Forum Discussion
Solved
Guest Users vs. External Users
At this point, I cannot see any difference between the two wordings: it appears to me that "Guest User" and "External User" have exactly the same meaning, with the former being only a more "modern" w...
We use the terms interchangeably at Microsoft as well. External user is an older term from back when all "guests" in the directory authenticated outside of the home tenant. When we added support for managed guest users (i.e. the user authenticates inside the home tenant), the "external" piece stopped making sense and "guest user" was born.
And as with many of these types of things, we ended up using both names to refer to the same set of features. If there is a feature/scenario where this language does make a difference, we try to make sure it's clearly labeled to avoid confusion.
Thanks,
Stephen Rice
OneDrive Program Manager II
I've been using the terms interchangingly, whether Microsoft puts a different meaning to those or not :)
StephenRice
Microsoft
MicrosoftWe use the terms interchangeably at Microsoft as well. External user is an older term from back when all "guests" in the directory authenticated outside of the home tenant. When we added support for managed guest users (i.e. the user authenticates inside the home tenant), the "external" piece stopped making sense and "guest user" was born.
And as with many of these types of things, we ended up using both names to refer to the same set of features. If there is a feature/scenario where this language does make a difference, we try to make sure it's clearly labeled to avoid confusion.
Thanks,
Stephen Rice
OneDrive Program Manager II
Great thread, i wish I had found this about 6 months ago. 8)
To share a bit of personal experience... Just got through with a B2B deployment...The wounds are still fresh. 8) Three concepts here to consider:
1. Company vs non-company
2. Internal vs external
3. Guest vs member role
4. Licensed vs non-licensed
Guest vs member roles: In Azure AD a user object can be a member (usually a licensed company client) or a guest (non licensed usually external client). However in this context external has more to do in business terms with do you work for the company or are you outside the company. This is complicated because external folks (vendors, partners, etc.) often are granted remote access and are licensed. In this case they would be external users, but actually treated as members. There are no limits to guest (non-licensed) users as per MS documentation:
In the case of a test tenancy use case, where company users are invited as guests, in some cases they need to be elevated to members in order to perform admin functions like site administrator etc. In this case we are saying company users, are invited as guests, and promoted to members. Internal/member to production tenancy, and external/member in test tenancy. There are licensing implications here that must be respected, talk to your MS representative to be sure you are covered.
Thank you, StephenRice. Very interesting!
Can you please elaborate a bit about the two different types of authentication?
(I have not yet "connected the dots"... :-))
- StephenRice
My pleasure! To make this easier, let's imagine we have your tenant, Contoso and you're working with my tenant, Fabrikam.
Technically, if you share to me at Fabrikam, when I authenticate in your tenant, I actually sign-in to Fabrikam's tenant, then access the Contoso tenant. Thus, I am a guest in your directory and authenticate externally.
On the other hand, Contoso IT might be very strict and so they create a Contoso account that I sign into at Contoso, and my account is just marked as a guest. Thus I authenticated internally, even though I am still a guest user.
Both users are "guests" but, technically, only the first is an "external user". We don't really expose these as different scenarios though which is why the language is mixed.
Hope that makes sense!
Stephen Rice
Program Manager II
- Ramona Badea:( We should consider changing the "tags" at some point to stop the confusions..
