Guest Cannot Access Teams unless 'tenantId' is povided with login request

%3CLINGO-SUB%20id%3D%22lingo-sub-117856%22%20slang%3D%22en-US%22%3EGuest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-117856%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20created%20several%20guest%20accounts%20following%20the%20instructions%20here%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fguest-access%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fguest-access%3C%2FA%3E%3C%2FP%3E%3CP%3EBasically%2C%3C%2FP%3E%3CP%3E1.%20Enabled%20Guest%20Access%20in%20Office365%20Admin%20Center%3C%2FP%3E%3CP%3E2.%20Added%20guest%20account%20through%20Azure%20Active%20Directory%3C%2FP%3E%3CP%3E%26nbsp%3B%20a.%20Guest%20account%20received%20email%20Azure%20AD%20%22You're%20invited%20to%20the%20organization%22%3C%2FP%3E%3CP%3E%26nbsp%3B%20b.%20Guest%20follows%20the%20%22Get%20Started%22%20link%20in%20the%20email%20to%20create%20a%20password%3C%2FP%3E%3CP%3E4.%20Added%20guest%20to%20a%20Team%20through%20Microsoft%20Teams%20desktop%20application%3C%2FP%3E%3CP%3E%26nbsp%3B%20a.%20Guest%20account%20received%20email%20Teams%20%22You%20have%20been%20added%20to%20a%20team%20in%20Microsoft%20Teams%22%3C%2FP%3E%3CP%3E%26nbsp%3B%20b.%20Guest%20follows%20the%20%22Open%20Microsoft%20Teams%22%20link%20in%20the%20email%20to%20be%20sent%20to%20teams.microsoft.com%3C%2FP%3E%3CP%3E%26nbsp%3B%20c.%20Guest%20is%20redirected%20to%20login.microsoftonline.com%3CBR%20%2F%3E%26nbsp%3B%20d.%20Guest%20logins%20in%20using%20email%2Fpassword%20from%20%232b%3C%2FP%3E%3CP%3E%26nbsp%3B%20e.%20Guest%20is%20redirected%20to%20the%20Teams%20page%20and%20is%20able%20to%20work.%3C%2FP%3E%3CP%3E--%3C%2FP%3E%3CP%3EWhen%20the%20Guest%20tries%20to%20login%20directly%20to%20Teams%20-%20either%20through%20%3CA%20href%3D%22https%3A%2F%2Fteams.microsoft.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Eteams.microsoft.com%3C%2FA%3E%20or%20the%20Teams%20desktop%20application%20-%20they%20are%20redirected%20first%20to%20a%20login%20page%20(login.microsoftonline.com)%2C%20then%20after%20login%20to%20an%20error%20page%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fteams.microsoft.com%2F_%23%2FlicenseError%3FerrorCode%3DUserLicenseNotPresentForbidden%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fteams.microsoft.com%2F_%23%2FlicenseError%3FerrorCode%3DUserLicenseNotPresentForbidden%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20Guest%20can%20still%20login%2Faccess%20Teams%20following%20the%20%22Open%20Microsoft%20Teams%22%20link%20in%20the%20%234b%20email.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EWorkaround%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EIf%20the%20Guest%20adds%20the%20%22tenantId%22%20indicated%20in%20the%20%234b%2FOpen%20Msft%20Teams%20email%20to%20the%20Teams%20URL%2C%20for%20example%3A%20%3CA%20href%3D%22https%3A%2F%2Fteams.microsoft.com%3FtenantId%3D1234567-89ab-cdef-0123-456789abcdef%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fteams.microsoft.com%3FtenantId%3D1234567-89ab-cdef-0123-456789abcdef%3C%2FA%3E%3C%2FP%3E%3CP%3E1.%20Guest%20is%20redirected%20to%20login.microsoftonline.com%3C%2FP%3E%3CP%3E2.%20Guest%20logs%20in%20using%20username%2Fpassword%3C%2FP%3E%3CP%3E3.%20Guest%20is%20redirected%20back%20to%20%3CA%20href%3D%22https%3A%2F%2Fteams.microsoft.com%2F_%3FtenantId%3D1234567-89ab-cdef-0123-456789abcdef%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fteams.microsoft.com%2F_%3FtenantId%3D1234567-89ab-cdef-0123-456789abcdef%3C%2FA%3E%3C%2FP%3E%3CP%3E4.%20Guest%20can%20now%20access%20the%20Team%20(without%20the%20UserLicenseNotPresentForbidden%20error)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20workaround%20only%20works%20through%20the%20Browser%20-%20it%20does%20not%20work%20through%20the%20Teams%20Desktop%20App%2C%20as%20it%20is%20not%20possible%20to%20include%20the%20requisite%20%22tenantId%22%20to%20login.%20Using%20the%20Desktop%20App%20always%20fails%20with%20UserLicenseNotPresentForbidden.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20the%20Guest%20is%20logged%20in%20using%20the%20correct%20%22tenantId%22%2C%20the%20Teams%20menu%20(in%20the%20Browser)%20looks%20like%20this%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20424px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F22370iCA4902F04B34027B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22microsoft-teams-menu.png%22%20title%3D%22microsoft-teams-menu.