Mark serves as the Identity and Access Manager at MDFT Pro, a premier technology training agency that offers comprehensive Azure certification programs. Claire, the Training Operations Coordinator, frequently needs to collaborate with external consultants and temporary contractors who provide specialized expertise for specific certification courses. The agency maintains an Azure Active Directory tenant named mdftpro.onmicrosoft.com to manage access to their training resources and administrative systems.
Recently, MDFT Pro has hired a temporary vendor who specializes in advanced Azure security training modules. This vendor already has an established Microsoft account with the sign-in credentials user1@outlook.com that they use for their personal and professional Microsoft services. Claire needs to ensure that this external consultant can seamlessly access the necessary training materials and collaboration tools within the MDFT Pro tenant while maintaining their existing Microsoft account identity.
The requirement is to enable authentication for the vendor using their existing user1@outlook.com Microsoft account without requiring them to create a new account or change their current authentication setup. The solution must follow Azure AD best practices for external user access and maintain proper security boundaries between internal users and external collaborators.
Mark needs to demonstrate to his students the proper Azure AD configuration that will enable the vendor to authenticate to the MDFT Pro Azure AD tenant using their existing user1@outlook.com Microsoft account.
What should be configured in Azure AD to achieve this requirement?
Choose the correct answer from the options below.
Please select at least one answer!
Congratulations, that is the correct answer!
I'm sorry, but your answer is not correct.
Explanations for each answer:
From Windows PowerShell, run the New-AzureADUser cmdlet and specify the –UserPrincipalName user1@outlook.com parameter is incorrect. The New-AzureADUser cmdlet creates internal Azure AD users, not guest users. It also cannot use external domains like outlook.com for the UserPrincipalName of internal users.
From the Azure portal, add a custom domain name, create a new Azure AD user, and then specify user1@outlook.com as the username is incorrect. Adding a custom domain and creating a new user would create an internal user account, not enable access for the existing Microsoft account. Custom domains must also be verified and owned by the organization.
From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the –UserPrincipalName user1@outlook.com parameter is incorrect. Similar to option A, the New-AzureADUser cmdlet creates internal users, not guest users. The location (Cloud Shell vs PowerShell) doesn't change this fundamental limitation.
From the Azure portal, add a new guest user, and then specify user1@outlook.com as the email address is correct. Adding a guest user is the correct method to allow external users with Microsoft accounts to authenticate to your Azure AD tenant while maintaining their external identity.
Learn more about adding guest users to Azure Active Directory and managing external identities for B2B collaboration.: