Forum Discussion
New external member of security group: user or no user?
JosephNierenberg Hi, my apologies for the late reply, I've had some time off. I'm not sure I understand you here, if you add (i.e. invite) directly to the security group from AAD you'll send an invite just as if you were adding the guest user from AAD -> Users "New guest user". When going to the M365 admin portal you must have added the guest user beforehand.
I'm pretty sure Vasil was talking about the built-in default permissions for the user type "guest" which can be set here
Restrict guest user access permissions - Azure Active Directory | Microsoft Docs
- I think Vasil's answer is partway there. The choice is between adding a user from the M365 admin portal--not SPO--or from AAD. SPO already has permissions assigned to a security group. I need to add two persons to that group who are not in my organization. In the past, I've added them first as guest users in AAD, and then added them to the group. From the M365 admin portal, that is necessary, because otherwise it appears that I cannot add someone with just an e-mail address; however, from AAD, I *could* add someone to a security group with just an e-mail address. So the question is whether I should just do that, or whether it would be better for some reason to add them first as a guest user.
JosephNierenberg Hi, my apologies for the late reply, I've had some time off. I'm not sure I understand you here, if you add (i.e. invite) directly to the security group from AAD you'll send an invite just as if you were adding the guest user from AAD -> Users "New guest user". When going to the M365 admin portal you must have added the guest user beforehand.
I'm pretty sure Vasil was talking about the built-in default permissions for the user type "guest" which can be set here
Restrict guest user access permissions - Azure Active Directory | Microsoft Docs
