Azure AD Guests - Invitation vs. non Invited - Share Links

%3CLINGO-SUB%20id%3D%22lingo-sub-2297110%22%20slang%3D%22en-US%22%3EAzure%20AD%20Guests%20-%20Invitation%20vs.%20non%20Invited%20-%20Share%20Links%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2297110%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20have%20some%20issues%20regarding%20guest%20user%20an%20wanted%20to%20know%20if%20something%20has%20changed%20regarding%20adding%20guest%20users%20or%20we%20missed%20a%20setting.%20We%20have%20check%20the%20settings%20for%20guest%20invitation%20and%20nothing%20has%20changed%20so%20far.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20a%20Tenant%20guests%20can%20only%20be%20invited%20via%20a%20defined%20process.%20But%20in%20the%20last%20time%20(3-6months)%20we%20have%20experienced%20that%20guest%20user%20will%20be%20automatically%20added.%20We%20assume%20this%20is%20done%20when%20somebody%20creates%20a%20sharelink%20via%20OneDrive%20or%20SharePoint.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20an%20admin%20adds%20a%20guest%20user%20it%20will%20create%20an%20inviation%20message%20and%20the%20%3CSTRONG%3E%3CEM%3ECreation%20Type%3C%2FEM%3E%3C%2FSTRONG%3E%20is%20Invitation%20as%20in%20the%20screenshot%20below.%20But%20we%20have%20also%20have%20guests%26nbsp%3B%20with%20an%20Invitation%20type%20which%20is%20nothing.%20We%20think%20their%20are%20added%20as%20I%20have%20said%20before%20when%20a%20user%20creates%20a%20sharelink%20and%20Microsoft%20find%20corresponding%20Azure%20AD%20entries.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ErikVet_1-1619518590288.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275771i9051AACF48374269%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22ErikVet_1-1619518590288.png%22%20alt%3D%22ErikVet_1-1619518590288.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20this%20correct%20%3F%20The%20Audit%20Logs%20shows%20that%20the%20Users%20without%20an%20%3CEM%3E%3CSTRONG%3ECreation%20Type%3C%2FSTRONG%3E%3C%2FEM%3E%20are%20added%20via%20Microsoft%20ADO.NET%20Data%20Services.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ErikVet_2-1619518865655.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F275773iB7F0FA71CBB54C4A%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22ErikVet_2-1619518865655.png%22%20alt%3D%22ErikVet_2-1619518865655.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EAnyone%20experience%20the%20same%20thing%20and%20the%20most%20asked%20question%20on%20our%20side%20-%20how%20to%20avoid%20this%20%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20problem%20is%20that%20for%20example%20the%20O365%20on%20the%20other%20side%20as%20not%20been%20setup%20or%20was%20just%20for%20testing%20and%20the%20user%20do%20not%20know%20how%20to%20access%20but%20the%20email%20is%20mapped%20as%20B2B%20Collaboration.%20We%20want%20just%20the%20verification%20code%20as%20before.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20that%20makes%20sense.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20Greetings%3C%2FP%3E%3CP%3EErik%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2297110%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2732219%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Guests%20-%20Invitation%20vs.%20non%20Invited%20-%20Share%20Links%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2732219%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20was%20all%20caused%20by%20this%20feature%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22ms-TooltipHost%20root-640%22%3E%26nbsp%3B%3CDIV%20class%3D%22ms-TooltipHost%20root-640%22%3E%3CEM%3E%3CEM%3EAzure%20B2B%20Integration%20with%20SharePoint%20Online%20is%20now%20Generally%20Available%26nbsp%3B%3C%2FEM%3E%3C%2FEM%3E%3CDIV%20class%3D%22ms-TooltipHost%20root-640%22%3E%26nbsp%3B%3CDIV%20class%3D%22ms-TooltipHost%20root-640%22%3Ewhich%20is%20now%20generally%20available.%20This%20feature%20was%20turned%20by%20error%2Fmistake%20on%20in%20our%20tenant%20but%20the%20UI%20or%20Powershell%20didn't%20reflect%20this%20.%3CDIV%20class%3D%22ms-TooltipHost%20root-640%22%3E%26nbsp%3B%3CDIV%20class%3D%22ms-TooltipHost%20root-640%22%3EWe%20had%20to%20turn%20this%20option%20off%20complety%20off%20to%20get%20the%20old%20%22Feature%22%20in%26nbsp%3B%3CDIV%20class%3D%22ms-TooltipHost%20root-640%22%3EExternal%20Identities%26nbsp%3B%7C%20All%20identity%20providers%3CDIV%20class%3D%22ms-TooltipHost%20root-640%22%3E%3CBR%20%2F%3Ee.g.%26nbsp%3B%3CUL%3E%3CLI%3EIf%20you%20share%20file%20no%20guest%20ist%20automatic%20created%3C%2FLI%3E%3CLI%3EShared%20Files%20will%20get%20the%20OTP%20as%20before%3C%2FLI%3E%3CLI%3ENormal%20guests%20can%20be%20added%20via%20Invitation%26nbsp%3B%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20Greetings%3C%2FP%3E%3CP%3EErik%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLI%3E%3C%2FUL%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F248724%22%20target%3D%22_blank%22%3E%40ErikVet%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hello,

 

we have some issues regarding guest user an wanted to know if something has changed regarding adding guest users or we missed a setting. We have check the settings for guest invitation and nothing has changed so far. 

 

In a Tenant guests can only be invited via a defined process. But in the last time (3-6months) we have experienced that guest user will be automatically added. We assume this is done when somebody creates a sharelink via OneDrive or SharePoint. 

 

If an admin adds a guest user it will create an inviation message and the Creation Type is Invitation as in the screenshot below. But we have also have guests  with an Invitation type which is nothing. We think their are added as I have said before when a user creates a sharelink and Microsoft find corresponding Azure AD entries. 

 

ErikVet_1-1619518590288.png

 

Is this correct ? The Audit Logs shows that the Users without an Creation Type are added via Microsoft ADO.NET Data Services.

 

ErikVet_2-1619518865655.png

Anyone experience the same thing and the most asked question on our side - how to avoid this ? 

 

The problem is that for example the O365 on the other side as not been setup or was just for testing and the user do not know how to access but the email is mapped as B2B Collaboration. We want just the verification code as before. 

 

Hope that makes sense. 

 

Many Greetings

Erik 

 

1 Reply

  

This was all caused by this feature 

 
Azure B2B Integration with SharePoint Online is now Generally Available 
 
which is now generally available. This feature was turned by error/mistake on in our tenant but the UI or Powershell didn't reflect this .
 
We had to turn this option off complety off to get the old "Feature" in 
External Identities | All identity providers

e.g. 
  • If you share file no guest ist automatic created
  • Shared Files will get the OTP as before
  • Normal guests can be added via Invitation 

     

    Many Greetings

    Erik 

     

     

@ErikVet