Forum Discussion
Guest Users vs. External Users
We use the terms interchangeably at Microsoft as well. External user is an older term from back when all "guests" in the directory authenticated outside of the home tenant. When we added support for managed guest users (i.e. the user authenticates inside the home tenant), the "external" piece stopped making sense and "guest user" was born.
And as with many of these types of things, we ended up using both names to refer to the same set of features. If there is a feature/scenario where this language does make a difference, we try to make sure it's clearly labeled to avoid confusion.
Thanks,
Stephen Rice
OneDrive Program Manager II
Thanks Stephen for the info.
One additional questions: let's imagine that that Salvatore cannot properly redeem the invitation sent from you because he cannot authenticate at Fabrikam (e.g. he cannot create the account at Fabrikam with his Fabrikam email address).
As workaround the admin at Contoso resets the password of his "sub account" (e.g. Salvatore_EXT_Fabrikam@Contoso.onmicrosoft.com) so he can access Contoso resources using the "sub account" credentials.
Can you explain how the 2 accounts (Contoso and Fabrikam) are related before and after this password reset action?
Thanks,
Alberto Schiavon it's always going to depend on the login used. The guest accounts on Contoso side doesn't have it's own set of login and credentials, even thou you can reset the password it doesn't matter, because anytime you use Microsoft's login page and enter the fabrikam login, it's going to authenticate to the Fabrikam Azure AD, there is a just a trust relationship built there that once you authenticate then you can go to resources via that guest user on contoso's Azure with that linked guest account.
So in essence, resetting that password has no affect on anything since you never actually use that password to authenticate that account (it gets directed to their domain).