Forum Discussion
Self-prevision guest account to AzureAD from ODFB sharing, but not MS Teams guest invitation
It's because they are different types of guest mechanisms.
When inviting a guest into a Team, it's adding them into a Group which is based on AAD - and that functionality is disabled.
When sharing with someone externally it creates an object of the user in the AAD but it's not the same (but kind of is) as that user can't access any other resources.
But this creates a loophole. Let's say I am an Office 365 end user on our Tenant, where "Sharing - Let user add guest" is off. I try to invite an external gust into a Microsoft Teams. Because "adding a guest" is not allowed, which is intended, I cannot add any new external users to the Teams but can add only those guest users who are already in our Azure AD. As a workaround, I can just to go to my ODFB and pick a file and share it with the same external users that I planned to invite to the MS Teams. The external user accepts ODFB sharing and he/she would then be added to our Azure AD as a guest. After that, I can easily add the guest to the Teams without Administrator involvement, and thus avoid the blocking setting of "adding guest".
My question here is that how to block the ODFB adding guest users but still allow shareable links.
Thanks
- You can't block ODFB from adding guest users, as they are an artefact left over from the sharing process.
