External Access - External User Flow


I'm just now testing out External Access in Team and am confused by a portion of the flow.  I would think it would confuse end users as well.


1.  An internal user invites an external user into a Team.

2.  External user gets invitation to Teams.

3.  External user clicks on link to Teams.

4.  External user is asked to create an account (I'm assuming this is creating a Microsoft account).  

5.  External user creates the account and is redirected back to the correct Team.  OK all works well there although I'm not sure what happens when an external user already has a Microsoft account.  There didn't appear to be a log in for that.

6.  External user closes out of Teams.

7.  Later external user wants to log back into Teams.  They are challenged to log in and select either a work/school account or personal account.  I had assumed the user created a personal account in step 4, however this does not work.  The external user had to select work/school account in order to be able to log in.  


Is this correct in how things should work?  It's not at all clear in step 4 that I'm actually creating something other than a Microsoft account and there is really no indicator that they should select work/school when attempting to log in later.  I would have assumed you select personal account, but was obviously wrong.  

6 Replies

I just tried with an account that I knew already had a Microsoft account created.  When that external user received the invitation they were not asked to create a new account (makes sense).  Then they were asked to select work/school or personal.  This time I selected personal and it logged the user in.  


So what is happening in the scenario where the external user does not already have a Microsoft account.  What is getting created?  


So what is happening in the scenario where the external user does not already have a Microsoft account.  What is getting created?  

A Microsoft Account is created linked to their existing email address.


The issue is, the e-mail you invited the guest to, they have both a personal and office 365 account with the same e-mail address. When that is the case you will be prompted for work or school account selection, otherwise you just get the single type your login box and enter a password as the login now knows which the address is associated with. When a duplicate exists then they need to either

A. create a new one, which will create a MSA (Microsoft Account, personal). or

B. Change their existing personal MSA login to a different e-mail address. Refer to managing aliases for Microsoft account here: https://support.microsoft.com/en-us/help/12407/microsoft-account-manage-aliases which you then set a new primary alias and remove the one that has a work account associated with it.

It's been causing guest issues as well for me with some of my users inviting people and starting to run into this more and more.


I'm not sure how that's possible as the email accounts I'm sending to are gmail accounts, which certainly do not have Office 365 accounts registered under the same email.  I have used them for prior testing so they may show up as guest users in my own tenant.  Would that cause the same type of behavior do you suppose? 


External access is such powerful feature, but such a pain to support. 

Typing in a gmail account shouldn't prompt for work / personal account after inputting that login, the login box should know right away it's an MSA account and then prompt for password, or to create an account if it isn't tied to an MSA.