Overview

I like many things about Azure AD, however one part of it that has proved extremely useful is the ability to add Guest Users using Azure AD B2B.  Being able to grant users access to hosted services, without having to provide another set of credentials, saves on  administration and support.  Plus, it saves another username and password for the consumer.

With Azure AD B2B, your partner company uses their own identity management solution, reducing the administrative overhead.

  • The partner uses their own identities and credentials.
  • No management of external accounts or passwords.
  • No need to sync accounts or manage account lifecycles.

While this approach is great, it is time consuming using the portal to register a large number of guest users.  This is easily got round though by using PowerShell!

With a CSV file containing the details of the guest users, you can use a script to add the new users.  After being added a registration welcome email is sent.  Then, the additional properties of the user account are updated as required.

 

Example Script

 

Example CSV

The CSV file requires the following headings:

  • Email
  • FirstName
  • Surname
  • Company

You can download a sample CSV file by clicking here.

 

Notes

I’m using the AzureADPreview module as that’s what I have installed for other scripts I run.  The script will run equally as well using the AzureAD module.

To run the above script, the account under which it is running will need the “Guest Inviter” and “User Adminitrator” roles.  If you don’t need to update the account properties, like Department, all the “Set-AzureADUser” lines can be removed.  In this scenario only the “Guest Inviter” role is required.  I would also consider creating a specific account for inviting guest users, as the invitation email includes the full name and contact details of the sending user.  If you don’t want your details going out to partner businesses, then use an account dedicated to inviting guest users.

This could also be autmated to run on a regular basis out of Azure Automation too.  Just get an updated CSV delivered to the location where the CSV is stored.  This is particlualr useful where app administration is being devolved.