![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 8%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQC%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,904 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 0%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Guest users are more restricted than members.
Below are the comparisons between the guest and the member.
https://zcusa.951200.xyz/en-us/azure/active-directory/external-identities/user-properties
- External guest: Most users who are commonly considered external users or guests fall into this category. This B2B collaboration user has an account in an external Microsoft Entra organization or an external identity provider (such as a social identity), and they have guest-level permissions in the resource organization. The user object created in the resource Microsoft Entra directory has a UserType of Guest.
- External member: This B2B collaboration user has an account in an external Microsoft Entra organization or an external identity provider (such as a social identity) and member-level access to resources in your organization. This scenario is common in organizations consisting of multiple tenants, where users are considered part of the larger organization and need member-level access to resources in the organization’s other tenants. The user object created in the resource Microsoft Entra directory has a UserType of Member.
| Users and contacts | Enumerate the list of all users and contactsRead all public properties of users and contactsInvite guestsChange their own passwordManage their own mobile phone numberManage their own photoInvalidate their own refresh tokens | Read their own propertiesRead display name, email, sign-in name, photo, user principal name, and user type properties of other users and contactsChange their own passwordSearch for another user by object ID (if allowed)Read manager and direct report information of other users | Read their own propertiesChange their own passwordManage their own mobile phone number |
| Groups | Create security groupsCreate Microsoft 365 groupsEnumerate the list of all groupsRead all properties of groupsRead non-hidden group membershipsRead hidden Microsoft 365 group memberships for joined groupsManage properties, ownership, and membership of groups that the user ownsAdd guests to owned groupsManage dynamic membership settingsDelete owned groupsRestore owned Microsoft 365 groups | Read properties of non-hidden groups, including membership and ownership (even non-joined groups)Read hidden Microsoft 365 group memberships for joined groupsSearch for groups by display name or object ID (if allowed) | Read object ID for joined groupsRead membership and ownership of joined groups in some Microsoft 365 apps (if allowed) |
| Applications | Register (create) new applicationsEnumerate the list of all applicationsRead properties of registered and enterprise applicationsManage application properties, assignments, and credentials for owned applicationsCreate or delete application passwords for usersDelete owned applicationsRestore owned applicationsList permissions granted to applications | Read properties of registered and enterprise applicationsList permissions granted to applications | Read properties of registered and enterprise applicationsList permissions granted to applications |
| Devices | Enumerate the list of all devicesRead all properties of devicesManage all properties of owned devices | No permissions | No permissions |
| Organization | Read all company informationRead all domainsRead configuration of certificate-based authenticationRead all partner contractsRead multi-tenant organization basic details and active tenants | Read company display nameRead all domainsRead configuration of certificate-based authentication | Read company display nameRead all domains |
| Roles and scopes | Read all administrative roles and membershipsRead all properties and membership of administrative units | No permissions | No permissions |
| Subscriptions | Read all licensing subscriptionsEnable service plan memberships | No permissions | No permissions |
| Policies | Read all properties of policiesManage all properties of owned policies | No permissions | No permissions |
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 38%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)