Merge pull request #233720 from shlipsey3/fundamentals-user-creation-040623

fundamentals-user-creation-040623

Author: v-regandowner

articles/active-directory/external-identities/add-users-administrator.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: how-to
-ms.date: 10/12/2022
+ms.date: 04/21/2023
 
 ms.author: cmulligan
 author: csmulligan
@@ -17,13 +17,17 @@ ms.collection: M365-identity-device-management
 
 # Add Azure Active Directory B2B collaboration users in the Azure portal
 
-As a user who is assigned any of the limited administrator directory roles, you can use the Azure portal to invite B2B collaboration users. You can invite guest users to the directory, to a group, or to an application. After you invite a user through any of these methods, the invited user's account is added to Azure Active Directory (Azure AD), with a user type of *Guest*. The guest user must then redeem their invitation to access resources. An invitation of a user does not expire.
+As a user who is assigned any of the limited administrator directory roles, you can use the Azure portal to invite B2B collaboration users. You can invite guest users to the directory, to a group, or to an application. After you invite a user through any of these methods, the invited user's account is added to Azure Active Directory (Azure AD), with a user type of *Guest*. The guest user must then redeem their invitation to access resources. An invitation of a user doesn't expire.
 
 After you add a guest user to the directory, you can either send the guest user a direct link to a shared app, or the guest user can select the redemption URL in the invitation email. For more information about the redemption process, see [B2B collaboration invitation redemption](redemption-experience.md).
 
 > [!IMPORTANT]
 > You should follow the steps in [How-to: Add your organization's privacy info in Azure Active Directory](../fundamentals/active-directory-properties-area.md) to add the URL of your organization's privacy statement. As part of the first time invitation redemption process, an invited user must consent to your privacy terms to continue. 
 
+The updated experience for creating new users covered in this article is available as an Azure AD preview feature. This feature is enabled by default, but you can opt out by going to **Azure AD** > **Preview features** and disabling the **Create user experience** feature. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+
+Instructions for the legacy create user process can be found in the [Add or delete users](../fundamentals/add-users-azure-active-directory.md) article.
+
 ## Before you begin
 
 Make sure your organization's external collaboration settings are configured such that you're allowed to invite guests. By default, all users and admins can invite guests. But your organization's external collaboration policies might be configured to prevent certain types of users or admins from inviting guests. To find out how to view and set these policies, see [Enable B2B external collaboration and manage who can invite guests](external-collaboration-settings-configure.md).
@@ -32,39 +36,96 @@ Make sure your organization's external collaboration settings are configured suc
 
 To add B2B collaboration users to the directory, follow these steps:
 
-1. Sign in to the [Azure portal](https://portal.azure.com) as a user who is assigned a limited administrator directory role or the Guest Inviter role.
-2. Search for and select **Azure Active Directory** from any page.
-3. Under **Manage**, select **Users**.
-4. Select **New user** > **Invite external user**. (Or, if you're using the legacy experience, select **New guest user**).
-5. On the **New user** page, select **Invite user** and then add the guest user's information.
+1. Sign in to the [Azure portal](https://portal.azure.com/) in the **User Administrator** role. A role with Guest Inviter privileges can also invite external users.
+
+1. Navigate to **Azure Active Directory** > **Users**.
+
+1. Select **Invite external user** from the menu. 
+
+    ![Screenshot of the invite external user menu option.](media/add-users-administrator/invite-external-user-menu.png)
+
+### Basics
+
+In this section, you're inviting the guest to your tenant using *their email address*. If you need to create a guest user with a domain account, use the [create new user process](../fundamentals/how-to-create-delete-users.md#create-a-new-user) but change the **User type** to **Guest**. 
+
+- **Email**: Enter the email address for the guest user you're inviting.
+
+- **Display name**: Provide the display name.
+
+-  **Invitation message**: Select the **Send invite message** checkbox to customize a brief message to the guest. Provide a Cc recipient, if necessary.
+
+![Screenshot of the invite external user Basics tab.](media/add-users-administrator/invite-external-user-basics-tab.png)
+
+Either select the **Review + invite** button to create the new user or **Next: Properties** to complete the next section.
+
+### Properties
+
+There are six categories of user properties you can provide. These properties can be added or updated after the user is created. To manage these details, go to **Azure AD** > **Users** and select a user to update.
+
+- **Identity:** Enter the user's first and last name. Set the User type as either Member or Guest. For more information about the difference between external guests and members, see [B2B collaboration user properties](user-properties.md)
+
+- **Job information:** Add any job-related information, such as the user's job title, department, or manager.
+
+- **Contact information:** Add any relevant contact information for the user.
+
+- **Parental controls:** For organizations like K-12 school districts, the user's age group may need to be provided. *Minors* are 12 and under, *Not adult* are 13-18 years old, and *Adults* are 18 and over. The combination of age group and consent provided by parent options determine the Legal age group classification. The Legal age group classification may limit the user's access and authority.
+
+- **Settings:** Specify the user's global location.
+
+Either select the **Review + invite** button to create the new user or **Next: Assignments** to complete the next section.
+
+### Assignments
 
