Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Managing external identities to enable secure access for partners, customers, and other non-employees
B2B guest sign-in blocked with error 530035 — "Invitations blocked due to suspicious activity" on tenant PII
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 62%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDL%3C/text%3E%3C/svg%3E)
Dylan Levsey
0
Reputation points
Microsoft Entra ID Support Request
Hello - Please Read Carefully. I am having issues getting this ticket submitted from the account I am posting this from. It has been five days.
I originally submitted as a different user; however, I need a Support Request (SR) to be submitted from this account.
Service
Microsoft Entra ID (Azure Active Directory)
Problem Type
Sign-in and Multi-Factor Authentication → User cannot sign in to application
Summary
Issue: B2B guest accounts from a specific domain are blocked with error 530035.
Reported message:
"Invitations blocked due to suspicious activity"
Tenant and Application Details
- Tenant: PII
- Tenant ID: PII
- App: PII
- Correlation ID from failed sign-in: PII
What Works
- Tenant owner account signs in normally
- Gmail-based B2B guest accounts sign in normally
What Fails
- B2B guest accounts from transferonline.com receive error 530035:
"Your sign-in was successful but you don't have permission to access this resource"
- Graph API calls to
/v1.0/invitationsreturn:
"Invitations are blocked for this directory due to suspicious activity. Please contact Microsoft support for help."
What We've Verified
- External collaboration settings allow invitations to any domain (no domain restrictions)
-
appRoleAssignmentRequiredis false on the app service principal - Guest accounts exist in the directory and are enabled
- Guest accounts have been explicitly assigned app roles on the SWA service principal
-
groupMembershipClaimsis set to SecurityGroup - Affected users are members of the correct Entra security groups
Request
- Please lift the "suspicious activity" block on this tenant's invitation capability
- Or advise why only one domain's guests are affected while another domain works correctly
Related SR / Context
This is a resubmission per moderator guidance on Microsoft Q&A.
- Original post by Dylan Levsey on March 30, 2026
- Moderator (Rukmini) requested submission from the affected tenant account
Additional Notes
I am having issues getting this ticket submitted from this account. It has been five days.
I originally submitted as a different user, but I need the SR tied to this account.
Please private message me on this account: ******@gmail.com
Please do NOT delete this request by referring to the earlier request, which is no longer tied to a valid session.
Microsoft Entra ID Support Request
Hello - Please Read Carefully.
I am having issues getting this ticket submitted from the account I am posting this from. It has been five days.
I originally submitted as a different user; however, I need a Support Request (SR) to be submitted from this account.
Service
Microsoft Entra ID (Azure Active Directory)
Problem Type
Sign-in and Multi-Factor Authentication → User cannot sign in to application
Summary
Issue:
B2B guest accounts from a specific domain are blocked with error 530035.
Reported message:
"Invitations blocked due to suspicious activity"
Tenant and Application Details
- Tenant: PII
- Tenant ID: PII
- App: PII
- Correlation ID from failed sign-in: PII
What Works
- Tenant owner account signs in normally
- Gmail-based B2B guest accounts sign in normally
What Fails
- B2B guest accounts from transferonline.com receive error 530035:
"Your sign-in was successful but you don't have permission to access this resource"
- Graph API calls to
/v1.0/invitationsreturn:
"Invitations are blocked for this directory due to suspicious activity. Please contact Microsoft support for help."
What We've Verified
- External collaboration settings allow invitations to any domain (no domain restrictions)
-
appRoleAssignmentRequiredis false on the app service principal - Guest accounts exist in the directory and are enabled
- Guest accounts have been explicitly assigned app roles on the SWA service principal
-
groupMembershipClaimsis set to SecurityGroup - Affected users are members of the correct Entra security groups
Request
- Please lift the "suspicious activity" block on this tenant's invitation capability
- Or advise why only one domain's guests are affected while another domain works correctly
Related SR / Context
This is a resubmission per moderator guidance on Microsoft Q&A.
- Original post by Dylan Levsey on March 30, 2026
- Moderator (Rukmini) requested submission from the affected tenant account
Additional Notes
I am having issues getting this ticket submitted from this account. It has been five days.
I originally submitted as a different user, but I need the SR tied to this account.
Please private message me on this account:
******@gmail.com
Please do NOT delete this request by referring to the earlier request, which is no longer tied to a valid session.
Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Sign in to answer