Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,436 questions
Guest Users can't access SharePoint Website if they are also delegated Admin (MS Partner)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 53%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Dirk Stolle
0
Reputation points
Hi everybody,
I found a confusing issue and I'd like to know if this is by design or an bug. I try to explain it:
Let's assume I am a Microsoft CSP. My company name is contoso.
I use the granular delegated admin permissions (GDAP) to administer my customers.
When I access the customer tenant, my username is replaces with "user_" followed by some numbers. This is by design with GDAP. When I sign-in as a partner admin to the customer tenant, then the customer will see in the sign-in logs something like "contoso technican" not "******@contoso.com".
I am also invited as a guest user to that tenant with my account ******@contoso.com. So when I access the tenant as a guest, my username will be ******@contoso.com.
Problem:
I am a MS Teams guest of a Team. I can access the team as ******@constoso.com and I can also access the files tab within the team and downlaod the files. But, when I try to open the files in the Browser with for example "open in SharePoint" or "open in Browser" I got the error message that I don't have permission to access this SharePoint Website and I need to request access.
What happens is that when opening the SharePoint, it obviously changes my UPN from ******@contoso.com to user_<somenumber> which is the GDAP user.
Sign in to answer