Home

Select guests unable to join team, Azure AD puzzle

%3CLINGO-SUB%20id%3D%22lingo-sub-203270%22%20slang%3D%22en-US%22%3ESelect%20guests%20unable%20to%20join%20team%2C%20Azure%20AD%20puzzle%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203270%22%20slang%3D%22en-US%22%3E%3CP%3EHeya'll.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20having%20a%20bit%20of%20a%20puzzle%20here.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe're%20hosting%20some%20Teams%20teams%20for%20some%20cross-organizational%20collaboration%20which%20involves%20inviting%20different%20guests%20from%20different%20organizations.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESuddenly%20I%20have%20two%20users%20from%20the%20same%20organization%20that%20cannot%20join.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20the%20error%20they%20get%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20518px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F35793i609E9B99DBD138D9%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22teams-guest-error.PNG%22%20title%3D%22teams-guest-error.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E(the%20part%20i%20have%20scribbled%20out%20in%20the%20picture%20is%20the%20users%20own%20domain)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20googled%20it%20and%26nbsp%3Bit%20appears%20that%20i%20can%20get%20around%20this%20issue%20by%20having%20them%20(the%20guests)%20running%20the%20command%20%22Set-MsolCompanySettings%20-AllowEmailVerifiedUsers%20%24true%22%20in%20their%20tenant.%20This%20one%20appears%20to%20be%20set%20to%20%24false%20by%20default.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20really%20understand%26nbsp%3Bwhy%20that%20should%20be%20necessary%20or%20why%20they%20do%20get%20this%20error.%20When%20i%20try%20to%20invite%20a%20guest%20user%20from%20my%20own%20test-tenant%2C%20which%20has%20the%20-AllowEmailVerifiedUsers%20set%20to%20%24false%2C%20as%20default%2C%20it%20works%20great.%20This%20screenshot%20appears%20to%20be%20having%20them%20set%20up%20a%20MS%20account%20-%20I%20didn't%20have%20to%20to%20any%20such%20thing%20when%20inviting%20my%20own%20test%20user.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20shed%20a%20light%20on%20what's%20going%20on%20here%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20if%20the%26nbsp%3B%3CSPAN%3E-AllowEmailVerifiedUsers%20is%20set%20to%20true%2C%20how%20does%20that%20affect%20a%20tenant%3F%3C%2FSPAN%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks%20in%20advance%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EArve%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-203270%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EGuest%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-239476%22%20slang%3D%22en-US%22%3ERe%3A%20Select%20guests%20unable%20to%20join%20team%2C%20Azure%20AD%20puzzle%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-239476%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Arve%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDid%20you%20resolve%20the%20problem%20with%20a%20guest%20account%20activation%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20the%20same%20error%20and%20want%20to%20advice%20our%20partner%20what%20is%20their%20problem%20and%20how%20they%20can%20fix%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards.%3C%2FP%3E%3CP%3EMartin%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-203671%22%20slang%3D%22en-US%22%3ERe%3A%20Select%20guests%20unable%20to%20join%20team%2C%20Azure%20AD%20puzzle%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203671%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20luck%20in%20pursuing%20the%20question.%20Solving%20support%20problems%20without%20access%20to%20the%20tenant%20is%20an%20interesting%20challenge...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-203664%22%20slang%3D%22en-US%22%3ERe%3A%20Select%20guests%20unable%20to%20join%20team%2C%20Azure%20AD%20puzzle%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203664%22%20slang%3D%22en-US%22%3E%3CBLOCKQUOTE%3E%3CP%3EDoesn't%20the%20error%20suggest%20that%20the%20problem%20might%20lie%20in%20the%20tenant%20that%20the%20users%20come%20from%3F%20I%20have%20no%20idea%20what%20policies%20are%20in%20place%20there...%20The%20fact%20that%20guests%20from%20other%20tenants%20can%20join%20your%20team%20indicates%20that%20the%20problem%20lies%20in%20a%20specific%20tenant...%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3EYes%20exactly%2C%20the%20error%20appears%20to%20be%20with%20the%20tenant%20of%20the%20user%20signing%20up.%20This%20tells%20me%20that%20there%20is%20some%20nuances%20to%20guest%20users.