SOLVED

Office 365 Group Guest Access is blocked for orgs where the org has part adopted Office365

Contributor

There is a problem adding guests from orgs where there is only partial adoption of Office365.  People at that org with an on premise exchange email account cannot be added as guest to another Office365 tenancy using that on-premise exchange email address.

 

I don't think Microsoft has a workaround for this situation.

3 Replies

Thanks for the question! Can you please clarify if you're talking about the same tenant - As in moving users from on-prem to AAD but only partially? Or are these different tenants?

I'm talking about researchers at Cardiff University (my org) using teams wanting to add to the team users from Manchester Uni - but can only add them with personal email address because manchester has reserved its tenancy but will not migrate until 2019.  Also other universities UNAM (Namibia) have students in Office365 and staff on on-prem exchange - meaning that staff in UNAM can only be guest at Cardiff if UNAM also give them a work-around student account on Office365

 

Neither scenario feels "enterprise" 

 

The problem is Microsoft's Identity management blocks the non-office 365 accounts because they are not in the directory for the domain.

best response confirmed by Somak Bhattacharyya (Microsoft)
Solution

Thanks for the details Christopher, please bear with us as we try and understand the scenario better.

 

Users with an AAD account can sign in directly with it. Users who have an email address that is not tied to an AAD account (on-prem hosted, but without directory sync for example) will fall into two buckets:

1) Those whose org have an AAD presence. In this case, we prevent them from creating an MSA to avoid same email address having both AAD (in future) and MSA  leading to confusion

2) If the org does not have an AAD presence, they will be prompted to create an MSA (associated with that email address)

 

I assume you are referring to #1. We have some improvement being evaluated for this, stay tuned.

 

Let us know if we understood your scenario correctly.