Thanks Juan.

Unfortunately, when they add users manually (using Azure AD Portal) it appears that while they can add directly individual MS accounts, they are instead forced to use the B2B procedure (i.e. the CSV) even to add a single O365 (external) account.

In other words, they have not found a way in the AAD portal to add manually just one (f.e.) O365 external account without having to create a CSV for the B2B procedure.

Can you confirm?

Hi Juan. The problem is not with hotmail.com (and similar MSA) users, the problem is with O365 accounts.

How do I manually add to AAD an O365 account (from another tenant) as external user?

Well this is changing for B2B.

The CSV option is being replaced with an API which is part of the Office Graph.

https://graph.microsoft.io/en-us/docs/api-reference/beta/resources/invitation

It was announced at Ignite and still in beta but good to know it is there for testing and a way forward with B2B.

https://channel9.msdn.com/events/Ignite/2016/BRK3108

Good to know.

Nevertheless, I would rather like to have a UI for manually creating O365 external users, one by one, like it is already possible (and mandatory) to do today for MSA external users.

This would be a boon for small organizations that need to create only a handful of external users and don't even know what a CSV is (let alone an API...).

I coded up a quick UI in my developer-oriented playground app. It does add the users in AAD, but I have to admit that the sharing experience is sub-optimal. Seems the external user can only see site & files. Can't see conversations or calendar. Am I doing it wrong?

Hi Paul.

You are correct, external users can see only SPO resources and not EXO resources.

This is due to the strict licensing enforcement for EXO: external users by definition have no EXO licenses and therefore they cannot access EXO resources in the tenant.

On the other side, external users can access SPO resources in the tenant also if they have not SPO licenses: in other words, SPO licensing is substantially not enforced.

All this said, for external users that are mere "sharing targets" of SPO items this behaviour should be obvious: they can access only the SPO items that have been shared with them.

Unfortunately, though, also external members of Office 365 Groups (which can indeed acces all the SPO resources of the Group) cannot access the EXO resources of the Group (they can only receive email notifications for every message posted to the Group conversation area, to which they can also post by email).

(BTW, there are great news about B2B in AAD. Please see the following thread: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-B2B/Azure-AD-B2B-New-updates-make-cros...)

Thank s for the info. I'm guessing that my invite code works. ;) I'll write up a blog post.