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20the%20Guest%20clicks%20on%20the%20other%20account%20under%20%22Your%20accounts%22%20(abcdef-0123-4567-89ab-cdef012345)%2C%20the%20Guest%20is%20redirected%20to%20the%26nbsp%3B%3CSPAN%3EUserLicenseNotPresentForbidden%26nbsp%3Berror%20page.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F22371iDCCF9FFDA5743C3A%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22microsoft-teams-userlicensenotpresent.png%22%20title%3D%22microsoft-teams-userlicensenotpresent.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20seems%20that%20a%20Guest%20has%20been%20assigned%20two%20different%20%22tenantId%22s%20(or%20Azure%20Object%20IDs)%2C%20the%20first%20is%20the%20one%20created%20in%20step%20%232%2C%20the%20second%20is%20the%20one%20created%20in%20step%20%234.%20When%20the%20Guest%20tries%20to%20login%20without%20specifying%20the%20tenantId%2C%20login.microsoftonline.com%20defaults%20to%20the%20tenantId%20in%20%232%20(which%20isn't%20authorized%20to%20access%20Teams).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20see%20no%20place%20in%20Teams%2C%20Office365%20Admin%20Center%2C%20or%20Azure%20AD%20to%20manage%20these%20separate%20'tenantId's%20or%20allow%20the%20Guest%20to%20login%20to%20Teams%20using%20the%20Desktop%20App.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20assistance%20would%20be%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-117856%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdministrator%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EGuest%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-184753%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184753%22%20slang%3D%22en-US%22%3E%3CP%3EOfcourse%20i%20get%20you%20all%20posted%20about%20this%20bug.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-184750%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184750%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20the%20quick%20replies%2C%20all.%20It%20does%20look%20like%20a%20bug%2C%20not%20an%20intended%20experience%2C%20as%20I%20also%20see%20the%20selection%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1292%22%20target%3D%22_blank%22%3E%40Steven%20Collier%3C%2FA%3E%20mentioned%20if%20I%20use%20my%20%40outlook.com%20email%20address.%3C%2FP%3E%3CP%3E%40Deleted%2C%20can%20you%20keep%20us%20posted%20here%20on%20any%20progress%20or%20updates%20from%20Microsoft%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20need%20to%20create%20guest%20accounts%20for%20those%20without%20Office%20365%2C%20it's%26nbsp%3Bcertainly%20better%20to%20get%20the%20right%20experience%20with%20their%20own%20email%20addresses%20rather%20than%20asking%20them%20to%20create%26nbsp%3B%40outlook.com%20email%20addresses.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-184743%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184743%22%20slang%3D%22en-US%22%3E%3CP%3EIndeed%20Steven%2C%20this%20is%20how%20it%20should%20work.%20And%20for%20Microsoft%20accounts%20with%20emailadresses%20behind%20it%20from%20gmail%2C%20outlook%20or%20yahoo%20it%20works%20as%20you%20show.%20But%20when%20a%20custom%20domain%20is%20used%20without%20office365%20underneath%20it%20it%20won't%20work%20like%20this%20at%20this%20moment.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-184742%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184742%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20functionality%20for%20none%20AAD%20users%20and%20Microsoft%20users%20is%20indeed%20active.%20But%20as%20this%20post%20shows%2C%20it%20is%20not%20working%20very%20well%20at%20the%20moment.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-184739%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184739%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20added%20it%20to%20Uservoice%20%3CA%20href%3D%22https%3A%2F%2Fmicrosoftteams.uservoice.com%2Fforums%2F555103-public%2Fsuggestions%2F33799987-solution-for-guests-accounts-with-an-organisation%3Ftracking_code%3D9676f8f0c0ced9e928c7cbba2d574a65%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Elink%3C%2FA%3E.%20And%20I%20have%20contact%20with%20Microsoft%20about%20this%20problem.%20I%20have%20sent%20some%20logs%20to%20inspect%20and%20they%20are%20looking%20in%20to%20it.%20That's%20all%20the%20information%20i%20have%20on%20this%20moment.