Silently adding Guest users to Azure AD

Ronnie Saini As per the answer from prashantguptag, you can create the users via PowerShell script, capture the redemption URL and then distribute the redemption URL to the users via another method.

We did exactly that. A few lessons we learned:

1. A process needs to be put in place to "clean up" or "remind" users to complete their registration. Not all users will be available / able to complete the process when you dictate.
   1. Be aware that the PowerShell script will create the object, this is needed in order to assign it to a group / SharePoint site.
   2. This means that if users do not redeem the invitation, you will have artefacts that you need to be aware of / maintain for a period of time.
   3. Users are "funny" creatures. A guest will ignore the redemption email and a few months from now attempt to access your environment. If you did not "clean up" the environment, you need to re-send the invitation. I'm not sure that the redemption URL can be re-created without deleting the object and re-creating the object.
2. A process needs to be put in place to assist users with resetting their MFA device (in case of loss or theft) or MFA phone number (as you cannot control which MFA option the guest will opt for)
   1. We recommended our guests install the Microsoft Authenticator application on a mobile device as it only uses data for initial download and registration, thereafter you do not require a data connection (in our experience).

Hope this helps. Know that this is not a simple "fire and forget" activity, it requires a lot of reporting, follow-up and monitoring to ensure your users are not significantly impacted.

Another point - remember to set the password restrictions for the guest accounts to be the same as for your internal users, else you have two levels to maintain.

J