Forum Discussion

Julien4's avatar
Julien4
Copper Contributor
Sep 19, 2025

Access Package Assignment Issue

Hello, We have an access package that was functioning properly in the past, but the assignment process has stopped working. The issue started on August 22; the last successful assignment was on Jul...
MortenLundPetersen's avatar
MortenLundPetersen
Copper Contributor
Sep 19, 2025

Hi ​ ​ Julien4​ 

It looks like the problem is with how external users are handled in Entitlement Management after some recent backend changes from Microsoft.

The error “You don't meet policy requirements to request this entitlement” usually points to the access package policy scope. Since you have it set to None (administrator direct assignments only), that worked fine for internals but for externals it now requires that the external user’s home tenant is explicitly included in the connected organization for the catalog.

That would explain why it still works for internal users but fails on externals. Before, direct assignment worked for both. After the change in August, externals now need to be onboarded through a connected org to meet the policy requirements.

What I would check:

  • Go to the catalog and confirm the external user’s organization is listed under Connected organizations
  • Make sure the policy is scoped to allow that connected org
  • Double check your cross tenant access settings for B2B inbound to make sure nothing is blocking

If you add the external org to the policy scope it should start working again.

Julien4's avatar
Julien4
Copper Contributor
Sep 24, 2025

Thank you very much for your explanation MortenLundPetersen​ 

Unfortunately, this approach will not work for our scenario, as the email addresses involved in this process can be from any domain (e.g., @partnercompany.com, @gmail.com, etc.).

I also haven’t been able to find any Microsoft documentation or communication mentioning such a change in Entitlement Management behavior. Have you come across any official information from Microsoft regarding this?

Thank you again

  • MortenLundPetersen's avatar
    MortenLundPetersen
    Copper Contributor
    Sep 24, 2025

    Hi

     

    i dont expect Microsoft to annonce it, according to this page https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-package-assignments#directly-assign-any-user-preview

    the ability to direct assign users outside your organisation is in previewe, and therefore subject to change without prior notice, this is also why i never recommend using a preview feature in a production enviroment.

     

    i know this doesn’t help you but it could explain why it stopped working all of a sudden.

Resources