Azure AD account with identities as Externak Azure AD

Virtual Tech 106 Reputation points
2022-11-28T21:46:36.403+00:00

Hi

Can someone please explain why or how a guest user identities is ExternalAzureAD? Does that mean an internal user sent an invite to an external user from another tenant?

264983-image.png

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,451 questions
{count} votes

2 answers

Sort by: Most helpful
  1. JamesTran-MSFT 36,531 Reputation points Microsoft Employee
    2022-11-30T22:49:38.763+00:00

    @Virtual Tech
    Thank you for your post!

    The Identities property of a user within Azure AD indicates that user’s primary identity provider. You're correct when it comes to the ExternalAzureAD Identity - an internal user invited an external user to your Azure AD tenant as part of the B2B collaboration feature, which is a capability of Azure AD External Identities that lets you collaborate with users and partners outside of your organization. For more info - Properties of an Azure Active Directory B2B collaboration user.

    After invitation redemption
    After the B2B collaboration user accepts the invitation, the Identities property is updated based on the user’s identity provider.

    • If the B2B collaboration user is using a Microsoft account or credentials from another external identity provider, Identities reflects the identity provider, for example Microsoft Account, google.com, or facebook.com.
    • If the B2B collaboration user is using credentials from another Azure AD organization, Identities is External Azure AD.

    Identities:
    265806-image.png

    Additional Link:
    Configure external collaboration settings - This lets you specify who can invite external users, allow or block specific domains, and restrict what external guest users can see.

    I hope this helps!

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    1 person found this answer helpful.

  2. Dillon Silzer 56,036 Reputation points
    2022-11-29T04:22:01.16+00:00

    Hi @Virtual Tech

    That is correct, someone from your tenant has invited this user to be a guest for an application within your Azure AD tenant.

    See Configure external collaboration settings for more details:

    https://learn.microsoft.com/en-us/azure/active-directory/external-identities/external-collaboration-settings-configure

    -----------------------------------------

    If this is helpful please accept answer.