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-184720%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184720%22%20slang%3D%22en-US%22%3E%3CP%3ENeat%2C%20it%20might%20be%20they%20introduced%20that%20tenant%20picker%20experience%2C%20I%20havent%20seen%20it%20before%20-%20ill%20let%20my%20guests%20try%20it%20again%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-184712%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184712%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20certainly%20isn't%20the%20experience%20I%20get.%20When%20I%20log%20into%20the%20desktop%20app%20as%20a%20guest%20using%20a%20Microsoft%20account%20I%20go%20to%20the%20tenant%20picker%20experience%2C%20then%20get%20to%20choose%20which%20tenant%20guest%20access%20to%20use%20...%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F32591i1664B41A46E20E85%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Capture.PNG%22%20title%3D%22Capture.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-184617%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184617%22%20slang%3D%22en-US%22%3E%3CP%3EI%20reported%20it%2C%20and%20was%20met%20with%20a%20%22by%20design%22%20answer.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20a%20colleague%20just%20pointed%20out%20the%20release%20notes%20for%20the%20latest%20version%20of%20the%26nbsp%3BiPhone%20app%20which%20mentions%20the%20ability%20to%20switch%20tenants%20as%20one%20of%20the%20news.%20Can't%20find%20that%20info%20anywhere%20but%20on%20the%20app%20store%20release%20notes%20though.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnother%20thing%20is%20that%20they%20have%26nbsp%3Badded%20the%20capability%20to%20not%20require%20an%20AAD%20tenant%20any%20more%20(so%20no%20particular%20need%20for%20O365%2C%20Outlook%20or%20AAD%20enabled%20guest%20anymore%20it%20would%20seem%20(%20i%20have%20NOT%20tested%20this)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-184536%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184536%22%20slang%3D%22en-US%22%3E%3CP%3EAny%20update%20on%20this%3F%20Has%20someone%20reported%20it%20as%20a%20bug%3F%20I'm%20using%20a%20domain%20not%20associated%20with%20Office%20365%20to%20manage%20guest%20access.%26nbsp%3BI'll%20create%20email%20addresses%20for%20users%20with%20that%20domain%20and%20add%20them%20to%20the%20Office%20365%20Group.%26nbsp%3BThey'll%20then%20create%20Microsoft%26nbsp%3Baccounts%20when%20they%20first%20login.%20This%20is%20needed%20for%20the%20kind%20of%26nbsp%3Bcustomers%20that%20we%20have.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20only%20way%20they%20can%20get%20onto%20Teams%20right%20now%20is%26nbsp%3Bby%20passing%20the%20tenant%20ID%20via%20a%20web%20link%20per%20the%20original%20email%20in%20this%20thread%20from%20back%20in%20October.%20That%20means%20they%20can't%20use%20the%20Desktop%20app%20or%20the%20mobile%20app%20(on%20Android%2C%20at%20least).%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-176273%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-176273%22%20slang%3D%22en-US%22%3EWholeheartedly%20agree!%20I%20am%20not%20entirely%20certain%20the%20support%20engineer%20I%20corresponded%20with%20is%20representing%20the%20product%20teams%20sentiment%20-%20though%20you%20never%20know.%3CBR%20%2F%3E%3CBR%20%2F%3EOn%20a%20side%20note%2C%20I%20have%20been%20in%20several%20MS%20related%20workshops%2C%20conferences%20etc%20where%20they%20use%20Slack%20due%20to%20the%20lack%20of%20MS%20Teams%20guest%20access%2C%20so%20lets%20hope%20they%20put%20some%20internal%20pressure%20on%20the%20team%20to%20make%20it%20work%20like%20it%20should.%20Th%20whole%20Azure%20AD%2FO365%20account%20restriction%20is%20a%20pain%20in%20itself%2C%20and%20if%20you%20can't%20even%20select%20a%20tenant%20in%20the%20native%20apps%20then%20it%20is%20completely%20useless%20in%20many%20cases.%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20ended%20up%20actually%20adding%20our%20external%20consultants%20as%20users%20in%20our%20Azure%20AD%20just%20to%20provide%20them%20with%20proper%20teams%20access%2C%20which%20then%20means%20they%20need%20to%20remember%20a%20second%20set%20of%20credentials%20etc%20-%20stupid%20%3A(%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-176271%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-176271%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20is%20working%20now.%20I%20had%20the%20subscription%20Id%20added%20and%20not%20the%20Tenant%20Id%2C%20stupid%20me.%20But%20in%20reply%20of%20that%20this%20is%20by%20design%2C%20that%20is%20ludicrous.%20Microsoft%20is%20scaring%20people%20away%20with%20this%20structure.