Grant Global Reader role external user issue

Eng Hooi Sun 1 Reputation point
2022-08-21T03:52:58.633+00:00

I have invited external users as guest and granted them Global Reader role in Azure AD.
However when they aceepted the invitation and redirected them to myapplications.microsoft.com, it shows empty.
Is's i missed any steps? or how they can login as Global Reader role on my tenant?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,401 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Harpreet Singh Matharoo 7,861 Reputation points Microsoft Employee
    2023-05-11T07:40:09.2733333+00:00

    Hello @Eng Hooi Sun

    Thank you for reaching out. I would like to confirm below details with you:

    • External users with Global Admin/Reader role should be able to access MyApps portal using direct link as using following syntax: https://myapps.microsoft.com?tenantid=yourdomain.onmicrosoft.com.
    • The external user having Global Admin/Reader role would only be able to view the apps assigned to their user identity in specified tenant and not all apps would be visible. This access limitation for external identities on myapps portal is expected and bydesign.
    • Also, for this to be available your tenant user settings for Enterprise Applications should have following conditional set to yes: "Users can add gallery apps to My Apps".
    • Additionally, Guest users with Global Admin/Reader role should be able to access https://portal.azure.com and browse all the Enterprise Applications as well as App Registrations.
    • Also, your external collaboration setting for users should set to most inclusive for this to work.

    I hope this answer helps to resolve your issue. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.
    0 comments No comments

  2. Dillon Silzer 57,306 Reputation points
    2022-08-21T03:57:37.75+00:00

    Hi @Eng Hooi Sun

    From a similar topic https://community.spiceworks.com/topic/2203710-office365-can-guest-account-be-global-admin

    A person raised a ticket with Microsoft and they stated that you should not be able to do this. Other people tested and received the same error your are receiving.

    To the point, you should not be adding people to Global Admin/Global Reader role that are outside your tenant. If you want to grant someone Global Admin/Global Reader you should create an account for them inside your tenant.

    -------------------------------

    If this is helpful please accept answer.

    1 person found this answer helpful.
    0 comments No comments

  3. Vinod Survase 4,736 Reputation points
    2023-05-11T06:00:42.2733333+00:00

    Hi,

    I gone through the link but seems there is no way to assign Global reader role to external user as I have same requirement and wanted to do it.

    Any possible solution from Microsoft for this?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.