none
Prevent external SharePoint users getting added to Azure AD Directory

    Question

  • I'm new to SharePoint Online administration and Azure AD but I have configured my SharePoint site to allow external sharing and can sent invites that people are able to accept and access the site without issue.

    My problem is that these users are then getting added to the underlying Azure Active Directory, either as a user from an external directory, or as a Microsoft account.  This is going to lead to our corporate Azure AD Directory getting polluted with users who only need to access a single SharePoint site.  These accounts don't even appear to be removed from Azure AD when their access is revoked from SharePoint.

    Is this how it is supposed to work?  Its going to generate a lot of overhead to maintain this.

    Alternatively, is it possible to change a single site collection in SharePoint online to use an alternative Azure Active Directory without affecting the other site collections we have?

    Wednesday, October 26, 2016 11:01 AM

Answers

  • That is the way its designed to work, but the external users in Azure AD shouldn't be synced anywhere else, just Azure AD.  I'm also not aware of any way to change SharePoint online to use a different Azure AD, and certainly not at the site collection level.

    Paul Stork SharePoint Server MVP
    Principal Architect: Blue Chip Consulting Group
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.

    • Marked as answer by Oliver Vickers Thursday, October 27, 2016 9:14 AM
    Wednesday, October 26, 2016 1:01 PM

All replies

  • That is the way its designed to work, but the external users in Azure AD shouldn't be synced anywhere else, just Azure AD.  I'm also not aware of any way to change SharePoint online to use a different Azure AD, and certainly not at the site collection level.

    Paul Stork SharePoint Server MVP
    Principal Architect: Blue Chip Consulting Group
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.

    • Marked as answer by Oliver Vickers Thursday, October 27, 2016 9:14 AM
    Wednesday, October 26, 2016 1:01 PM
  • Thanks for confirming that, I thought it might be the case.  Appreciate the help!

    Thursday, October 27, 2016 9:14 AM