Assigning roles to B2B Guest Users - M365 Workloads
The owner of a CSP (Cloud Solution Provider) subscription must be associated to a specific tenant, and we want to keep our main corporate tenant separate for security purposes. We intended to invite necessary corporate users (or partner accounts) via B2B and allocate CSP roles to them.
This (allocation of roles to B2B users) is currently impossible due to each M365 workload (EXO, SharePoint, etc) not yet support assigning roles to B2B users.
As a result, we may have to maintain separate identities -- possibly for each of our customer's CSP tenants -- which is highly inconvenient and can represent a security issue if an account needs to be de-activated.
- Join CSP program, associate it to a new Azure AD tenant
- B2B invite guest another user
- Attempt to assign admin or other roles to said user
- Create a customer tenant/subscription
- Repeat step 3
These workloads should be supported for assigning roles to Azure AD B2B guest users.