tto / docs / azure / b2b invite settings

if set to the most restrictive setting, no one (including no service principal) can invite guest users.

only users with admin roles means:

• global admins
• user admins
• guest inviters
• service principals with User.Invite.All

can invite guest users.

no more un-managed tenants

Microsoft decided to stop creating un-managed tenants for guests. The new logic is simple:

if the guest is:

• aad
• microsoft account
• google account (and google fed is enabled)
• saml account

The identity provider is contacted for sign-in.

In all other cases, email authentication (code) will be used.

how-to with powershell?