%20And%20I%20believe%20that%20if%20I%2C%20an%20Office%20365%20user%2C%20is%20invited%20as%20a%20guest%20to%20another%20team%2C%20I%20will%20be%20able%20to%20use%20my%20own%20credentials%2C%20further%20suggesting%20nuances.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3E%3CSPAN%3EWhat%20is%20also%20a%20fact%20is%20that%20when%20a%20guest%20user%20redeems%20an%20invitation%20to%20join%20a%20team%2C%20they%20do%20so%20on%20the%20basis%20that%20they%20have%20a%20guest%20account%20in%20the%20hosting%20tenant.%20If%20a%20guest%20account%20does%20not%20exist%2C%20one%20is%20created%20for%20them%20in%20the%20tenant's%20AAD.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%2C%20you%20are%20correct.%20But%20these%20specific%20users%20are%20not%20able%20to%20make%20it%20this%20far.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3E%3CSPAN%3ESo%20maybe%20you%20need%20to%20have%20the%20tenant%20admin%20of%20the%20source%20tenant%20file%20a%20support%20request%20to%20get%20this%20sorted%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20might%20do%20that%2C%20but%20I'd%20like%20to%20see%20if%20i%20get%20anywhere%20on%20this%20forum%20or%20with%20a%20support%20ticket%20of%20my%20own.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%20for%20your%20reply.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-203645%22%20slang%3D%22en-US%22%3ERe%3A%20Select%20guests%20unable%20to%20join%20team%2C%20Azure%20AD%20puzzle%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203645%22%20slang%3D%22en-US%22%3E%3CP%3EDoesn't%20the%20error%20suggest%20that%20the%20problem%20might%20lie%20in%20the%20tenant%20that%20the%20users%20come%20from%3F%20I%20have%20no%20idea%20what%20policies%20are%20in%20place%20there...%20The%20fact%20that%20guests%20from%20other%20tenants%20can%20join%20your%20team%20indicates%20that%20the%20problem%20lies%20in%20a%20specific%20tenant...%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhat%20is%20also%20a%20fact%20is%20that%20when%20a%20guest%20user%20redeems%20an%20invitation%20to%20join%20a%20team%2C%20they%20do%20so%20on%20the%20basis%20that%20they%20have%20a%20guest%20account%20in%20the%20hosting%20tenant.%20If%20a%20guest%20account%20does%20not%20exist%2C%20one%20is%20created%20for%20them%20in%20the%20tenant's%20AAD.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESo%20maybe%20you%20need%20to%20have%20the%20tenant%20admin%20of%20the%20source%20tenant%20file%20a%20support%20request%20to%20get%20this%20sorted%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-203641%22%20slang%3D%22en-US%22%3ERe%3A%20Select%20guests%20unable%20to%20join%20team%2C%20Azure%20AD%20puzzle%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203641%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20has%20nothing%20to%20do%20with%20anyone's%20opinion.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFACTS%3A%3C%2FP%3E%3CUL%3E%3CLI%3EThe%20users%20are%20not%20able%20to%20join%20as%20guest%3C%2FLI%3E%3CLI%3EThe%20have%20to%20sign%20up%20for%20a%20%22Microsoft%20account%22%20when%20they%20click%20the%20invitation%20they%20get%3C%2FLI%3E%3CLI%3EWhen%20signing%20up%20they%20get%20an%20error%20that%26nbsp%3B%3CSTRONG%3Etheir%3C%2FSTRONG%3E%20tenant%20(%3CEM%3Enot%20mine%3C%2FEM%3E)%20does%20not%20allow%20email%20verified%20users%3C%2FLI%3E%3CLI%3EOther%20Office%20365%20users%20or%20non%20Office%20365%20users%20can%20join%20my%20tenant%20as%20guests%20with%20no%20problems.%26nbsp%3B%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20done%20some%20more%20research%20and%20I%20believe%20this%20is%20related%20to%20the%20sign-up%20process%20with%20users%20who's%20domain%20is%20added%20to%20Azure%20AD%20but%20the%20user%20is%20not.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20signing%20up%20for%20a%20Microsoft%20Account%20the%20following%20information%20is%20displayed%2Cprobably%20related%20to%20the%20error%3A%3C%2FP%3E%3CP%3E%3CEM%3E%22Note%3A%20when%20you%20use%20a%20work%20or%20school%20email%20address%20to%20set%20up%20an%20account%20with%20Microsoft%2C%20your%20IT%20department%20may%20later%20control%20your%20data%20and%20restrict%20what%20you%20can%20do%20with%20your%20account.%22%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-203626%22%20slang%3D%22en-US%22%3ERe%3A%20Select%20guests%20unable%20to%20join%20team%2C%20Azure%20AD%20puzzle%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203626%22%20slang%3D%22en-US%22%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20have%20read%20the%20documentation%2C%20and%20your%20reply%2C%20but%20I'm%20still%20none%20the%20wiser.%20And%20I%20don't%20agree%20that%20the%20screenshot%20advises%20the%20user%20that%20an%20guest%20account%20will%20be%20created.