{"id":756,"date":"2020-06-22T14:51:28","date_gmt":"2020-06-22T19:51:28","guid":{"rendered":"https:\/\/itblog.ldlnet.net\/?p=756"},"modified":"2020-06-22T14:57:54","modified_gmt":"2020-06-22T19:57:54","slug":"grant-an-external-user-guest-access-to-your-m365-tenant","status":"publish","type":"post","link":"https:\/\/itblog.ldlnet.net\/index.php\/2020\/06\/22\/grant-an-external-user-guest-access-to-your-m365-tenant\/","title":{"rendered":"Grant an External User Guest Access to your M365 Tenant"},"content":{"rendered":"\n

Microsoft365 allows the tenant administrators to grant external users access to content in their tenant by setting them up as a guest in their M365 Tenant. Microsoft365 provides a guest access feature that you can use to grant content access to contractors, partners or others who need access to certain content.<\/p>\n\n\n\n

However, the process of setting up a guest user works differently from that of setting up a normal, licensed user from within your organization.<\/p>\n\n\n\n

By default, Microsoft365 Admin Center contains a Guest Users screen. You will also notice, however, that this screen does not contain an option to create a guest user. In fact, the only things that you can do are search for a user or delete a user.<\/p>\n\n\n\n

\"\"
Limited Access to Administrate Guest Users in M365<\/figcaption><\/figure>\n\n\n\n

Being that the Guest Users screen doesn’t give you a way to create a guest user, you will need to either delve into PowerShell or perform the task within Azure Active Directory. I prefer using PowerShell, and will write a post about how to perform this via PowerShell, but unless you need to create a large number of guest users, it is usually going to be easier to use the GUI. Below is how to create a guest user via Azure AD.<\/p>\n\n\n\n

To create a guest user, expand the Admin Centers container and then click on Azure Active Directory<\/strong>. When the Azure Active Directory Admin Center opens, click on the Users<\/strong> container. You can see that just to the right of the New User option, there is an option to create a New Guest User<\/strong>.<\/p>\n\n\n\n

\"\"
Create New Guest User<\/figcaption><\/figure>\n\n\n\n

NOTE: Creating a guest user account isn’t like creating a normal user account. Rather than providing the account details and clicking a Create button, you will instead need to send an invitation to the user. <\/strong>

Make Sure You Verify Their E-Mail Address Beforehand!!!<\/em><\/strong><\/p>\n\n\n\n

Choose Invite User <\/strong>> Enter the Identity Information<\/strong><\/p>\n\n\n\n

\"\"
Initial Data Entry<\/figcaption><\/figure>\n\n\n\n

Next Enter A Personal Message (optional)<\/strong> > Choose their Group Membership<\/strong> > Update any AAD or M365 Permissions under Roles<\/strong> > Update their Sign In Settings<\/strong> > Click Invite to send the invitation<\/strong><\/p>\n\n\n\n

\"\"
Enter Data and Settings Then Click Invite Button<\/figcaption><\/figure>\n\n\n\n

After a few minutes, the specified user will receive an e-mail invitation that looks something like the one shown below. The recipient will need to click the Accept Invitation button and accept the terms of use.<\/p>\n\n\n\n

\"\"
Example of Email Generated Invitation<\/figcaption><\/figure>\n\n\n\n

When the guest user completes the registration process, they are logged into Microsoft365 however, there are no applications initially available to the user. This is because unlike a standard user, external users do not automatically get access to applications.<\/em><\/strong><\/p>\n\n\n\n

\"\"
User Has Verified Access and Accepted the Invitation<\/figcaption><\/figure>\n\n\n\n

If you go back to the Guest Users screen, you will see the newly created guest user listed (you may have to refresh the screen). As previously noted, you can’t do much from this screen. You can, however, click on the user to see a few extra details now. Example is below.<\/p>\n\n\n\n

\"\"
More Details Available<\/figcaption><\/figure>\n\n\n\n

The way that you grant an external user access to data is to add the user to a group that has access to the data. Let’s suppose, for example, that for whatever reason, you need to add an external user to a Teams Group named Microsoft Exchange Guys<\/strong>. To do so, you would go to the Groups folder within the Microsoft 365 Admin Center, click on the Microsoft Exchange Guys<\/strong> group, and then edit the Membership list, as shown below.<\/p>\n\n\n\n

After clicking the Edit button, click on Add Members and then select the external user that you wish to add. Click Save to complete the process,<\/em><\/strong><\/p>\n\n\n\n

\"\"
The New Guest User Will Show When Searching To Add Users To The Group<\/figcaption><\/figure>\n\n\n\n

If you now go back to the Group’s membership, you are able to see the Microsoft Exchange Guys group membership showing the new guest user as a member.<\/p>\n\n\n\n

\"\"
Guest User Has Been Added To The Group<\/figcaption><\/figure>\n\n\n\n

Granting access in this way does not provide the external user with blanket access to the Teams Group. However, another group member is now able to e-mail the external user a link to the Teams Group. The external user can use this link to access the Group within the Teams app.<\/p>\n\n\n\n

\"\"
User is now in Teams Group<\/figcaption><\/figure>\n\n\n\n

NOTE: Keep in mind that I am only using the Teams Group as an example. You can use somewhat similar techniques to provide access to a variety of Microsoft365 AND Azure AD content.<\/strong><\/p>\n\n\n\n

MORE M365 CONTENT TO COME!
POSITIVE ATTITUDE = POSITIVE RESULTS<\/h2>\n\n\n\n

REFERENCES:<\/strong>
How To Enable Guest Access for Office 365<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Microsoft365 allows the tenant administrators to grant external users access to content in their tenant by setting them up as a guest<\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":769,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48,195,2,194],"tags":[248,90,190,192,250,238,177,252,88,77,153,251,249],"class_list":["post-756","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-active-directory","category-azure","category-general","category-office365","tag-admin-center","tag-azure","tag-azure-ad","tag-azure-portal","tag-guest-access","tag-m365","tag-microsoft-365","tag-microsoft-teams","tag-o365","tag-office365","tag-permissions","tag-teams","tag-users","odd"],"_links":{"self":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts\/756","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/comments?post=756"}],"version-history":[{"count":4,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts\/756\/revisions"}],"predecessor-version":[{"id":773,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts\/756\/revisions\/773"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/media\/769"}],"wp:attachment":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/media?parent=756"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/categories?post=756"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/tags?post=756"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}