. You cannot browse the GDOTS directory, access other applications, or view resources outside of what has been granted.
You can access the SharePoint sites listed in your welcome and notification emails. These are the only resources available to your guest account unless additional access is granted by GDOTS administrators.
Your guest account remains active as long as your organization has an active collaboration agreement with GDOTS. Your GDOTS point of contact can provide specifics about your account's duration. You will be notified if your account is approaching expiration.
When your guest account expires or is deactivated, you will no longer be able to sign in or access any GDOTS resources. If you need continued access, contact your GDOTS point of contact before your account expires.
MFA is required for all GDOTS accounts as a security measure. It protects your account by requiring a second form of verification, such as a code or approval prompt from your mobile device, in addition to your password.
Contact your GDOTS point of contact to request an MFA reset. Once reset, you will be prompted to set up MFA again using your new device the next time you sign in.
The GDOTS MFA setup process is designed for Microsoft Authenticator and strongly recommends it. Other TOTP-compatible authenticator apps may work for code-based verification, but push notification approval is only available through Microsoft Authenticator.
Try increasing your screen brightness, holding your phone 6-8 inches from the screen, and making sure you're scanning with the Authenticator app (not your phone's camera). If it still won't scan, click "Can't scan image?" on the setup page to enter a code manually.
Ensure your device has an active internet connection and that notifications are enabled for Microsoft Authenticator. You can also open the Authenticator app directly. It can generate time-based codes that work offline. If problems persist, contact your GDOTS point of contact.
Your password must be at least 12 characters long and include a mix of uppercase letters, lowercase letters, numbers, and special characters. It cannot be the same as your previous password.
If you know your current password, you can change it through the GDOTS My Account portal at https://myaccount.azure.us. If you have forgotten your password, contact your GDOTS point of contact to request a reset.
Account lockout occurs after multiple failed sign-in attempts. Wait a few minutes and try again. The lockout duration increases with repeated failed attempts. If you cannot remember your password or continue to be locked out, contact your GDOTS point of contact.
The most common causes are:
@guest.gdots.com account (or your org account if B2B is set up)Try opening the link in a private/incognito browser window and signing in fresh. Clear your browser cache and cookies, then try again. Make sure you completed the full setup process. If the issue persists, contact your GDOTS point of contact.
Yes. You can access GDOTS SharePoint sites from your mobile device's web browser by navigating to the SharePoint link and signing in with your guest account credentials.
Your ability to share files depends on the permissions granted by the GDOTS SharePoint site administrator. In most cases, guest accounts have limited sharing capabilities. Contact your GDOTS point of contact if you need to share files.
Select the files using the checkboxes to the left of each file name, then click "Download" in the toolbar. The selected files will download as a single .zip file. See the Accessing SharePoint Sites guide for details.
This depends on the permissions granted by the site administrator. Some guest accounts have view and download access only, while others may be able to edit documents in the browser. If you need edit access and don't have it, contact your GDOTS point of contact.
Click the profile icon (circle with your initials or photo) in the top-right corner of SharePoint. It will show the account name and email address you're signed in with. If it shows the wrong account, sign out and sign back in with your GDOTS guest credentials (or org credentials if B2B). See the Accessing SharePoint Sites guide for detailed steps.
GDOTS is migrating from an on-premises, external-only SharePoint environment to Microsoft 365. This move provides a modern platform with better collaboration features and secure external access. See the Migration information page for full details.
Sites are being migrated in waves. You will receive email notifications as each site you have access to is migrated. Not all sites move at the same time.
No. The old on-prem SharePoint URLs will no longer work after migration. You will receive new M365 SharePoint links in your notification emails. Update your bookmarks with the new URLs.
Continue using the existing on-prem access method for sites that haven't migrated yet. You will receive a notification when each site is moved. Contact your GDOTS point of contact if you have questions about a specific site's timeline.
No. All documents and content are preserved during the migration. They are moved from the on-prem environment to M365.