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3ETR%3A%20Well%2C%20I%20guess%20everyone%20has%20their%20own%20opinion...%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhen%20they%20try%20to%20sign%20up%20-%20an%20account%20is%20created%20in%20our%20AAD%2C%20right%3F%20That%20does%20not%20jive%20well%20with%20the%20fact%20that%26nbsp%3Bthe%20error%20they%20(on%20the%20bottom%20of%20the%20screenshot)%20get%20is%20related%20to%20their%20own%20domain%2C%20not%20mine.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3ETR%3A%20A%20guest%20account%20based%20on%20their%20email%20is%20created%20in%20your%20AAD.%26nbsp%3B%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIsn't%20there%20supposed%20to%20be%20some%20difference%20on%20pure%20guest%20accounts%2C%20and%20guest%20that%20uses%20AAD%20-%20and%20might%20this%20be%20the%20cause%20of%20the%20issue%3F%20Like%2C%20their%20domain%20is%20added%20in%20AAD%2C%20but%20no%20are%20users%20synced%2C%20so%20when%20they%20try%20to%20sign%20up%20the%20-AllowEmailVerifiedUsers%20%24false%20stops%20them%20from%20doing%20so%3F%20I'm%20just%20speculating%20here.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3ETR%3A%20AFAIK%2C%20a%20guest%20account%20is%20a%20guest%20account.%26nbsp%3BAllowEmailVerifiedUsers%26nbsp%3B%20just%20refers%20to%20validation%20of%20accounts%20based%20on%20email%20addresses%20verified%20as%20being%20part%20of%20your%20tenant.%3C%2FEM%3E%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-203625%22%20slang%3D%22en-US%22%3ERe%3A%20Select%20guests%20unable%20to%20join%20team%2C%20Azure%20AD%20puzzle%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203625%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20Tony%2C%20thanks%20for%20the%20reply.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20read%20the%20documentation%2C%20and%20your%20reply%2C%20but%20I'm%20still%20none%20the%20wiser.%20And%20I%20don't%20agree%20that%20the%20screenshot%20advises%20the%20user%20that%20an%20guest%20account%20will%20be%20created.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20they%20try%20to%20sign%20up%20-%20an%20account%20is%20created%20in%20our%20AAD%2C%20right%3F%20That%20does%20not%20jive%20well%20with%20the%20fact%20that%26nbsp%3Bthe%20error%20they%20(on%20the%20bottom%20of%20the%20screenshot)%20get%20is%20related%20to%20their%20own%20domain%2C%20not%20mine.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIsn't%20there%20supposed%20to%20be%20some%20difference%20on%20pure%20guest%20accounts%2C%20and%20guest%20that%20uses%20AAD%20-%20and%20might%20this%20be%20the%20cause%20of%20the%20issue%3F%20Like%2C%20their%20domain%20is%20added%20in%20AAD%2C%20but%20no%20are%20users%20synced%2C%20so%20when%20they%20try%20to%20sign%20up%20the%20-AllowEmailVerifiedUsers%20%24false%20stops%20them%20from%20doing%20so%3F%20I'm%20just%20speculating%20here.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-203409%22%20slang%3D%22en-US%22%3ERe%3A%20Select%20guests%20unable%20to%20join%20team%2C%20Azure%20AD%20puzzle%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203409%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fmsonline%2Fset-msolcompanysettings%3Fview%3Dazureadps-1.0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fmsonline%2Fset-msolcompanysettings%3Fview%3Dazureadps-1.0%3C%2FA%3E%20says%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%20class%3D%22parameterName%20stack%22%3E%3CSTRONG%3E-AllowEmailVerifiedUsers%3C%2FSTRONG%3E%3C%2FDIV%3E%0A%3CDIV%20class%3D%22parameterInfo%22%3E%0A%3CP%3E%3CEM%3EIndicates%20whether%20users%20can%20join%20the%20tenant%20by%20email%20validation.%20To%20join%2C%20the%20user%20%3CU%3Emust%20have%20an%20email%20address%20in%20a%20domain%20which%20matches%20one%20of%20the%20verified%20domains%20in%20the%20tenant.%3C%2FU%3E%20This%20setting%20is%20applied%20company-wide%20for%20all%20domains%20in%20the%20tenant.%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EGuests%20are%20unlikely%20to%20have%20an%20email%20address%20in%20a%20domain%20matching%20one%20of%20your%20verified%20domains%2C%20so%20I%20don't%20think%20this%20will%20help.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20screenshot%20advises%20the%20user%20that%20a%20guest%20account%20will%20be%20created%20for%20their%20email%20address%20in%20the%20tenant%20directory.%20That's%20normal.%20See%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.petri.com%2Fteams-supports-guest-users-office-365%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.petri.com%2Fteams-supports-guest-users-office-365%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E
Deleted
Not applicable

