There are many ways your employees can invite guests to their sites – they can share a site itself or make the users part of the Microsoft 365 Group/Team. However, there is one other method that is only available to Office 365 Admins. They can invite external users via Azure AD. In today’s post, I want to explain what this is all about and why it might be beneficial over the other methods.
What happens when users share a Site, Group or Team externally
When you share a site, Microsoft 365 Group, or a Team externally, the recipient gets an email with an invitation to join a site, group, or team. Once the user accepts the invitation, the user’s ID ends up in the Microsoft 365/Azure Active Directory, clearly identified as a guest.
Why invite external users via Azure AD?
There is another way to invite external users to your tenant. And that is by inviting them via the Azure Active Directory. There are several benefits to inviting external users using that method:
- You would like to set up the users as guests upfront, without inviting them to any specific site or team
- You only allow external sharing to the existing guests only (a setting in the SharePoint Admin Center.) That will prevent regular users from sharing their sites/teams/groups with anyone they wish and would only force them to pick guests that already exist in the Azure Active Directory
- Related to the first point, you need to bulk invite multiple guests at once – this option is only available in Azure Active Directory
How to invite external users via Azure AD
- Office 365 App Launcher > Admin
- Under Admin centers, click on Azure Active Directory
- Click on Users
- Click on New guest user
- Complete the necessary information (most fields, except for a guest email address, are optional). Click Invite.
Experience for the guests (external users)
- The recipient receives an email like the one below. Clicks Accept Invitation.
- If the user’s email has previously been authenticated with Microsoft (i.e., used on Windows, Xbox, Skype, used in another Office 365 tenant), then the user would just need to type in the password at that point. I will document the worst-case scenario – the user never used this email for any Microsoft services. So the user clicks Next to create an account.
- The user chooses a password, clicks Next
- A quick validation step…
- And another one…
- Oh, come on, I am indeed a human!
- Man, I need a drink to solve this puzzle…
- Actually, I know what to do here…
- I solved it!!!
- Finally, the user ends up on this screen, which is not really user friendly at all
What happens after you invite external users via Azure AD
Once you invite users via Azure AD and they accept the invitation using the instructions above, they end up in your Azure AD, clearly identified as a guest.