Granting External Consultants Access to Microsoft 365 and Azure Tenant
Question
You work at Contoso as an IT admin.
You have a Microsoft 365 subscription and an Azure tenant on the Premium 1 tier.
Your manager has decided you need to bring in an external consultant from Company A to do a task.
The consultant should be able to log in with his username and password from Company A.
What should you do?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: D
You should invite the external consultant as a new guest user in your tenant.
This can be done in several ways, for instance in the Azure Active Directory admin portal.
Another method is to connect powershell to the tenant domain and run the New-AzureADMSInvitation command.
Option A is incorrect.
Creating a new internal user is incorrect.
This will not allow him to log in with his Company A username and password.
Option B is incorrect.
A catalog is a container of resources and access packages that can be shared with external users.
Therefore it is not the correct answer.
Option C is incorrect.
This is the powershell-command for creating a new Role assignment.
To know more about guest user invitations, please refer to the link below:
To allow the external consultant from Company A to log in to your Microsoft 365 subscription and Azure tenant, you can follow the below steps:
Option A: Create a new internal user for the consultant in the Contoso tenant This option would require you to create a new user account in your tenant and provide the credentials to the consultant. However, this may not be an ideal solution as it would require you to manage the user account, including password resets and account deactivation, after the task is complete.
Option B: From Azure AD - Identity governance, create a new catalog This option involves creating a new catalog in Azure AD's Identity governance, which would allow you to add external users to a temporary group and grant them access to the necessary resources. This option provides more control and flexibility as you can set the access duration, review the access requests, and remove the user's access when the task is complete.
Option C: Run from PowerShell connected to tenant: New-AzRoleAssignment This option involves creating a new Azure role assignment that allows the consultant to access the required resources. This option is useful when you need to grant access to specific resources, such as Azure resources or Microsoft 365 services, and restrict access to other resources. However, this option requires you to have a good understanding of Azure roles and permissions.
Option D: Run from PowerShell connected to tenant: New-AzureADMSInvitation This option involves sending an invitation to the external consultant to access your Microsoft 365 subscription and Azure tenant. The consultant would receive an email with a link to accept the invitation and set up their account. This option provides an easy way to grant temporary access to external users without creating a new user account or managing access manually.
In summary, the best option to allow an external consultant to access your Microsoft 365 subscription and Azure tenant would be to use Option B: From Azure AD - Identity governance, create a new catalog. This option provides more control and flexibility, allowing you to grant temporary access to external users and remove access when the task is complete.
