Limit organizations where users can have guest accounts
By default, other Microsoft 365 and Microsoft Entra organizations can invite your users to participate in their organization as guests. This includes inviting them to teams in Microsoft Teams, SharePoint sites, and sharing individual files and folders with them.
If you only want your users to participate as guests with specific organizations, you can specify these organizations in the Microsoft Entra cross-tenant access settings for B2B collaboration.
Note
Changes to cross-tenant access settings may take six hours to take effect.
Set the default B2B collaboration settings to block users from being guests
Because participating as guests is enabled by default, limiting guest participation to certain organizations requires blocking outbound B2B collaboration by default.
To block outbound B2B collaboration by default
- Sign in to the Microsoft Entra admin center using a Global Administrator or Security Administrator account.
- Expand External Identities, and then select Cross-tenant access settings.
- Select the Default settings tab.
- Under Outbound access settings, select Edit outbound defaults.
- Select the B2B collaboration tab and the Users and groups tab.
- Under Access status, choose Block access.
- Select the External applications tab.
- Under Access status, choose Block access.
- Select Save.
- Close the Default settings blade.
Add an organization
Next, add the organizations where you want to allow your users to collaborate as guests to the Microsoft Entra cross-tenant access list.
To add an organization
- In the Microsoft Entra admin center, under External Identities, select Cross-tenant access settings.
- Select Organizational settings.
- Select Add organization.
- On the Add organization pane, type the full domain name (or tenant ID) for the organization.
- Select the organization in the search results, and then select Add.
- The organization appears in the Organizational settings list.
At this point, all access settings for this organization are inherited from your default settings.
Configure the organization's outbound setting to allow all users
Once you've added the organization, you need to update the organization's outbound settings to allow B2B collaboration users to be added as guests. Do this for each organization where you want to allow your users to be added as guests.
To allow users to B2B collaboration guests in an organization
- In the Microsoft Entra admin center, under External Identities, select Cross-tenant access settings.
- Select the outbound access link for the organization that you want to modify.
- On the B2B collaboration tab, choose Customize settings.
- On the Users and groups tab, under Access status, choose Allow access. Under Applies to, choose to allow all users.
- On the External applications tab, under Access status, choose Allow access. Under Applies to, choose the applications that you want to allow.
- Select Save and close the Outbound access settings blade.
Related topics
Configure cross-tenant access settings for B2B direct connect
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for