Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,668 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 42%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Hello @Luis Olias
Thank you for reaching out to us.
The main difference between "Guest" and "External users" are as follows:
External Users: In Azure AD entitlement management utilizes Azure AD business-to-business (B2B) to collaborate with people outside your organization in another directory. With Azure AD B2B, external users authenticate to their home directory but have a representation in your directory. The representation in your directory enables the user to be assigned access to your resources.
This article describes the settings you can specify to govern access for external users.
Guest Users : Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with guest users from any other organization, while maintaining control over your own corporate data. Work safely and securely with external partners, large or small, even if they don't have Azure AD or an IT department. A simple invitation and redemption process lets partners use their own credentials to access your company's resources. Developers can use Azure AD business-to-business APIs to customize the invitation process or write applications like self-service sign-up portals. For licensing and pricing information related to guest users, refer to Azure Active Directory pricing.
For more information please refer to this article.
Finally in order to make it simple to understand External user has there own Azure AD where they will be Authenticated but the Guest user does not need to have an Azure AD they can even use their personal email ID in order to receive the invitation.
Guest User also has the capability to enable Authentication through Email One-time passcode authentication This is really helpful when a Guest user is unable to Authenticate through other means like Azure AD, a Microsoft account (MSA), or Google federation. With one-time passcode authentication, there's no need to create a Microsoft account. When the guest user redeems an invitation or accesses a shared resource, they can request a temporary code, which is sent to their email address. Then they enter this code to continue signing in. This is going to be a default option for all the tenants from march 2021.