Skip to content

Mohamed Ashiq Faleel

Its time to think about Microsoft 365

  • Home
  • Speaking
  • Videos
  • About
  • Contact

Tag: how to assign license to a guest account

Extending Guest Account capabilities by assigning a license in Microsoft 365

If a guest user has to access a PowerApp, they will not able to access it unless they have a license. On this blog post lets see how a M365 license can be assigned to a Guest user on your tenant. Before getting there, lets see some information about guest accounts. Microsoft 365 allows guest access which lets you to add users outside your organization for B2B collaboration on your organizations SharePoint site, Teams, Planner, OneDrive for Business, Microsoft 365 groups, Yammer & Azure applications. You can even invite guest users to use your paid Azure services. With B2B collaboration the application & services are securely shared while keeping the control over the data. This setting is turned on by default. The invited guest users should own an Azure Active Directory account (Work or School) or a Microsoft Account (created through hotmail, google, yahoo etc) to sign in. For more information on External Sharing, go through the following documentation links from Microsoft

  • External Identities documentation
  • Turn on or turn off guest access to Microsoft Teams
  • Microsoft 365 guest sharing settings reference
  • External sharing overview

Through Azure active directory you can

  • Restrict External domains
  • Add Social identity providers like Google, Facebook & custom SAML Identity providers for Sign in
  • Control on who can invite guests
  • Enable Email one-time passcode authentication for logging in without a Microsoft account
  • Enable Self service sign up for applications
    • As of now this feature is in preview which allows External users to sign up for specific application themselves. i.e providing options to signup with identity providers like Azure AD or Google, Facebook and collect information about the user during the sign up process. This can’t be enabled for SharePoint & Teams
  • Bulk invite guest users
  • Enforce MFA for guest users

SharePoint Online Invitations:

OneDrive/SharePoint Online has a separate invitation manager. The support for external sharing in OneDrive/SharePoint Online has started before Azure AD. OneDrive/SharePoint Online adds users to the directory after users have accepted their invitation. There will not be a user account in Azure AD portal before the user acceptance & user sign-in. SharePoint Online external sharing settings can be controlled at

  • Organization Level
  • Site level

On the SharePoint Tenant admin center, for a SharePoint site you have 4 options to select when it comes to external sharing:

  1. Anyone/Anonymous Access
  2. New and Existing guests
  3. Existing guests only
  4. Only people in your organization

A detailed blog post from Laura Kokkarinen on getting past SharePoint online guest troubles.

Azure Invitation:

You can also invite/create a guest user from Azure Active Directory portal or Powershell.

Find a sample Invitation email below

Access Reviews:

Azure AD access reviews can ensure that guest users have appropriate access. You can ask the guests themselves or a decision maker to participate in an access review and recertify to the guests’ access. For more information, go through this documentation link from Microsoft.

Guest Account User principal name:

The UPN of the guest account will be in the following format username_domain#EXT#@tenantname.onmicrosoft.com

An UPN with #EXT# means the account is using Domain suffixes not associated with your Azure AD tenant i.e. guest account.

Assigning License to Guest account through active directory group:

The guest users can access services like SharePoint, Teams, Yammer without having a license but they can’t access PowerApps. To access PowerApp the guest user should have license from their organization or should have one from the tenant being invited. Microsoft documentation for Sharing a Canvas app to a guest user in Power Apps.

Step 1:

Create a Security group in Azure Active directory

Step 2:

Assign license to the security group by clicking the Licenses section in the Manage blade. Then click Assignments as shown below to assign a license

Step 3:

Now the group is ready to add members. Add the guest user to the group who needs a license. After assignment it should look like below from the Admin center for the guest user

I have assigned a E5 license but as per need the guest user can be assigned different licenses.

Assigning License to Guest account from Azure active directory Licenses blade:

Go to Azure Active directory Admin interface and then click Licenses under manage blade. Click All products, select the license and then click Assign as below

Now select the guest user and then click Assign

Hope you have found this informational & helpful. Let me know any feedback or comments on the comment section below

Advertisement

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • WhatsApp
  • Email
  • Print
  • Reddit
  • Tumblr
  • Pinterest

Like this:

Like Loading...
Mohamed Ashiq Faleel Microsoft 365, Power Apps 2 Comments August 15, 2020September 7, 2020 3 Minutes

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 244 other subscribers
Follow Mohamed Ashiq Faleel on WordPress.com

Archives

  • March 2023 (3)
  • January 2023 (1)
  • December 2022 (1)
  • June 2022 (1)
  • May 2022 (1)
  • March 2022 (1)
  • February 2022 (1)
  • January 2022 (3)
  • December 2021 (4)
  • November 2021 (1)
  • July 2021 (6)
  • June 2021 (2)
  • May 2021 (4)
  • April 2021 (1)
  • March 2021 (4)
  • February 2021 (2)
  • January 2021 (3)
  • November 2020 (4)
  • October 2020 (1)
  • September 2020 (1)
  • August 2020 (3)
  • July 2020 (3)
  • June 2020 (5)
  • May 2020 (6)
  • April 2020 (1)
  • February 2020 (2)
  • January 2020 (4)
  • December 2019 (4)

Search

Tags

Active Directory AD Adaptive Card Admin AD User APImetadata ApplicationProxy assign license to guest users Automation AzureAD Azure Automation AzureAutomationRunbook AzureLogicApps Backup batch Batching CRUD CustomTheme DataGateway EmailtoPDF how to call microsoft graph in power automate how to call msgraph in flow HTTP Request IncomingWebhook Integration JSON ListViewFormatting Microsoft365 microsoft365group microsoftgraph microsoft graph in power automate microsoftteams Micrsoft365 modernsharepointheme moderntheme MSFlow MSGraph msgraph in flow MSTeams o365 Office365 On-premise OneDrive operatingsystemazurewebsite osazureappserviceplan osversionazurewebsite Outlook OutlookEmailtoPDF PDFConversion Permissions PostMan power PowerApp Owner PowerApps powerau PowerAutomate Power Automate PowerPlatform PowerShell REST API RestAPI Restore runtimestackazureappserviceplan runtimestackazurewebsite Search API Share SharePoint Sharepointheme SharePoint Online SharePointRestAPIEndpoints SharePoint Search Static HTML hosting in SharePoint Online site Static HTML in SharePoint Online Tilesview User Creation

Categories

Translate

Follow Me

  • LinkedIn
  • YouTube
  • Twitter
  • GitHub

    Disclaimer:

    These postings are provided with no warranties, and confers no rights. The content of this site are my own personal opinions and do not represent my employer’s view in anyway. My thoughts and opinions are open to change

    Start a Blog at WordPress.com.
    • Follow Following
      • Mohamed Ashiq Faleel
      • Join 78 other followers
      • Already have a WordPress.com account? Log in now.
      • Mohamed Ashiq Faleel
      • Customize
      • Follow Following
      • Sign up
      • Log in
      • Report this content
      • View site in Reader
      • Manage subscriptions
      • Collapse this bar
     

    Loading Comments...
     

      Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
      To find out more, including how to control cookies, see here: Cookie Policy
      %d bloggers like this: