SharePoint Embedded vs WOPI: A Decision Framework for ISVs and Enterprise Architects
The question of how to embed Microsoft 365 document editing into a third-party application used to have a single defensible answer for most ISVs: build a WOPI host and join the Cloud Storage Partner Program. By 2026 it has two. SharePoint Embedded has matured into a credible, often superior alternative for the majority of new entrants — but WOPI remains the right answer for a meaningful subset of organisations. The question for any ISV or enterprise architect designing a new embedded document workflow is no longer “should we build a WOPI host?” but “given our specific constraints, is SharePoint Embedded vs WOPI the better fit?”
This article is a decision framework for that question. It is not a marketing comparison. It is the structured analysis we use inside McKenna Consultants engagements when we are advising a client on which path to take, and it includes the cases where we recommend WOPI even when the rest of the market is moving toward SharePoint Embedded.
If you are evaluating the SharePoint Embedded vs OneDrive vs WOPI landscape for a new product or a strategic refit, this framework is for you.
The Two Architectures in One Sentence Each
WOPI. A protocol that lets Office for the web (and certain Office desktop and mobile clients) load, render, and save documents that are stored on your infrastructure. Your application is the source of truth for the file; Office is a rendering and editing surface against your storage.
SharePoint Embedded. A Microsoft 365 platform service that gives your application a programmatic surface — through Microsoft Graph — over Microsoft-hosted document storage and the full Office collaboration feature set. Microsoft is the source of truth for the file; your application is a control plane and UI over containers that live inside Microsoft 365.
The architectural difference is not subtle. It is the question of who owns the storage. Every other decision factor — licensing, identity, operational responsibility, feature surface, migration cost — flows from this difference.
Decision Factor 1: Storage Ownership and Data Residency
WOPI. You own the storage. Documents live in your infrastructure — typically an object store (S3, Azure Blob, a custom file store), in a data centre or region you select. Data residency is yours to design. Encryption at rest is yours to configure. Backup and disaster recovery are yours to operate.
SharePoint Embedded. Microsoft owns the storage. Documents live inside Microsoft’s infrastructure, in regions Microsoft makes available. You can choose among Microsoft’s geographic regions and configure data residency settings for new container types, but you cannot place storage outside Microsoft’s footprint or in a customer-controlled storage layer.
When this favours WOPI: Regulated industries with strict national data residency requirements that fall outside Microsoft’s available regions. Customers who require their documents to remain in customer-controlled storage. Architectures where the storage layer is itself a product (document management vendors, cloud storage providers).
When this favours SharePoint Embedded: Most cases. Microsoft’s regional coverage is broad and continues to expand, and the operational simplification of not running your own storage layer is substantial. For SaaS products whose users are not in regulated jurisdictions outside Microsoft’s footprint, storage ownership is rarely a strategic differentiator.
Decision Factor 2: Identity and Authentication
WOPI. Authentication is your responsibility. The WOPI host issues access tokens that the Office client presents back to your endpoints; those tokens are validated using proof keys that you publish in your discovery document. The model is well-documented and battle-tested, but it is non-trivial: proof key rotation must be correct, token lifetimes must be managed, and a misconfiguration can quietly break security in ways that are hard to detect.
SharePoint Embedded. Authentication is delegated to Microsoft Entra ID. Your application registers in Entra ID, requests delegated or application Microsoft Graph permissions, and acquires tokens through standard OAuth 2.0 flows using MSAL. There are no proof keys. The token validation model is identical to every other Microsoft Graph integration your team has ever built.
When this favours WOPI: Organisations that are deeply invested in their own identity model and need the document editing path to use it directly, without going through Entra ID. Architectures where the document workflow must be authenticatable without a Microsoft tenant being involved.
When this favours SharePoint Embedded: Most cases. Entra ID is a known quantity, OAuth 2.0 is a known quantity, and MSAL is a known quantity. Removing the proof key infrastructure removes a class of operational risk that is hard to justify when an Entra ID-based path is available.
Decision Factor 3: Operational Responsibility
WOPI. A WOPI host has standing operational obligations. The discovery document must be published correctly and remain available. Certificates must be rotated on schedule. Proof keys must be rotated and the rotation must be transparent to the Office client. Each Microsoft Office release must be tested for compatibility. The host endpoints must operate at 24×7 reliability, because every active editing session depends on them. None of this is hard, but it is standing work that must be properly resourced.
SharePoint Embedded. Microsoft operates the platform. Your operational responsibility shrinks to your own application code: the Graph integration layer, the consuming-tenant onboarding flow, the application database, and your own UI. You are not on the hook for the discovery document, the editing endpoints, the file rendering, or any of the other moving parts that make a WOPI host work.
When this favours WOPI: Organisations whose operational maturity around document workflows is already established. Cloud Storage Partner Program members whose entire commercial proposition is built on operating storage at high reliability — for them, the operational burden is the business.