%20Microsoft%20Teams%20is%20purely%20a%20collaboration%20tool%2C%20and%20not%20providing%20a%20seamless%20solution%20for%20guests%20is%20not%20acceptable.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-176269%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-176269%22%20slang%3D%22en-US%22%3E%3CP%3EDid%20you%20use%20the%20exact%20same%20URL%20as%20in%20the%20invitation%20email.%20I%20tried%20different%20varieties%20and%20ONLY%20the%20EXACT%20same%20one%20as%20in%20the%20invitation%20email%20works.%20Any%20alterations%20and%20it%20seems%20to%20break.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20had%20a%20support%20ticket%20with%20MS%20and%20the%20support%20engineer%26nbsp%3BI%20was%20in%20contact%20with%20basically%20said%26nbsp%3Bthe%20whole%20thing%20was%20by%20design%20(personally%20i%20highly%20doubt%20that%2C%20but%20that%20is%20another%20matter).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-175759%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-175759%22%20slang%3D%22en-US%22%3E%3CP%3EEven%20with%20the%20addition%20of%20the%20tenantid%20i%20get%20the%20userlicensenotpresentforbidden%20error.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-165283%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-165283%22%20slang%3D%22en-US%22%3E%3CP%3EWell%2C%20this%20sounds%20like%20a%20bug%2C%20please%20log%20it%20with%20Microsoft%20through%20your%20admin%20portal%20or%20Premiere%20support%2C%20you%20wont%20get%20direct%20support%20here.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-164880%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-164880%22%20slang%3D%22en-US%22%3E%3CP%3EExact%20same%20problem%20here.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMS%20we%20need%20a%20fix%2C%20this%20is%20stupid%20%3A(%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-142640%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-142640%22%20slang%3D%22en-US%22%3E%3CP%3ESame%20Issue%20for%20me%20as%20well.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EI%20am%20not%20able%20to%20login%20as%20guest%20user%20in%20Desktop%20App%20at%20my%20client%20office.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETeams%20is%20working%20on%20browser.%3CBR%20%2F%3E%3CBR%20%2F%3EDo%20we%20have%20any%20fix%20for%20this%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-142247%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-142247%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESame%20issue%20here%2C%20and%20sadly%2C%20same%20conclusion.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERegards%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118002%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118002%22%20slang%3D%22en-US%22%3E%3CP%3EThere%20is%20no%20apparent%20way%20to%20do%20this.%20The%20Azure%20AD%20Guest%20invitation%20email%20from%20the%20Team's%20Organization%20sends%20the%20Guest%20to%20a%20Microsoft%20site%20to%20create%20a%20Microsoft%20Account.%20This%20creates%20a%20profile%20(and%20apparently%20a%20new%20Guest%20domain%20Tenant)%20here%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Faccount.activedirectory.windowsazure.com%26nbsp%3B%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faccount.activedirectory.windowsazure.com%26nbsp%3B%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20Microsoft%20Account%20%2F%20Guest%20Profile%20cannot%20be%20edited.%20There%20are%20no%20options%20for%20seeing%2Fsetting%2Fmodifying%20anything%20related%20to%20Guest%20Access%20from%20within%20the%20Microsoft%20Account%20%2F%20Guest%20Profile.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-117971%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-117971%22%20slang%3D%22en-US%22%3EHave%20you%20verified%20that%20Guest%20Access%20is%20also%20enabled%20in%20the%20Guests'%20tenants%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-117872%22%20slang%3D%22en-US%22%3ERe%3A%20Guest%20Cannot%20Access%20Teams%20unless%20'tenantId'%20is%20povided%20with%20login%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-117872%22%20slang%3D%22en-US%22%3E%3CP%3EUPDATE%3C%2FP%3E%3CP%3EIt%20appears%20the%20'tenantId'%20is%20assigned%20to%20the%20Organization%20and%20not%20the%20Guest.%20When%20the%20Guest%20logs%20in%20at%20login.microsoftonline.com%20it%20appears%20it%20tries%20to%20use%20the%20tenantId%20originally%20assigned%20to%20the%20Guest's%20domain%20and%20not%20the%20Organization.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

