Navigating Guest Accounts

In Microsoft Entra ID, a guest account is a user account that is created in one Microsoft Entra directory, allowing a user from another Microsoft Entra directory, or an external identity provider, to access resources in the first tenant. Guest accounts can be invited to access applications, groups, or resources by users with appropriate permissions in the inviting tenant. This feature enables organizations to collaborate and share resources with external partners, contractors, or customers while maintaining control over their own corporate data. Guest users have limited access to Microsoft Entra ID resources, and their permissions can be managed and revoked by the inviting organization.

You can also add guest accounts in Microsoft Entra ID using Azure AD B2B. Azure AD B2B is a feature on top of Microsoft Entra ID that allows organizations to work safely with external users. External users don’t require a Microsoft work or personal account that has been added to an existing Azure AD tenant to be added to Azure B2B.

All sorts of accounts can be added to Azure B2B. You don’t have to configure anything in the Azure portal to use B2B; this feature is enabled by default for all Microsoft Entra tenants.

Next, we will explore how to manage guest accounts on Microsoft Entra ID.

Managing Guest Accounts

We can manage guest accounts by performing the following steps:

1. Adding guest accounts to your Microsoft Entra ID directory is similar to adding internal users. When you navigate to the Users overview blade, you can choose + New user from the top-level menu and then select Invite external user, as follows:

Figure 2.45: Inviting an external user

2. Provide an email address and a personalized message, which is sent to the user’s inbox. This personalized message includes a link to log into your tenant.
3. Click Review + invite at the bottom of the blade screen, and then click Invite to add the user to your Microsoft Entra ID directory and send an invitation to the user’s inbox:

Figure 2.46: Microsoft Entra ID – inviting a guest user

4. To manage external users after creation, you can select them from the Users overview blade. They will have a User type value, which is named Guest. Simply select a user from the list, and you will then be able to manage the settings that are displayed in the top-level menu for the user, as follows:

Figure 2.47: A guest user in Microsoft Entra ID

That brings an end to this section. In this short section, we have reviewed guest accounts in Microsoft Entra ID and learned how to configure them.

Note

You are encouraged to read further by using the following links, which will provide additional information about restricting guest permissions: https://learn.microsoft.com/en-us/entra/identity/users/users-restrict-guest-permissions.

In the next section, we will look at SSPR.