You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the email@example.com sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: ?Unable to invite user.
User1@outlook.com ? Generic authorization exception.?.
You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do?
By default, all users and guests in your directory can invite guests even if they're not assigned to an admin role. External collaboration settings let you turn guest invitations on or off for different types of users in your organization. You can also delegate invitations to individual users by assigning roles that allow them to invite guests.
With Azure AD B2B collaboration, a tenant admin can set the following invitation policies:
Turn off invitations
Only admins and users in the Guest Inviter role can invite
Admins, the Guest Inviter role, and members can invite
All users, including guests, can invite