With Office 365 you can enable B2B by adding guest accounts to your Azure Active Directory. Guest accounts will receive an email asking them to accept the invitation to access applications in your organization. Microsoft will use the domain to verify if this domain is already registered in an Azure Active Directory tenant. It will then try to find the guest users mail address if the domain has been registered.

There were a few issues in this process. We added guest users from different domains where we received the below issue from the people we added.

image

We first tried to verify if this has something to do with conditional access and if the guest accounts were correctly provisioned. The guest accounts were added via SharePoint Online. There was no reference for the user in the Azure Active Directory. I then added the user directly via the Azure AD portal. The user received a new invitation but with the below error

image

The error states that a self-service Azure AD account could not be created for the specific domain. This means that the domain has been registered to an Azure AD tenant. It also means that the user couldn’t be found in this Azure AD tenant. The user will be asked to self-register, but this is normally disabled.

A solution in this case is to contact the administrators or the invited domain. You will have to verify if they have the domain registered in Azure AD without any users. This may happen if the user is still migrating to Azure AD or only users some functionalities from Azure where users are not needed. They company will have to create the users you added manually or via migration. Afterwards the guest users will be able to logon again.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.