In this blog post, am going to explain how to invite B2B guest users to Entra ID using Microsoft Intune. To invite a guest user to Microsoft Entra ID using Intune, start by accessing the Microsoft Entra admin center with appropriate permissions, such as User Administrator or Global Administrator.
From the Intune admin center, navigate to Users, where you’ll see the option to Invite external user. Enter the external user’s email address, customize the invitation message if needed, and complete the invitation. The guest user will receive an email with a redemption link to access your organization’s resources.
Once the guest is invited and accepts the invitation, their account is added to your Microsoft Entra ID/Intune tenant as a guest type user. You can manage the guest’s permissions, add them to relevant groups, and control their access to apps through Microsoft Intune. This integration allows you to apply policies and assign roles, ensuring the guest is properly configured for required tasks or access within your environment.
With Intune, guest users can be granted access to specific resources, such as collaborative apps or device management functions, based on group membership or targeted policy assignments. Utilize Intune’s admin center to further manage device and app policies for guest users, ensuring they comply with your organization’s security and access requirements. Monitoring and adjusting guest access is streamlined, thanks to built-in collaboration and external user management features available within both Entra ID and Intune.
Table of Contents
Available User Creation Types
There are mainly two types of user creation available. Refer to the table below for brief descriptions of each. In my upcoming article, I will discuss how to provision a Windows 365 Cloud PC for external identities using Intune. Please stay tuned for that.
| User Type | Description |
|---|---|
| Create new user | Create a new internal user in your organization |
| Invite external user | Invite an external user to collaborate with your organization |
- How to Create Elevate as Current User EPM Rules Policy using Intune
- Key Scenarios of MS Entra External Identity Deployment Architectures
- New External Authentication Methods in Microsoft Entra ID
- Best Guide to use PowerShell Scripts in Intune Enterprise Catalog App
Invite B2B Guest Users to Entra ID using Intune
To Invite Guest Users to Entra ID using Microsoft Intune, follow these steps. First, sign in to the Microsoft Intune Admin Center with your administrator credentials.
- Navigate to Users > All users > +New user > Select Invite external user
In the Basics details pane, you can invite a new guest user from an external organization to collaborate with your team. The user will receive an email invitation that they can accept to start collaborating. Please fill out the options below accordingly.
- Email: Guestuser1@Kurvaikandy.onmicrosoft.com
- Display name: Guest User1
- Invitation message: Please join HTMD Community and check the Send invite message option
- CC recipient: Optional
- Invite redirect URL : https://myapplications.microsoft.com/?tenantid=d61fa037-7f26-49aa-a7bb-4a8c007529df
In the Properties tab, all settings are optional. The user type should be set to Guest, and a usage location must be assigned. Only then can we assign licenses to these external users later.
I have created a security user group for external users. Now, in the Assignments tab, I will add the user to that group. To do this, click on +Add group and select our External Users group.
On the Review + invite page, carefully review all the settings you have defined for inviting external users. Once you have confirmed that everything is correct, select Invite to send the invitation.
How to Accept Invite
There are two methods to accept the invitation. The first is through an email invite, and the second is by using the invite redirect URL available in the basic details pane when creating an invite. Once you receive the email, click on Accept Invitation. Please ensure that the user has a valid Outlook or M365 Apps license to receive the email invitation.
Now it will redirect to myapplications.microsoft.com URL for authentication. Here I am using a Guest user ID; click next and enter the password.
- Native Authentication for Microsoft Entra External ID | Complete Control Over Login Experience
- Cloud PC Zero to Hero Journey DaaS solution Windows 365
- External Collaboration Settings in Entra ID
After successful authentication, you will see a page to accept the permissions requested by the Default directory. It’ll display the permissions requested as well. Review the details and click on Accept.
- Receive your profile data: Your profile data means your name, email address, and photo
- Collect and log your activity: Your activity data means your access, usage, and content associated with their apps and resources
- Use your profile data and activity data: Your activity data means your access, usage, and content associated with their apps and resources
Now you will successfully log in to the myapplications.microsoft.com page. This confirms your authentication is successful.
End Result
We can now verify whether the external user, Guest User1, has been added to the tenant. In the Intune portal.
- Navigate to Users > All users and search for Guest User1 in the search bar
You should see that the guest user has been successfully added to our tenant without any issues. Here you can also get the information about Display name, User principal name, User type, Is Agent, On-premises sync enabled, Identities, Company name and Creation type.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Vaishnav K has over 12 years of experience in SCCM, Intune, Modern Device Management, and Automation Solutions. He writes and shares knowledge about Microsoft Intune, Windows 365, Azure, Entra, PowerShell Scripting, and Automation. Check out his profile on LinkedIn.