You can restrict Guest User Invitations to be sent by a specific user only (your OneDrive Admin Account). This ensures your practice's team will only be able to invite guests using New Collaborate in FYI, rather than being able to share files directly from the Document Library.
With Guest User Invites restricted, if a practice user attempts to share a document directly from their account instead of FYI, the file will not be sent to the client and the user will receive the error "Sorry, we're unable to reach the server right now. Please try again later".
Important: We recommend creating an independent Microsoft 365 account specifically for the OneDrive Admin User account. If linking to an individual account, additional steps would be required to update permissions if that individual left the practice. Refer to Link your OneDrive Admin Account for New Collaborate.
To limit Guest User Invites:
- Ensure you have created a OneDrive Admin Account as per Link your OneDrive Admin Account for New Collaborate.
- Open Microsoft Entra Admin Centre by visiting https://entra.microsoft.com.
- Log in using the Microsoft Global Admin account.
- From the menu on the left-hand side, select External Identities, then select External collaboration settings.
- In the Guest Invite Settings, enable "Only users assigned to specific admin roles can invite guest users".
- Click Save.
- From the menu on the left-hand side, select Users.
- Search for and open your practice's OneDrive Admin account. Refer to Link your OneDrive Admin Account for New Collaborate.
- From the menu on the left-hand side select Assigned Roles.
- Click Add Assignments.
- Locate the role "Guest inviter".
Guest Inviter is a role within Azure that allows the user to create a guest account via the Collaborate invitation. This role needs to be enabled to create the Guest Account. The OneDrive Admin Account will always be used to create guest account invitations when using New Collaborate in FYI.
- Tick the role "Guest Inviter".
Note: The admin roles Global Administrator and User Administrator also have permission to create guest user accounts. For more information refer to the Microsoft help article Configure external collaboration settings.
Note: If Privileged Identity Management (PIM) is used in Azure, the Assignment Type must be set as "Active". By default, it is set as "Eligible" which will not apply the required role permissions.
- Click Add.
Your Guest User Invites are now limited to be sent using your practice's OneDrive Admin Account.