Creating Guest Accounts versus Inviting Guests
-
I have gone down a rabbit hole researching this question basically asking who can "create" guest user accounts. I have seen posts that say anyone can create a guest user with the default settings in Azure, but that appears to be different than being able to 'invite' a guest user. Clearly if you go to manually create a guest user you'd need certain rights, but if MS ask the question "who can create" a guest user? are they asking who can manually create a guest user OR are they asking who can invite a guest user and thereby create a guest user once the invitation is accepted. I HATE that MS appears to have declared a war on semantics!
-
@Mark-Roberts-0 , I hope all is well.
SO the short answer to your question is that ANY user with one or more of the limited administrator directory roles (built-in roles) in Azure AD can potentially add/invite B2B collaboration users.
You can invite guest users to the directory, to a group, or to an application.
After you invite a user through any of these methods, the invited user's account is added to Azure Active Directory (Azure AD), with a user type of Guest.
The guest user must then redeem their invitation to access resources. An invitation of a user does not expire.
You can find a complete list of the Limited Admin Roles (Built-in Roles) here:
*** certain of the roles DO NOT give a user the ability to add/create a guest user, it would depend on the context of the role and the permission(s) associated with it.
I hope that helps...
Good Luck !!!
Cheers,
Adam
-
@adam-gordon Thank you for responding! That confirms what I had read, but so many different folks have said things that contradict. I believe this is the answer for sure that I was looking for.