When this favours SharePoint Embedded: Most cases. The operational simplification is one of SharePoint Embedded’s most valuable properties. For ISVs whose product strategy does not centre on storage operations, shifting that responsibility to Microsoft is straightforwardly worth it.
Decision Factor 4: Licensing and Commercial Model
WOPI. Building a WOPI host is technically open to anyone. Operating a WOPI host that integrates with Office for the web for production users requires Cloud Storage Partner Program membership, which involves a business engagement with Microsoft and acceptance into the partner programme. CSPP includes a baseline feature set; CSPP Plus is a higher tier with additional capabilities (notably backstage integration into the Office File menu, geo-fencing, chunked file transfer). The commercial relationship with Microsoft is substantive — partners are sales motion participants and engage with Microsoft account teams.
SharePoint Embedded. Sold on a consumption basis, billed through your Azure subscription. The metered dimensions are storage, transactions (Microsoft Graph operations), and bandwidth. There is no partner programme to join, no business-level engagement required to begin building, and no per-customer licence requirement on your end users. Some advanced features (Copilot inside SharePoint Embedded documents) require the consuming user to hold appropriate Microsoft 365 licences, but the platform itself is consumption-based and accessible.
When this favours WOPI: Organisations whose business model aligns with the CSPP partner motion. Organisations whose users are predominantly Microsoft 365 customers and where being a CSPP partner has direct commercial value. CSPP Plus members specifically — the additional features in that tier (especially backstage integration) genuinely differentiate, and they are not available in SharePoint Embedded.
When this favours SharePoint Embedded: Most cases. The consumption model is recognisable, predictable, and aligns cost to use. Not having to negotiate partner programme acceptance materially shortens the path from “we want this feature” to “this feature is in production.”
Decision Factor 5: Feature Surface
This is the most nuanced of the decision factors, because both platforms offer broad capability with different specific strengths.
WOPI offers, particularly in CSPP Plus:
- Backstage integration into the Office File menu. A CSPP Plus partner’s storage appears alongside OneDrive and SharePoint in the Office Open and Save As views. SharePoint Embedded does not replicate this — containers do not surface in the Office backstage as third-party storage locations.
- Geo-fencing under partner control. A CSPP Plus partner can restrict document operations to specific geographic regions using their own infrastructure decisions. SharePoint Embedded provides Microsoft-managed regional storage, which solves the same problem in a different way but with less granular partner control.
- Chunked file transfer with custom protocols. CSPP Plus permits optimised file transfer for very large documents.
- Mobile WOPI integration on iOS and Android. Mature, with established patterns for the partner-controlled flow.
SharePoint Embedded offers, often as built-in defaults:
- Native coauthoring. Multiple users editing simultaneously is a first-class capability with no implementation work on the host side. In a custom WOPI host, coauthoring is a substantial engineering project in itself.
- Sensitivity labels and Microsoft Purview integration. Documents in containers participate in the consuming tenant’s information protection model automatically.
- Retention policies and compliance. Container-level configuration plugs into the broader Microsoft 365 compliance framework.
- Microsoft 365 Copilot integration. Documents in containers are first-class citizens for Copilot grounding, indexing, and agent invocation. WOPI hosts can integrate with Copilot but the integration story is more involved.
- A consistent, modern API. Microsoft Graph as the unified surface, with SDKs in every common language.
When this favours WOPI: Applications where backstage integration, partner-controlled geo-fencing, or specific CSPP Plus capabilities are part of the product proposition. Organisations whose users specifically expect to see the partner brand in the Office File menu.
When this favours SharePoint Embedded: Applications where coauthoring, Copilot, sensitivity labels, or Purview integration are wanted but cannot be afforded as custom builds on top of WOPI. New entrants for whom getting these capabilities for free is more valuable than the partner-specific features WOPI offers.
Decision Factor 6: Customer Identity Boundary
WOPI. Your application’s relationship to a customer’s Microsoft 365 tenant is loose. A WOPI host can serve users who do not have a Microsoft 365 subscription at all (subject to Office for the web licensing), and the customer’s identity model is independent of yours.
SharePoint Embedded. Each customer organisation that uses your application has to authorise your container type into their Microsoft Entra ID tenant. This is a one-time consent flow performed by an Entra ID administrator, but it requires the customer organisation to have an Entra ID tenant — even if they do not have any Microsoft 365 SKUs themselves.
When this favours WOPI: Applications selling to customers who have no Microsoft tenant at all and would resist being asked to create one. Applications where the customer organisation explicitly does not want any third-party software touching its corporate identity boundary.
When this favours SharePoint Embedded: Most modern B2B SaaS deployments, where the customer is already an Entra ID tenant for the rest of their software estate. The consenting flow is well-understood, the burden is minimal, and the result is a clean, auditable relationship between your application and the customer’s identity boundary.
Decision Factor 7: Migration Cost and Time-to-Value
WOPI. Building a WOPI host from scratch is a multi-month engineering project for a competent team, plus the CSPP onboarding process (typically four to five weeks for domain allow-listing, longer for CSPP Plus). The architectural surface is meaningful: discovery, file information, lock management, content endpoints, proof key validation, error handling, and so on.
