Guest users are one of the most powerful collaboration features in Microsoft 365. They allow organizations to work with vendors, consultants, customers, and partners without creating full internal accounts.
But if you ask most administrators how guest users get created in their tenant, the answer is usually simple.
Someone sends an invite.
That answer is only part of the story.
Not all guest users are created the same way. More importantly, they do not always appear with the same level of intent, visibility, or oversight. In many Microsoft 365 environments, guest accounts appear over time through workflows that IT never directly approved.
In this article we will walk through:
-
The two main ways guest users are created in Microsoft 365
-
Why some guest accounts are intentional while others appear unexpectedly
-
How organizations end up with hundreds or thousands of guest accounts
-
The SharePoint B2B integration setting that changes how guest identities are created
If you want more background on the security risks of guest access, check out my previous video where I explain how compromised guest accounts can be used to attack organizations.