Heya'll.

 

I'm having a bit of a puzzle here. 

 

We're hosting some Teams teams for some cross-organizational collaboration which involves inviting different guests from different organizations. 

 

Suddenly I have two users from the same organization that cannot join.

 

This is the error they get:

 

teams-guest-error.PNG

(the part i have scribbled out in the picture is the users own domain)

 

I have googled it and it appears that i can get around this issue by having them (the guests) running the command "Set-MsolCompanySettings -AllowEmailVerifiedUsers $true" in their tenant. This one appears to be set to $false by default.

 

I don't really understand why that should be necessary or why they do get this error. When i try to invite a guest user from my own test-tenant, which has the -AllowEmailVerifiedUsers set to $false, as default, it works great. This screenshot appears to be having them set up a MS account - I didn't have to to any such thing when inviting my own test user.

 

Can anyone shed a light on what's going on here?

 

And if the -AllowEmailVerifiedUsers is set to true, how does that affect a tenant? 

 

Thanks in advance

Arve

 

8 Replies

https://docs.microsoft.com/en-us/powershell/module/msonline/set-msolcompanysettings?view=azureadps-1... says:

 

-AllowEmailVerifiedUsers

Indicates whether users can join the tenant by email validation. To join, the user must have an email address in a domain which matches one of the verified domains in the tenant. This setting is applied company-wide for all domains in the tenant.

 

Guests are unlikely to have an email address in a domain matching one of your verified domains, so I don't think this will help.

