Ensure Azure AD User Administrator Can Invite External Partners | AZ-500 Exam Question Solution

Resolve Unable to Invite User Error: Azure AD Tenant and User Administrator Settings

Prev Question Next Question

Question

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

The User administrator role is assigned to a user named Admin1.

An external partner has a Microsoft account that uses the user1@outlook.com sign in.

Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: Unable to invite user user1@outlook.com Generic authorization exception.

You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.

What should you do?

Answers

A. From the Roles and administrators blade, assign the Security administrator role to Admin1.

B. From the Organizational relationships blade, add an identity provider.

C. From the Custom domain names blade, add a custom domain.

D. From the Users blade, modify the External collaboration settings.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

You need to allow guest invitations in the External collaboration settings.

To allow Admin1 to invite an external partner with a Microsoft account to sign in to the Azure AD tenant, you should follow these steps:

Step 1: Ensure that external collaboration is enabled in Azure AD Before Admin1 can invite an external partner, external collaboration must be enabled in Azure AD. To enable external collaboration, follow these steps:

Sign in to the Azure portal with an account that's a member of the Global administrator or User administrator role.
Go to Azure Active Directory > External collaboration settings.
Set the External collaboration settings to either "Guests can be invited and use Azure AD services" or "Guests can be invited but cannot use Azure AD services".
Save the changes.

Step 2: Add the external partner as a guest user After external collaboration is enabled, Admin1 can invite the external partner to sign in to the Azure AD tenant as a guest user. To do this, follow these steps:

Sign in to the Azure portal with an account that's a member of the Global administrator or User administrator role.
Go to Azure Active Directory > Users.
Click "New guest user" to add the external partner as a guest user.
Enter the external partner's email address (in this case, user1@outlook.com).
Enter any other required information, such as the user's name, job title, and phone number.
Choose the role that the guest user should have in the Azure AD tenant (such as "Guest" or "Member").
Send the invitation.

Step 3: Troubleshoot any issues with the invitation If Admin1 receives an error message while trying to invite the external partner, such as the "Unable to invite user" error mentioned in the question, there may be a problem with the Azure AD tenant's settings or configuration. In this case, there are a few things you can try to troubleshoot the issue:

Check that external collaboration is enabled in Azure AD (as mentioned in Step 1 above).
Check that the external partner's email address is spelled correctly and that there are no typos or other errors in the invitation.
If the external partner has already been invited to the Azure AD tenant, try re-sending the invitation or deleting the old invitation and sending a new one.
If the problem persists, you may need to contact Microsoft support for further assistance.

Prev Question Next Question