Forum Discussion
What happens if a guest user acess to a Group using his/her personal account vs professional one?
Interesting behavior I have found Today at my corporate tenant: I created a new Group in tenant and invite some external users to the tenant...one of the external users invited reported that he was able to accept the invitation using his personal account in the form user@contoso.com...and here is where things become interesting: my intention was not to invite the user through his personal account, but use his professional account that is also user@contoso.com. So since it seems this user logged into our Office 365 tenant using his personal account, it seems he is not going to be able to use his professional accounts....have you seen also this?
13 Replies
- cfiessinger
Microsoft
adding Sahil Arora our guest access lead
Yes, I have seen this many times...
The account (MSA or O365) used to accept the invite is the one that needs to be used in the future.
As bart_vermeersch said, if you want to change it, you have to send out a new invite.
BTW, it is not possible anymore to create a new MSA using an O365 email address (see https://blogs.technet.microsoft.com/enterprisemobility/2016/09/15/cleaning-up-the-azure-ad-and-microsoft-account-overlap/).
Also, it is very easy to change the primary email address for an MSA , hence effectively removing the work email address from the MSA (see https://www.howtogeek.com/277170/how-to-change-the-primary-email-address-for-your-microsoft-account/).
So glad they finally put end to this *#$&*#. And I'm not sure RequireAcceptingAccountMatchInvitedAccount would make a difference in this scenario.
- David Rosenthal
Sort of what I was trying to highlight, especially with Sahil Arora on the thread now ;) That property should be used for Groups, not just SharePoint sharing. Otherwise people can just pass around your invitation link and join in from any Microsoft account or AAD account they want. That is most definitely not the intention of guest access in my mind. I invite a person, I want that person at that address. Not their personal account, not their friend or coworker. That person alone, usually from their org account.
- Ey Salvatore,
Thank you! I was aware of the cleaning stuff in Azure AD ;-) ...remember I was commenting on this when it was disclosed by Microsoft. To me, there is a room for improvement when inviting external users to Office 365 so if you are inviting a user that is using same e-mail as a personal account and as a professional one, the invitation process where able to detect this and allow to choose the account type ;-)...just my 2 centsYes, now I remember that you already referenced the MS announcement... :-)
Anyway that info could be useful to someone other reading this thread.
About the choice between the personal account and the professional one when receiving an invite, AFAIK it is already so! ;-)
- David Rosenthal
Out of curiosity, what is your "RequireAcceptingAccountMatchInvitedAccount" setting at? From https://technet.microsoft.com/en-us/library/fp161390.aspx or in the UI here: https://support.office.com/en-us/article/Manage-external-sharing-for-your-SharePoint-Online-environment-c8a462eb-0723-4b0b-8d0a-70feafe4be85
Those duplicate accounts are a real burden. I believe you have to remove the user from your AAD (and/or SharePoint user profiles) and send out a new invite.
We recommend to ask the person who receives the invite to open a private/incogito browser session and paste the link.
