I have a domain zippysoft.us with the "default" admin and two guest (B2B) users. One of them is my gmail account. That user is a global admin, the domain has no restrictions on guest users, and he has an office 365 license assigned to him. He can sign into the azure portal just fine and manage the AzureAD stuff for the zippysoft.us domain.
However if I try to sign in to portal.office.com I get an error:
I discovered the userPrincipalName of the B2B user is [REDACTED]_gmail.com#EXTfirstname.lastname@example.org. I can enter that and get a password prompt, but the password for my microsoft account associated with my gmail account does not work.
I can certainly try the password reset option and see if I can get a "local password" associated with this account, but that would completely get rid of the whole federated authentication I'm trying to achieve.
We're outsourcing the servicedesk and so they need certain admin access to be able to do their work. I don't really want to create named accounts for all their engineers in our tenant so was hoping to invite them on their azurad identity (b2b) but then they cannot access the admin portal(s).
I know about delegated admin but I don't want to give all their helpdesk guys global admin access on our tenant....