Invitation of guest account via email OTP still works, even after "AllowEmailVerifiedUsers" is set to False

Dipro 20 Reputation points
2023-09-15T05:46:18.7933333+00:00

In my tenant I disabled the "AllowEmailVerifiedUsers" set to false. Now I have a gmail account. There is no MS account associated with it. Also allow onetime passcode is on. So I invite the gmail account. Now clicked on Accept invitation link -> Provided the OTP -> accepted the invite. This is an email verified account. But according to the Attribute "AllowEmailVerifiedAccount - False", this account should not be added. right? Am I missing something? according to the docs AllowEmailVerifiedUsers controls whether users can join the tenant by email validation. Join means by him/herself (self service sign up) or by an admin invitation. Both should not work. Please help me here.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,908 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,062 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 107.4K Reputation points MVP
    2023-09-15T07:05:58.9066667+00:00

    That's not how this setting works. It does not apply to Guest users at all. "Email verified" users means a user what has an email address associated with a domain verified in your tenant. I.e. if you have verified contoso.com, any user with email of user@contoso.com will be able to self-provision an account in your tenant, if this setting is on.

    In contrast, Guest users need to be invited, regardless of the setting value. They will have a "creation method" value of "invitation", whereas self-provisioned users have "EmailVerified".

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.