By default, all users, including guests, can invite guest users.
Isn’t it beautiful?
No, it’s not!
Definitely not if you are an AAD admin. So treat this post as a warning. Your users, including !!guest users!! can invite other users to your AAD by default. If you are ok with that – then fine. If not, follow THIS LINK to make your life better.
Now, the dark side.
If you are a user who wants to invite someone to the company’s AAD, for example, to add him/her into Teams channel, or Azure DevOps project, then you probably have that power “by default” 😛
Well, you have probably also the power to list ALL users in your AAD. That’s the lesson I learned when I looked for possibilities to get ClientID for dedicated workload principal (and a way to do it, click HERE)
Anyway, the process is simple.
0. Install AzureAD module if you don’t have it
- Log in into you AAD account using powershell and command:
- Send the invitation:
New-AzureADMSInvitation -InvitedUserEmailAddress firstname.lastname@example.org -SendInvitationMessage $True -InviteRedirectUrl "http://the.address.that.you.want.to.redirect.the.userafter.signing.in"
And that’s it. User will receive and invitation email, after accepting it will be redirected to the site in -InviteRedirectUrl.