I have created several guest accounts following the instructions here:

https://docs.microsoft.com/en-us/microsoftteams/guest-access

Basically,

1. Enabled Guest Access in Office365 Admin Center

2. Added guest account through Azure Active Directory

  a. Guest account received email Azure AD "You're invited to the organization"

  b. Guest follows the "Get Started" link in the email to create a password

4. Added guest to a Team through Microsoft Teams desktop application

  a. Guest account received email Teams "You have been added to a team in Microsoft Teams"

  b. Guest follows the "Open Microsoft Teams" link in the email to be sent to teams.microsoft.com

  c. Guest is redirected to login.microsoftonline.com
  d. Guest logins in using email/password from #2b

  e. Guest is redirected to the Teams page and is able to work.

--

When the Guest tries to login directly to Teams - either through teams.microsoft.com or the Teams desktop application - they are redirected first to a login page (login.microsoftonline.com), then after login to an error page:

https://teams.microsoft.com/_#/licenseError?errorCode=UserLicenseNotPresentForbidden

 

The Guest can still login/access Teams following the "Open Microsoft Teams" link in the #4b email.

 

Workaround

If the Guest adds the "tenantId" indicated in the #4b/Open Msft Teams email to the Teams URL, for example: https://teams.microsoft.com?tenantId=1234567-89ab-cdef-0123-456789abcdef

1. Guest is redirected to login.microsoftonline.com

2. Guest logs in using username/password

3. Guest is redirected back to https://teams.microsoft.com/_?tenantId=1234567-89ab-cdef-0123-456789abcdef

4. Guest can now access the Team (without the UserLicenseNotPresentForbidden error)

 

This workaround only works through the Browser - it does not work through the Teams Desktop App, as it is not possible to include the requisite "tenantId" to login. Using the Desktop App always fails with UserLicenseNotPresentForbidden.

 

When the Guest is logged in using the correct "tenantId", the Teams menu (in the Browser) looks like this:

microsoft-teams-menu.png

 

If the Guest clicks on the other account under "Your accounts" (abcdef-0123-4567-89ab-cdef012345), the Guest is redirected to the UserLicenseNotPresentForbidden error page.

 

microsoft-teams-userlicensenotpresent.png

 

It seems that a Guest has been assigned two different "tenantId"s (or Azure Object IDs), the first is the one created in step #2, the second is the one created in step #4. When the Guest tries to login without specifying the tenantId, login.microsoftonline.com defaults to the tenantId in #2 (which isn't authorized to access Teams).

 

I see no place in Teams, Office365 Admin Center, or Azure AD to manage these separate 'tenantId's or allow the Guest to login to Teams using the Desktop App.

 

Any assistance would be appreciated.

20 Replies
Highlighted

UPDATE

It appears the 'tenantId' is assigned to the Organization and not the Guest. When the Guest logs in at login.microsoftonline.com it appears it tries to use the tenantId originally assigned to the Guest's domain and not the Organization.

