SOLVED
Home

Guest user with Global admin role

%3CLINGO-SUB%20id%3D%22lingo-sub-571074%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20user%20with%20Global%20admin%20role%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-571074%22%20slang%3D%22en-US%22%3EThat%20is%20very%20strange%2C%20if%20the%20user%20has%20a%20SPO%20Admin%20Role%2C%20he%2Fshe%20should%20be%20able%20to%20browse%20the%20SPO%20Admin%20Center...by%20the%20way%2C%20It%20does%20not%20sound%20good%20to%20me%20giving%20an%20external%20user%20such%20a%20role%20in%20an%20Office%20365%20tenant%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-572426%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20user%20with%20Global%20admin%20role%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-572426%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20with%20Juan%20here.%20While%20you%20can%20technically%20add%20admin%20roles%20to%20guest%20users%20or%20even%20create%20mailboxes%20for%20them%2C%20I've%20never%20seen%20a%20statement%20from%20Microsoft%20that%20this%20is%20supported.%20In%20fact%2C%20the%20only%20place%20I've%20seen%20Guest%20admin%20access%20work%20is%20the%20(old)%20Office%20365%20Admin%20Center.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-574804%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20user%20with%20Global%20admin%20role%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-574804%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%20-%20thx%20-%20I'll%20have%20another%20(serious)%20%22Chat%22%20with%20the%20MVP%20that%20recommended%20this%20way...%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-570422%22%20slang%3D%22en-US%22%3EGuest%20user%20with%20Global%20admin%20role%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-570422%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20was%2C%20a%20while%20ago%2C%20told%20by%20an%20MVP%20that%20the%20%22correct%22%20way%20for%20granting%20External%20Consultants%20access%20to%20O365%20-%20was%20to%20create%20them%20as%20'Guest%20users'%20(and%20using%20their%20private%2Fcorporate%20email)%20and%20then%20assign%20them%20the%20appropriate%20'Directory%20role'%20like%20the%20SharePoint%20Administrator%20role%20-%20however%2C%20doing%20this%2C%20the%20Consultant%20-%20gets%20into%20AAD%26nbsp%3B%20-%20but%20when%20trying%20to%20access%20%3CA%20href%3D%22https%3A%2F%2Ftenant-admin.sharepoint.com%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftenant-admin.sharepoint.com%3C%2FA%3E%20he's%20getting%20no%20access%20-%20and%20the%20message%20this%20site%20isn't%20externally%20shared.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3ECan%20someone%20confirm%20that%20this%20is%20the%20%22right%20way%22%20to%20grant%20Consultants%20access%20-%20and%20what%20am%20I%20missing%20in%20order%20giving%20access%3F%26nbsp%3B%3CBR%20%2F%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-570422%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Taen keren
Super Contributor

Hi 

 

I was, a while ago, told by an MVP that the "correct" way for granting External Consultants access to O365 - was to create them as 'Guest users' (and using their private/corporate email) and then assign them the appropriate 'Directory role' like the SharePoint Administrator role - however, doing this, the Consultant - gets into AAD  - but when trying to access https://tenant-admin.sharepoint.com he's getting no access - and the message this site isn't externally shared. 

Can someone confirm that this is the "right way" to grant Consultants access - and what am I missing in order giving access? 
 

3 Replies
That is very strange, if the user has a SPO Admin Role, he/she should be able to browse the SPO Admin Center...by the way, It does not sound good to me giving an external user such a role in an Office 365 tenant
Solution

I'm with Juan here. While you can technically add admin roles to guest users or even create mailboxes for them, I've never seen a statement from Microsoft that this is supported. In fact, the only place I've seen Guest admin access work is the (old) Office 365 Admin Center.

@Vasil Michev  - thx - I'll have another (serious) "Chat" with the MVP that recommended this way... 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies