Home

Can a Guest User Log Into WIndows 10 AAD Joined Machine?

%3CLINGO-SUB%20id%3D%22lingo-sub-662905%22%20slang%3D%22en-US%22%3ECan%20a%20Guest%20User%20Log%20Into%20WIndows%2010%20AAD%20Joined%20Machine%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-662905%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20added%20Guest%20user%20from%20don.quixote%40windmill.com%20(which%20is%20an%20AAD%20tenant)%26nbsp%3B%20to%20the%20AAD%20tenant%20holygrail.com%20%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20made%20don.quixote%40windmill.com%20a%20global%20admin%20on%20holygrail.com%3C%2FP%3E%3CP%3ECan%20AAD%20tenant%20holygrail.com%26nbsp%3B%20guest%20user%20don.quixote%40windmill.com%20log%20into%20a%20Windows%2010%20machine%20which%20is%20joined%20to%20holygrail.com%20as%20guest%20user%20don.quixote%40windmill.com%26nbsp%3B%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ebecause%20this%20use%20case%20does%20not%20work%20for%20me%20so%20would%20appreciate%20either%20no%20this%20doesn't%20work%20in%20Windows%2010%20and%20despite%20the%20terabytes%20of%20documentation%20on%20Azure%20B2B%2C%20it%20isnt%20referring%20to%20this%20core%20feature%20that%20is%20soul%20crushing%20me%20or%20%E2%80%A6.Yes%20and%20here%20is%20the%20procedure%20other%20than%20what%20I%20have%20done%20above....%20much%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-679591%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20a%20Guest%20User%20Log%20Into%20WIndows%2010%20AAD%20Joined%20Machine%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-679591%22%20slang%3D%22en-US%22%3EHmm%20Nice%20use%20case%2Fquestion!%20Have%20you%20tried%20adding%20it%20via%20Windows%2010%3F%20Also%2C%20wondering%20if%20you%20need%20to%20assign%20him%20a%20P1%20license%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fassign-local-admin%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fassign-local-admin%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fassign-local-admin%23manually-elevate-a-user-on-a-device%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fassign-local-admin%23manually-elevate-a-user-on-a-device%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-763185%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20a%20Guest%20User%20Log%20Into%20WIndows%2010%20AAD%20Joined%20Machine%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-763185%22%20slang%3D%22en-US%22%3EI%20don't%20believe%20that%20is%20possible.%20-%20Guest%20user%20needs%20a%20license%20and%20you%20cannot%20assign%20a%20license%20to%20a%20Guest%20user.%20-%20If%20the%20user%20tries%20to%20use%20his%20email%2C%20it%20will%20be%20user%40contoso.com%20and%20not%20user%23EXT%23contoso.com%40fabrikam.com%20and%20the%20source%20authority%20will%20always%20be%20the%20contoso.com%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-763192%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20a%20Guest%20User%20Log%20Into%20WIndows%2010%20AAD%20Joined%20Machine%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-763192%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F267638%22%20target%3D%22_blank%22%3E%40Corsino%3C%2FA%3Enot%20sure%20other%20than%20because%20of%20technical%20complexity%20Microsoft%20would%20not%20provide%20the%20ability%20for%20a%20guest%20user%20to%20log%20on%20-%20it%20makes%20life%20very%20easy%20for%20all%20around%2C%20especially%20in%20the%20world%20in%20which%20we%20live%20where%20high%20dollar%20information%20workers%20often%20work%20for%20multiple%20companies%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-772596%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20a%20Guest%20User%20Log%20Into%20WIndows%2010%20AAD%20Joined%20Machine%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-772596%22%20slang%3D%22en-US%22%3ETrying%20to%20do%20this%20as%20well.%20If%20I%20find%20a%20way%2C%20I%20will%20post%20it%20here.%3C%2FLINGO-BODY%3E
Highlighted
DonQuixoteAAD
Occasional Visitor

I have added Guest user from don.quixote@windmill.com (which is an AAD tenant)  to the AAD tenant holygrail.com   

I have made don.quixote@windmill.com a global admin on holygrail.com

Can AAD tenant holygrail.com  guest user don.quixote@windmill.com log into a Windows 10 machine which is joined to holygrail.com as guest user don.quixote@windmill.com  ?

 

because this use case does not work for me so would appreciate either no this doesn't work in Windows 10 and despite the terabytes of documentation on Azure B2B, it isnt referring to this core feature that is soul crushing me or ….Yes and here is the procedure other than what I have done above.... much appreciated.

4 Replies
I don't believe that is possible. - Guest user needs a license and you cannot assign a license to a Guest user. - If the user tries to use his email, it will be user@contoso.com and not user#EXT#contoso.com@fabrikam.com and the source authority will always be the contoso.com

@Corsinonot sure other than because of technical complexity Microsoft would not provide the ability for a guest user to log on - it makes life very easy for all around, especially in the world in which we live where high dollar information workers often work for multiple companies 

Trying to do this as well. If I find a way, I will post it here.