 

The screenshot advises the user that a guest account will be created for their email address in the tenant directory. That's normal. See https://www.petri.com/teams-supports-guest-users-office-365

 

Hey Tony, thanks for the reply.

 

I have read the documentation, and your reply, but I'm still none the wiser. And I don't agree that the screenshot advises the user that an guest account will be created.

 

When they try to sign up - an account is created in our AAD, right? That does not jive well with the fact that the error they (on the bottom of the screenshot) get is related to their own domain, not mine. 

 

 

Isn't there supposed to be some difference on pure guest accounts, and guest that uses AAD - and might this be the cause of the issue? Like, their domain is added in AAD, but no are users synced, so when they try to sign up the -AllowEmailVerifiedUsers $false stops them from doing so? I'm just speculating here.

Highlighted

 

I have read the documentation, and your reply, but I'm still none the wiser. And I don't agree that the screenshot advises the user that an guest account will be created.

 

TR: Well, I guess everyone has their own opinion...

 

When they try to sign up - an account is created in our AAD, right? That does not jive well with the fact that the error they (on the bottom of the screenshot) get is related to their own domain, not mine. 

 

TR: A guest account based on their email is created in your AAD. 

 

Isn't there supposed to be some difference on pure guest accounts, and guest that uses AAD - and might this be the cause of the issue? Like, their domain is added in AAD, but no are users synced, so when they try to sign up the -AllowEmailVerifiedUsers $false stops them from doing so? I'm just speculating here.

 

TR: AFAIK, a guest account is a guest account. AllowEmailVerifiedUsers  just refers to validation of accounts based on email addresses verified as being part of your tenant.

This has nothing to do with anyone's opinion. 

 

FACTS:

  • The users are not able to join as guest
  • The have to sign up for a "Microsoft account" when they click the invitation they get
  • When signing up they get an error that their tenant (not mine) does not allow email verified users
  • Other Office 365 users or non Office 365 users can join my tenant as guests with no problems. 

 

I have done some more research and I believe this is related to the sign-up process with users who's domain is added to Azure AD but the user is not. 

 

When signing up for a Microsoft Account the following information is displayed,probably related to the error:

"Note: when you use a work or school email address to set up an account with Microsoft, your IT department may later control your data and restrict what you can do with your account."

Doesn't the error suggest that the problem might lie in the tenant that the users come from? I have no idea what policies are in place there... The fact that guests from other tenants can join your team indicates that the problem lies in a specific tenant...

 

What is also a fact is that when a guest user redeems an invitation to join a team, they do so on the basis that they have a guest account in the hosting tenant. If a guest account does not exist, one is created for them in the tenant's AAD.

 

So maybe you need to have the tenant admin of the source tenant file a support request to get this sorted?

Doesn't the error suggest that the problem might lie in the tenant that the users come from? I have no idea what policies are in place there... The fact that guests from other tenants can join your team indicates that the problem lies in a specific tenant...

Yes exactly, the error appears to be with the tenant of the user signing up. This tells me that there is some nuances to guest users. And I believe that if I, an Office 365 user, is invited as a guest to another team, I will be able to use my own credentials, further suggesting nuances. 

 

What is also a fact is that when a guest user redeems an invitation to join a team, they do so on the basis that they have a guest account in the hosting tenant. If a guest account does not exist, one is created for them in the tenant's AAD.

 

Yes, you are correct. But these specific users are not able to make it this far. 

 

So maybe you need to have the tenant admin of the source tenant file a support request to get this sorted?

 

I might do that, but I'd like to see if i get anywhere on this forum or with a support ticket of my own. 

 

Many thanks for your reply. 

Good luck in pursuing the question. Solving support problems without access to the tenant is an interesting challenge...

Hi Arve,

 

Did you resolve the problem with a guest account activation?

 

We have the same error and want to advice our partner what is their problem and how they can fix it.

 

Regards.

Martin

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
21 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
cntvertex in Discussions on
13 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies