Having internal AD users as unlicensed, shared customer accounts

Question

We run O365 with SharePoint. One SharePoint site is planned to become some small customer portal, where customers can download relevant documents.

To make it easy for the customers, we want to create accounts for them inside our own Active Directory (probaly inside a sub-domain) and give those accounts to our customers.

While we are totally aware of the cons and risks that come with that (I read all the blogs and such) there is one question, I don't find a clear answer for:

At the moment it is technically not required to appy licenses for accounts, so that they can access SharePoint.

Is it allowed to have such unlicensed customer accounts inside the own Active Directory and give them access to SharePoint customer portal sites?

We also plan to create only one single account for each customer and the customer decides which of its employees will be granted to use that account.

So we have unlicensed, shared acccounts for external users in our own Active Directory. Allowed or not?

beau cameron · Answer

Martype&nbsp;As some others have mentioned, it may make sense to just make them external users and invite them to use their own Microsoft Account in your tenant.&nbsp;On a compliance note, Users in Office 365 are named users. That means your customers cannot share a user account for logging in. Each user will need their own account.

chrishoardmvp · Answer

Hi MartypeSee this stringhttps://techcommunity.microsoft.com/t5/SharePoint/SharePoint-Online-Extranet-Users-limitation/td-p/190113Which links to an official response herehttps://github.com/MicrosoftDocs/azure-docs/issues/8564#issuecomment-444918954This should clarify for you. Hope that answers your questionBest, Chris

unnie · Answer

Martype&nbsp;If I understand correctly, you want to create the "user" in your Organisation AD/AAD &amp; grant them access to SharePoint without providing any license.&nbsp; This will technically work but I suppose you might run into compliance issue as the user is created in your Organisation directory, so will be treated as "internal user".&nbsp;You need to check external sharing capabilities of SharePoint, where you invite the external user into your tenant. This user will not be treated as an internal user.&nbsp;https://sharegate.com/blog/ultimate-guide-deal-with-office-365-external-sharing&nbsp;https://docs.microsoft.com/en-us/sharepoint/external-sharing-overview&nbsp;

rnishat0786 · Answer

Martype&nbsp;&nbsp;Well technically, it is going to work...&nbsp;however instead you can make your SharePoint site accessible for external users and have them login using either a personal MS account or by using a One Time password sent to the email on which the site is shared...&nbsp;for further details you may refer the below article ...&nbsp;https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off&nbsp;Thanks&nbsp;Robin Nishad

Forum Discussion

Having internal AD users as unlicensed, shared customer accounts

4 Replies

Resources