Sites migrate in waves. You received the link for the first site that was migrated. You will receive additional emails as more of your sites are moved. This is expected behavior.
A B2B (business-to-business) connection is a trust relationship between two Microsoft Entra ID tenants. When your organization establishes a B2B connection with GDOTS, your users can access GDOTS resources using their own organizational credentials instead of separate guest accounts. See About B2B Connections for details.
The technical configuration by your IT admin typically takes 15-30 minutes. However, changes can take up to 2 hours to propagate. After that, your IT admin contacts GDOTS to request the account conversion.
Your organization needs a Global Administrator or Security Administrator to configure cross-tenant access settings in Microsoft Entra ID. Your tenant must also have a Microsoft Entra ID P1 or P2 license (included with Microsoft 365 E3/E5) in order to configure outbound cross-tenant access policies.
Organization-specific policies for the GDOTS tenant take precedence over your default settings. Adding GDOTS won't affect your policies for other organizations. However, Conditional Access policies are evaluated separately and may still block access.
No. Microsoft supports cross-cloud B2B collaboration between commercial Azure and Azure Government (GCC High). Your commercial tenant can connect with the GDOTS GCC High tenant.
Your organization's IT department or your GDOTS point of contact can confirm whether a B2B connection has been established. You'll know the conversion is complete when you're able to sign into GDOTS resources with your own work credentials instead of the @guest.gdots.com account.
Your guest account is converted to a B2B collaboration account. All your SharePoint access and permissions are preserved. You simply sign in with your organization's credentials instead of your old guest credentials. See Converting from Guest to B2B for full details.
The conversion itself is quick, but it can take up to 2 hours to fully propagate. During this window, you may experience brief access issues. If problems persist beyond 2 hours, contact your GDOTS point of contact.
This depends on how GDOTS handles the conversion for your organization. Typically, all guest accounts for an organization are converted at once. Contact your GDOTS point of contact for specifics about your organization's transition.
If your organization is a DoD contractor, CMMC Level 2 certification is required (or must be actively in progress) for handling CUI. Even if not yet certified, your organization must implement NIST 800-171 controls. See the B2B Requirements for full details.
GDOTS operates in Microsoft Azure Government GCC High, which meets FedRAMP High, DoD IL4/IL5, and ITAR requirements. GDOTS is aligned with NIST SP 800-171 and DFARS 252.204-7012. See the B2B Requirements for details on the GDOTS compliance posture.
Accessing CUI through GDOTS SharePoint sites means your organization will be handling CUI and must implement appropriate protections. Discuss this with your compliance team before setting up a B2B connection. The B2B Requirements page outlines what's needed.
Some GDOTS SharePoint sites contain ITAR-controlled data, which is restricted to U.S. persons (U.S. citizens, permanent residents, or protected individuals). Your organization is responsible for ensuring only authorized U.S. persons access ITAR-controlled sites via B2B. See the B2B Requirements page for details.
Contact your GDOTS point of contact for all account, access, and technical issues. This is the person or team from GDOTS who originally coordinated your guest account setup.
Typically, each person has one GDOTS guest account. If you need access to additional resources, contact your GDOTS point of contact to have permissions added to your existing account.
GDOTS collects standard sign-in and audit log data as required for security monitoring, including sign-in times, IP addresses, and accessed resources. For detailed information, refer to the GDOTS Terms of Use or contact your GDOTS point of contact.
Yes. Some GDOTS SharePoint sites contain CUI and/or ITAR-controlled data. You are responsible for handling all accessed data according to your organization's security policies, any applicable regulations, and instructions from your GDOTS point of contact. If you are unsure, consult your organization's compliance or security team.
CUI (Controlled Unclassified Information) is information that requires safeguarding per federal regulations. CUI documents are typically marked with CUI banners or designations. If you see CUI markings on documents in GDOTS SharePoint, handle them according to your organization's CUI procedures. If you don't have CUI training or procedures, contact your supervisor or compliance team.