Add an External User view to Office 365 Admin Portal
When external users are invited to a site, their account is created and visible in the Office 365 Admin portal > Active Users.
In this example, I have invited Fabrice from STPSchools. He uses an Organisational account:
It has been added to my Active Users list as:
As more external people are invited, I want to view and manage them as a separate group. I could view them all using the Unlicensed Users view. But that also includes other unlicensed users in my organisation.
Please create a view to list all External User accounts, separate from Unlicensed accounts.
We know that there is no good way of managing external users in the Admin Portal today and we are thinking about ways to solve this.
I have the inverse problem that could be solved the same way. I REALLY DO NOT want to see Guest users in my Active User view. They have their own view "Guest Users" under Users, and so I would like to reserve "Active Users" for all the accounts that I have created for staff or for shared mailboxes. We are going to have a lot of Guest users and they are going to clutter things up something awful.
Please see my other (recent) comment. You MAY better understand what Microsoft were trying to do if you had created a 'contact' for Fabrice first, then shared with that contact. You would have had some management through Contacts. Contacts is Microsoft's Exchange Online way of dealing with external users for many Exchange purposes, other than Sharing (which comes more from the SharePoint side of development). This is an area that needs better unification. However if you create a Contact first, then Share, an #EXT# user is created with a graceful link made between the two, and that has been the case for several years. Microsoft need to build on that.
(https://answers.microsoft.com/en-us/msoffice/forum/all/issues-syncing-ext-accounts/8b6e6d4f-895a-4920-8052-ad3faa70cec0) - posted by somebody back in 2015.
Unfortunately if you share first (resulting in automatic creation of an #EXT# user, you cannot create a matching Contact (error generated due to an address conflict, no handling mechanism provided). You have to delete the #EXT# user, create a Contact then re-share with that Contact.
I think the best solution is for Microsoft to better harmonise the concepts of Contacts and External users, that would work within the logic of what they are already doing (I think).
a) Contacts should become a special type of user, or
b) A Contact should in future be automatically created, rather than one of these #EXT# users, and a Contact be made into an entity that can handle permissions.
Please would people mind looking at my post here:
I have come across a closely related problem. By creating a 'contact' for external people before sharing, you solve a lot of problems, because when you later share, Office 365 can set up a matching #EXT# user with the same address and no errors.
Unfortunately a lot of people don't realise they need to do this until too late. If they have already made shares with the external person (so an #EXT# user already exists) AND THEN they realise they need a contact....
....well then they have a problem, because they just get given an error saying basically the proxy or address is already in use, but in my opinion they SHOULD get asked 'are you trying to create an associated contact'?
Basically, for matching Contacts=#EXT# user, currently you must create Contact first, then share. If you don't, you are forced to delete the #EXT# user, create a contact, then redo all the shares with that person if you can remember them to recreate the #EXT# user, which finally is allowed to match the Contact.
I'm quite new to o365 and was quite worried when I first saw entries like this in our Acitve User list - turns out they were added by a User to a Group.
I really shouldn't be seeing them in the Active User list.
And they all appeared in the list of users when I was adding Members to an internal Group via the Admin panel - I have enough people on my list of actual users without a whole bunch of external user names too. Please can these type of "users" be listed separately.
Todd Miller commented
This issue is going to become so much more prevalent and visible now with the addition of Guest accounts in Groups, as from what I understand they are also added to the user list as external users. Between that and being added from external file sharing, there needs to be a way to manage these users. At the very least I would suggest:
- Add a filter in the User list for External Users (or Guests if they will be renamed that way)
- Currently you can't even create a Custom filter as there is not a way to distinguish those users, as unlicensed does not help, as was mentioned in the post.
Paul Garbett commented
I this noticed these a while ago and wondered what they were #EXTfirstname.lastname@example.org unlicensed.
Please fix this issue, so there is a correct view for external users.
The current design is so messy, I cannot believe it was on purpose. Fix it
Yes, this is definitely a MUST. Or at least communicate it internally. I receiving a lot of complains from Microsoft, that we have not licensed users in customers tenants. Because internal Microsoft statistics of tenant usage show external users same as internal and more important as unlicensed.
Joshua Roth commented
It would also be important to know who invited the external user. Additionally, some external users should probably be hidden from the system administrators. For example, if a user shares a file from their OneDrive, only they should know about it...there is no reason I can think of that an administrator would need to know about external users that have been granted access to a user's private files.
Joshua Roth commented
Yes, this is very much needed. It is very frustrating not being able to distinguish external users from internal users. I've had to disable external sharing until this can be resolved.