SharePoint Embedded. Building a working SharePoint Embedded application is faster — typically weeks rather than months for a first implementation. The bulk of the engineering work is the Microsoft Graph integration and the consuming-tenant onboarding flow, both of which are well-supported by documentation and SDKs. Time-to-value is materially shorter.
When this favours WOPI: Effectively never, for a greenfield build. (For organisations that already have a working WOPI host, the calculus is entirely different — see the next decision factor.)
When this favours SharePoint Embedded: Greenfield builds. Almost without exception, getting to a working embedded document editing experience is faster on SharePoint Embedded than on WOPI for an organisation that does not already have WOPI infrastructure.
Decision Factor 8: Existing Investment
If you already have a working CSPP WOPI host. The migration cost from WOPI to SharePoint Embedded is non-trivial. Data must be moved out of your storage and into containers. Identity flows must be redesigned. URLs change. Customer-facing experiences must be re-launched. Your CSPP partner status, which may have commercial value of its own, ends. None of this means migration is wrong — for many WOPI hosts it is the right strategic move — but the effort is substantial enough that the decision should be deliberate. We will publish a dedicated migration playbook in May 2026.
If you have no existing investment. The decision is materially simpler. Start with SharePoint Embedded unless one of the WOPI-favouring decision factors above applies decisively to your situation.
A Decision Matrix
The structured way to apply the framework is to score each decision factor for your specific situation. The table below is a practical worked example for three common archetypes.
| Decision Factor | B2B SaaS (project management, contracts, etc.) | Regulated-industry ISV (financial services / healthcare with strict residency) | Established CSPP Plus partner with backstage integration |
|---|---|---|---|
| Storage ownership | Embedded | WOPI | WOPI |
| Identity model | Embedded | Embedded | Either |
| Operational responsibility | Embedded | Either | WOPI (already operating) |
| Licensing and commercial | Embedded | Either | WOPI |
| Feature surface | Embedded (coauthoring, Copilot) | Either | WOPI (backstage) |
| Customer identity boundary | Embedded | Embedded | Either |
| Migration cost (greenfield) | Embedded | Embedded | n/a |
| Existing investment | n/a | n/a | WOPI |
| Recommendation | SharePoint Embedded | WOPI (storage residency dominates) | WOPI (CSPP Plus features and existing investment dominate) |
The pattern is clear. SharePoint Embedded is the right answer for the majority of greenfield ISV scenarios. WOPI is the right answer when one of two specific conditions holds: a hard storage-sovereignty requirement that SharePoint Embedded cannot meet, or an existing investment whose sunk cost (and CSPP Plus feature reliance) outweighs the migration benefit.
Common Misconceptions
“SharePoint Embedded is just a wrapper around SharePoint.” No. Containers are isolated, ISV-owned, and addressable through Graph. They are not visible inside any consuming tenant’s SharePoint admin centre by default. The platform shares the underlying infrastructure that powers SharePoint and OneDrive, but the consumption model and the developer experience are deliberately distinct.
“WOPI is being deprecated.” No. WOPI remains a fully supported integration model. Cloud Storage Partner Program membership remains open. Microsoft has stated clearly that both paths will be maintained going forward. The shift is in recommended path for new entrants, not in support for either model.
“SharePoint Embedded means our customers need a Microsoft 365 subscription.” Not necessarily. The application’s tenant carries the licensing. Consuming customers need an Entra ID tenant (which is free to create) and may need specific Microsoft 365 SKUs only if they want certain integrated features (notably Copilot interaction inside SharePoint Embedded documents).
“WOPI is dead because Microsoft does not promote it any more.” Microsoft is promoting SharePoint Embedded heavily because it is the new platform. The promotion does not signal deprecation of WOPI. As an architectural pattern WOPI remains genuinely valuable, particularly for the storage-centric and CSPP-aligned business models it was designed to support.
How McKenna Approaches the Decision in Engagements
When McKenna Consultants advises a client on which path to take, we work through the eight decision factors above explicitly. We have built and continue to operate WOPI hosts for CSPP partners; we are building and operating SharePoint Embedded applications for SaaS ISVs and enterprise customers. Our advice is not pre-committed to either platform — it is determined by the client’s specific situation.
In a typical advisory engagement we deliver:
- A scored decision matrix for the eight factors above, applied to the client’s product and business situation.
- An architecture sketch for the recommended path, including the major moving parts and the work breakdown.
- A recommendation on time-to-market, total cost of ownership, and the key engineering risks.
- Where applicable, a hybrid recommendation — for example, organisations that retain their existing WOPI investment for one product line while building new product lines on SharePoint Embedded.
If your organisation is making this decision now, we would be happy to walk through the framework with you. McKenna Consultants is a UK-based Microsoft document integration consultancy with 20+ years of experience across SharePoint, Office automation, WOPI, the Cloud Storage Partner Program, and now SharePoint Embedded. Contact us to discuss your situation.
