Add Guest User Accounts in Azure AD Portal
Return to AZ-104 Tutorial Page
There is a set method to add guest accounts in Azure AD Portal. We can invite anyone to collaborate with our organization by adding them to our directory as a guest user. In which case, you can either send an invitation email that contains a redemption link or send a direct link to the app that we wish to share. Note, the guest users can sign in with their work, school, or social identities.
Steps for Adding a new guest user in Azure AD
Here are the detailed steps for adding a guest user account in Azure AD Portal:
- Sign in to the Azure portal at portal.azure.com with your credentials.
- In the left-hand menu, click on “Azure Active Directory.”
- In the Azure AD menu, click on “Users.”
- Click on the “New guest user” button at the top of the users list.
- In the “Invite user” pane, enter the email address of the guest user you want to add.
- If you want to add multiple guest users, click on “Add multiple users” and enter their email addresses separated by commas.
- Choose the role you want to assign to the guest user. You can choose from the following options:
- Guest inviter: Can invite other guests to the organization.
- Guest user: Can access resources in your organization, such as apps and SharePoint sites.
- Global reader: Can view all resources in your organization, but cannot make any changes.
- If desired, you can add a personal message to the invitation email.
- Click on “Invite” to send the invitation to the guest user(s).
- Once the guest user receives the invitation email, they need to click on the “Get started” button in the email.
- In the “Welcome to Microsoft” page, the guest user needs to enter their name and create a password.
- Click on “Finish” to complete the process.
- After accepting the invitation and creating the account, the guest user will appear in the users list in the Azure AD portal.
- You can assign additional roles and permissions to the guest user by clicking on their name in the users list and selecting the “Directory role” or “Assigned roles” tab.
Note: Before you can invite guest users to your Azure AD, you need to ensure that guest invitations are enabled in your Azure AD tenant. You can do this by going to “Azure Active Directory” -> “User settings” and then enabling “Guest users can be invited to the organization.”
What are the steps to assign an app to the guest user?
Here are the steps to assign an app to a guest user in Azure AD:
- Sign in to the Azure portal at portal.azure.com with your credentials.
- In the left-hand menu, click on “Azure Active Directory.”
- In the Azure AD menu, click on “Enterprise applications.”
- Find the app you want to assign to the guest user and click on it.
- In the app overview page, click on “Users and groups” from the left-hand menu.
- Click on “Add user” at the top of the page.
- In the “Add Assignment” pane, click on the “Users and groups” dropdown and select “Guest users.”
- Search for the guest user you want to assign the app to and select their name from the list.
- Choose the role you want to assign to the guest user. The available roles will depend on the app you are assigning. For example, you might be able to assign the “User” or “Admin” role.
- If desired, you can add a personal message to the assignment email.
- Click on “Assign” to assign the app to the guest user.
Once you have assigned the app to the guest user, they will be able to access it using their guest account credentials. If the app requires a login, the guest user will need to enter their guest account email address and password to access it.
Process of Accepting Invitation
Here are the steps a guest user can follow to accept an invitation to join an Azure AD organization:
- The guest user will receive an invitation email from the Azure AD organization. The email will contain a personalized message and a “Get started” button. The guest user should click on the “Get started” button.
- The guest user will be redirected to a “Welcome to Microsoft” page where they need to enter their name and create a password for their guest account.
- Once the guest user has entered their name and created a password, they need to click on the “Finish” button to complete the process.
- The guest user will be redirected to the Azure AD organization’s portal where they can view the resources they have been granted access to.
- If the organization has granted the guest user access to an app or resource, the guest user can click on the app/resource icon to access it.
- If the organization has assigned any roles or permissions to the guest user, they can view and manage them by going to the “Directory roles” or “Assigned roles” tabs in the user’s profile page.
Note: If the guest user already has a Microsoft account, they can use their existing account to accept the invitation. They should sign in to their Microsoft account first, then click on the “Get started” button in the invitation email.
AZ-104 Exam Practice Questions
Question 1: You need to add a guest user to your Azure AD tenant to allow them to access a specific resource. Which role should you assign to the guest user?
A. Global Administrator
B. User Administrator
C. Guest Inviter
D. None of the above
Answer: D. None of the above
Explanation: When you add a guest user to your Azure AD tenant, you can assign them a role that determines what they can access and manage within the tenant. However, none of the roles available in Azure AD, including Global Administrator and User Administrator, are specifically designed for guest users. Instead, you should assign the guest user a specific role that is appropriate for the resource they need to access.
Question 2: You want to add a guest user to your Azure AD tenant and give them access to a specific application. What information do you need to provide when you add the guest user?
A. The guest user’s email address
B. The guest user’s phone number
C. The guest user’s home address
D. The guest user’s date of birth
Answer: A. The guest user’s email address
Explanation: When you add a guest user to your Azure AD tenant, you need to provide their email address so that Azure AD can send them an invitation to access the resource. You may also be required to provide additional information, such as their name and organizational affiliation, depending on the settings configured by the Azure AD administrator.
Question 3: You have added a guest user to your Azure AD tenant and given them access to a specific application. What should you do if you need to revoke the guest user’s access?
A. Delete the guest user’s account from the Azure AD tenant
B. Remove the guest user’s role assignment for the application
C. Change the guest user’s password
D. None of the above
Answer: B. Remove the guest user’s role assignment for the application
Explanation: To revoke a guest user’s access to a specific application in Azure AD, you should remove their role assignment for that application. Deleting the guest user’s account from the Azure AD tenant would revoke their access to all resources in the tenant, which may not be necessary or appropriate. Changing the guest user’s password would also not necessarily revoke their access to the application.
Question 4: You want to add a guest user to your Azure AD tenant, but your organization has disabled external sharing. What should you do?
A. Enable external sharing in the Azure AD tenant
B. Contact your Azure AD administrator to request an exception to the external sharing policy
C. Add the guest user to a different Azure AD tenant that allows external sharing
D. None of the above
Answer: B. Contact your Azure AD administrator to request an exception to the external sharing policy
Explanation: If your organization has disabled external sharing in the Azure AD tenant, you will not be able to add guest users unless an exception is made to the policy. You should contact your Azure AD administrator to request an exception or to obtain guidance on alternative solutions that may be available. Enabling external sharing in the Azure AD tenant or adding the guest user to a different tenant that allows external sharing may not be feasible or appropriate solutions.
Reference: Microsoft Documentation