I have been breaking my head about a matter I have in a Microsoft 365 tenant.
Case:
- Due to historical decisions a multi-tenant approach has been chosen.
- Tenant A & Tenant B.
- Users from Tenant A have been added to Tenant B as B2B guests. They need to collaborate in SharePoint sites just like they would in Tenant A.
- License E3 has been assigned.
- Converted the external guest into an external member by changing userType to 'member'.
- Azure Guest user restrictions: 'Guest users have the same access as members and grant all member user permissions to guest users by default.' (not true)
- Guests can Invite --> No
- Members can Invite --> No
- basically, the policy should be that only existing guests can collaborate.
Issue: When a guest member is added as a Microsoft 365 group owner thus SharePoint site Owner, they are not able to edit or view the group memberships.
I've run through this several times but the only logical conclusion I can draw is that it is not possible for an external member to adjust group membership because if a guest member would be able to do so he could see all the members in the directory. Which is logically not what you want if you are really dealing with external members.
Is there anything else I could try to elevate external members in the tenant so they are treated exactly the same like internal members? Reason to go with a multi-tenant approach is de-centralized IT, so tenant connections etc. would not be possible.