Highlighted
Have you verified that Guest Access is also enabled in the Guests' tenants?
Highlighted

There is no apparent way to do this. The Azure AD Guest invitation email from the Team's Organization sends the Guest to a Microsoft site to create a Microsoft Account. This creates a profile (and apparently a new Guest domain Tenant) here:

https://account.activedirectory.windowsazure.com 

 

The Microsoft Account / Guest Profile cannot be edited. There are no options for seeing/setting/modifying anything related to Guest Access from within the Microsoft Account / Guest Profile.

Highlighted

Hello,

 

Same issue here, and sadly, same conclusion. 

 

Regards,

Highlighted

Same Issue for me as well. 

I am not able to login as guest user in Desktop App at my client office. 

 

Teams is working on browser.

Do we have any fix for this ?

Highlighted

Exact same problem here.

 

MS we need a fix, this is stupid :(

Highlighted

Well, this sounds like a bug, please log it with Microsoft through your admin portal or Premiere support, you wont get direct support here.

Highlighted

Even with the addition of the tenantid i get the userlicensenotpresentforbidden error.

Highlighted

Did you use the exact same URL as in the invitation email. I tried different varieties and ONLY the EXACT same one as in the invitation email works. Any alterations and it seems to break.

 

I had a support ticket with MS and the support engineer I was in contact with basically said the whole thing was by design (personally i highly doubt that, but that is another matter).

Highlighted

It is working now. I had the subscription Id added and not the Tenant Id, stupid me. But in reply of that this is by design, that is ludicrous. Microsoft is scaring people away with this structure. Microsoft Teams is purely a collaboration tool, and not providing a seamless solution for guests is not acceptable.

Highlighted
Wholeheartedly agree! I am not entirely certain the support engineer I corresponded with is representing the product teams sentiment - though you never know.

On a side note, I have been in several MS related workshops, conferences etc where they use Slack due to the lack of MS Teams guest access, so lets hope they put some internal pressure on the team to make it work like it should. Th whole Azure AD/O365 account restriction is a pain in itself, and if you can't even select a tenant in the native apps then it is completely useless in many cases.

We ended up actually adding our external consultants as users in our Azure AD just to provide them with proper teams access, which then means they need to remember a second set of credentials etc - stupid :(
Highlighted

Any update on this? Has someone reported it as a bug? I'm using a domain not associated with Office 365 to manage guest access. I'll create email addresses for users with that domain and add them to the Office 365 Group. They'll then create Microsoft accounts when they first login. This is needed for the kind of customers that we have. 

 

The only way they can get onto Teams right now is by passing the tenant ID via a web link per the original email in this thread from back in October. That means they can't use the Desktop app or the mobile app (on Android, at least). 

Highlighted

I reported it, and was met with a "by design" answer.

 

However, a colleague just pointed out the release notes for the latest version of the iPhone app which mentions the ability to switch tenants as one of the news. Can't find that info anywhere but on the app store release notes though.

 

Another thing is that they have added the capability to not require an AAD tenant any more (so no particular need for O365, Outlook or AAD enabled guest anymore it would seem ( i have NOT tested this)

Highlighted

This certainly isn't the experience I get. When I log into the desktop app as a guest using a Microsoft account I go to the tenant picker experience, then get to choose which tenant guest access to use ...

 

Capture.PNG

Highlighted

Neat, it might be they introduced that tenant picker experience, I havent seen it before - ill let my guests try it again :)

Highlighted

I have added it to Uservoice link. And I have contact with Microsoft about this problem. I have sent some logs to inspect and they are looking in to it. That's all the information i have on this moment.

Highlighted

The functionality for none AAD users and Microsoft users is indeed active. But as this post shows, it is not working very well at the moment.

Highlighted

Indeed Steven, this is how it should work. And for Microsoft accounts with emailadresses behind it from gmail, outlook or yahoo it works as you show. But when a custom domain is used without office365 underneath it it won't work like this at this moment.

Highlighted

 

Thanks for the quick replies, all. It does look like a bug, not an intended experience, as I also see the selection @Steven Collier mentioned if I use my @outlook.com email address.

@Deleted, can you keep us posted here on any progress or updates from Microsoft?

 

If you need to create guest accounts for those without Office 365, it's certainly better to get the right experience with their own email addresses rather than asking them to create @outlook.com email addresses.