Even though a Guest User is created or registered using EUM, when the user logs in, the user may see an error message from Microsoft
This might be because of any of the below reasons, listed from the most common one. After trying out the listed solutions, if the issue is still not resolved, please send an email to firstname.lastname@example.org so we can investigate.
- User already logged into a Microsoft 365 with different account
- Wrong Email Address was created in EUM
- The User's Organization has changed the email address, or the domain of the email address
- In the User's Organization the Azure AD has the user's UPN different from the Email
- The User's Organization has blocked the user from logging into other tenants
- The User's status is Pending Acceptance in your Azure AD tenant
User already logged into a Microsoft 365 with different account
The user might have logged into some other Microsoft application in the browser with another account, which is not registered to your Azure AD tenant. When the user tries to login to the Microsoft 365 of your tenant in the same browser, Microsoft might try to log the user in with the other account, and hence the error might be displayed. The solution is to log out and close the browser, or use an incognito browser.
Wrong Email Address was created in EUM
If the email address for the user's account in EUM, and hence your tenant is wrong, and the user is not aware of this, the user will try to login to the Microsoft 365 app in your tenant with the correct Email Address, even though that is not present in your Azure AD tenant. Hence Microsoft will display the error.
The User's Organization has changed the email address, or the domain of the email address
If the User's organization has changed the email address or the domain of the email address for the user's account in their tenant, then if the user tries to login to EUM using the new email address, it would not work, because you might still have the user with the old email address in your tenant. Changing the email might work. In some cases you might have to delete the guest account and create a new one with the new email in your tenant.
In the User's Organization the Azure AD has the account's UPN different from the Email
In the User's Organization, where the user is a Member type of account, its UPN might be different than the email. An example is shown in the screenshot. In that case, even though you have the correct email for the user in your Azure AD, where the user is a Guest type of account, the user might find it difficult to login to your tenant and might see the error from Microsoft. Solution would be to coordinate with the user's organization's IT department and change the email address for the user in your Azure AD to the correct one using EUM.
The User's Organization has blocked the user from logging into other tenants
The User's organization can block all B2B collaboration with other organizations by updating their default settings in Cross Tennant Settings within External Identities in Azure AD.
The screenshot below displays the Outbound access settings of the Default Settings has B2B Collaboration status “All Allowed”. For the organization whose users are unable to sign in to your tenant as Guest Users, might have the B2B Collaboration “All Blocked”, or partially blocked in their organization's Azure AD. They can either open this to “All Allowed”, or opt in certain users and groups to collaborate with External Organizations.
The User's status is Pending Acceptance in your Azure AD tenant
In your Azure AD, check the guest user's account status. If the status is Pending Acceptance, click Resend Invitation and send the Redemption URL to the user. The User will have to first login to that link, and then access the M365 application in your tenant.