SharePoint Online Guest User Licensing
Azure External Identities
Azure External Identities
Have a question?
Almost every time we speak with clients during the discovery phase of their SharePoint Online extranet, there is a sense of confusion when it comes to the Microsoft external user licensing requirements. Some of the common questions are;
- Does an external user require a license to access SharePoint Online?
- What does the 1:5 Active to Guest User licensing ratio mean and when does it apply?
- Is there a certain number of external users I am limited to invite in?
- Am I able to impose features like multi-factor authentication on my external users that will be gaining access?
The questions above can be resolved fairly quickly by following the below guidance.
You can externally share from SharePoint Online utilizing 2 main methods; the first one being native external sharing and the other being Azure Active Directory Business to Business (Azure AD B2B). External sharing is the process of inviting external users who are not part of your company into your SharePoint Online environment via secure link sharing. Native external sharing works fantastic for smaller sharing scenarios. If you would like to learn more about the latest news in external sharing, feel free to read our External Sharing Announcements from #SPC19 article. There is no limit to the number of external users you can invite into your SharePoint Online extranet via external sharing.
Azure AD B2B is typically used in larger sharing scenarios where Guest Users are being invited directly from Azure AD and assigned permissions in certain applications. This can include assigning permissions to roles that have access to SharePoint Online sites. There is no limit to the number of external users you can invite into your SharePoint Online extranet as long as they are simply logging in to SharePoint via Azure AD B2B. Once the user has successfully authenticated as a Guest User, they have full functionality available to them within SharePoint Online. The 1:5 Active to Guest User Licensing ratio means for every one Active Azure Premium license, you can impose that premium feature (ie. Conditional access or multi-factor authentication) on up to 5 Guest Users from that single active license. The only time the licensing ratios applies is when the premium features are being utilized. The Guest user licensing ratio is automatically calculated by Microsoft, so administrators do not need to be concerned with applying licenses.
The following examples are different scenarios to provide clarity on this licensing requirement.
- You want to invite 1,000 users into SharePoint Online and they are simply logging in through Azure AD B2B. The guest user licensing ratio does not apply.
- You want to invite 3,000 users into SharePoint Online and you would like them to progress through a Multi-Factor Authentication. The guest user licensing ratio does apply and the ratio would be 600:3000 which means you must have purchased 600 Azure Premium licenses to support the 3000 guest users being invited in this scenario.