Automatic user provisioning in Azure AD

Question

Hello guys,
Recently I have created an app which I'm hosting on Azure App Service. Part of this application is a people picker, based on MS Graph which makes a query to Azure AD to search for users matching the query (by name or e-mail).
We're at the testing stage and there is one thing reported by customer as bug. In people picker (so in Azure AD) the user cannot be retrieved and invited to the system before he signs-in to Azure at least once.
If I understand correctly, the user object is created in Azure AD only after initial login, so there's no way to get all users from on-premise AD.
Can you suggest a workaround or any source of information which clearly states this behavior is by design so I can show it to the customer?
Regards
TOmasz Kornacki

Answer 1

Hi @Tomasz Kornacki · Thank you for reaching out.

The known behavior is with OneDrive/SharePoint Online where users are added to the directory after they have redeemed their invitations. On the other hand, when guest users are added using Azure AD, they immediately show up everywhere without requiring them to redeem their invitations.

• Azure AD B2B collaboration invited users can be picked from OneDrive/SharePoint Online sharing dialog boxes.
• OneDrive/SharePoint Online invited users also show up in Azure AD after they redeem their invitations.

Read more: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/o365-external-user

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.