First published on CloudBlogs on Aug, 15 2014
  
  
Howdy folks, I wanted to let you know about a few changes we're making in Azure AD data in preparation for a very cool set of new capabilities we're working to bring online. In the next few days, those of you who use Azure AD to manage access to Azure itself and who are also using a Microsoft Account to administer that directory will receive an email below regarding you Azure subscription like this:
Howdy folks, I wanted to let you know about a few changes we're making in Azure AD data in preparation for a very cool set of new capabilities we're working to bring online. In the next few days, those of you who use Azure AD to manage access to Azure itself and who are also using a Microsoft Account to administer that directory will receive an email below regarding you Azure subscription like this:
Your Microsoft Azure subscriptions uses Azure Active Directory to sign users in to the management portal and to secure access to the Azure management API. In preparation for upcoming management capabilities, Microsoft is ensuring that all Azure subscription administrators are members of the directory that secures access for that subscription. Microsoft accounts being used as subscription administrators will be added as Guest accounts in the directory if they are not already registered in the directory. You are receiving this notice because:
- You are the global administrator of an Azure Active Directory that is used to secure access to one or more Azure subscriptions, and
- The subscription has an Account Administrator, Service Administrator, or Co-Administrator that is a Microsoft account, and
- The Microsoft account is not registered as a Guest account in the subscription's Azure Active Directory.
Get-MsolUser -All -Department "Created as guest by Microsoft Azure"
Guests have a limited set of rights in the directory. These rights limit the ability for Guests to discover information about other users in the directory while still being able to interact with the users and groups associated with the resources they are working on. For example, a Guest assigned to an Azure subscription will be able to see other users and groups associated with the Azure subscription. They can also locate other users in the directory who should be given access to the subscription provided they know the full email address of the user. A Guest is only able to see a limited set of properties of other users. These properties are limited to Display name, email address, user principal name (UPN) and thumbnail photo. If you want to give a Guest the same access as a Member, you can change a Guest into a Member by setting the User Type to Member. This is possible via the Azure AD PowerShell module using a command similar to the following.Set-MsolUser -UserPrincipalName user@company.com -UserType Member
We're really excited about some of the big improvements we have coming over the next 90 days. This set of changes sets us up to be able to share them with you soon! Best Regards, Alex Simons (twitter: Alex_A_Simons ) Director of PM Active Directory TeamPublished Sep 07, 2018
Version 1.0Alex_Simons Microsoft
Microsoft
Joined May 01, 2017
Microsoft Entra Blog 
Stay informed on how to secure access for employees, customers, and non-human identities, from anywhere, to multicloud and on-premises resources, with comprehensive identity and network access solutions powered by AI.