-   ![Screenshot showing the new user page.](media/add-users-administrator/invite-user.png)
+You can assign external users to a group, or Azure AD role when the account is created. You can assign the user to up to 20 groups or roles. Group and role assignments can be added after the user is created. The **Privileged Role Administrator** role is required to assign Azure AD roles.
 
-      - **Name.** The first and last name of the guest user.
-   - **Email address (required)**. The email address of the guest user.
-   - **Personal message (optional)** Include a personal welcome message to the guest user.
-   - **Groups**: You can add the guest user to one or more existing groups, or you can do it later.
-   -  **Roles**: If you require Azure AD administrative permissions for the user, you can add them to an Azure AD role by selecting **User** next to **Roles**.  [Learn more](../../role-based-access-control/role-assignments-external-users.md) about Azure roles for external guest users.
+**To assign a group to the new user**:
+
+1. Select **+ Add group**.
+1. From the menu that appears, choose up to 20 groups from the list and select the **Select** button.
+1. Select the **Review + create** button.
+
+    ![Screenshot of the add group assignment process.](media/add-users-administrator/invite-external-user-assignments-tab.png)
+
+**To assign a role to the new user**:
+
+1. Select **+ Add role**.
+1. From the menu that appears, choose up to 20 roles from the list and select the **Select** button.
+1. Select the **Review + invite** button.
+
+### Review and create
+
+The final tab captures several key details from the user creation process. Review the details and select the **Invite** button if everything looks good. An email invitation is automatically sent to the user. After you send the invitation, the user account is automatically added to the directory as a guest.
+
+ ![Screenshot showing the user list including the new Guest user.](media/add-users-administrator//guest-user-type.png)
+
+### External user invitations
+<a name="resend-invitations-to-guest-users"></a>
+
+When you invite an external guest user by sending an email invitation, you can check the status of the invitation from the user's details. If they haven't redeemed their invitation, you can resend the invitation email.
+
+1. Go to **Azure AD** > **Users** and select the invited guest user.
+1. In the **My Feed** section, locate the **B2B collaboration** tile. 
+    - If the invitation state is **PendingAcceptance**, select the **Resend invitation** link to send another email and follow the prompts.
+    - You can also select the **Properties** for the user and view the **Invitation state**.
+
+![Screenshot of the My Feed section of the user overview page.](media/add-users-administrator/external-user-invitation-state.png)
 
    > [!NOTE]
    > Group email addresses aren’t supported; enter the email address for an individual. Also, some email providers allow users to add a plus symbol (+) and additional text to their email addresses to help with things like inbox filtering. However, Azure AD doesn’t currently support plus symbols in email addresses. To avoid delivery issues, omit the plus symbol and any characters following it up to the @ symbol.
-6. Select **Invite** to automatically send the invitation to the guest user. 
- 
-After you send the invitation, the user account is automatically added to the directory as a guest. 
 
- ![Screenshot showing the user list including the new Guest user.](media/add-users-administrator//guest-user-type.png)
+The user is added to your directory with a user principal name (UPN) in the format *emailaddress*#EXT#\@*domain*. For example: *john_contoso.com#EXT#\@fabrikam.onmicrosoft.com*, where fabrikam.onmicrosoft.com is the organization from which you sent the invitations. ([Learn more about B2B collaboration user properties](user-properties.md).)
 
-The user is added to your directory with a user principal name (UPN) in the format *emailaddress*#EXT#\@*domain*, for example, *john_contoso.com#EXT#\@fabrikam.onmicrosoft.com*, where fabrikam.onmicrosoft.com is the organization from which you sent the invitations. ([Learn more about B2B collaboration user properties](user-properties.md).)
 ## Add guest users to a group
-If you need to manually add B2B collaboration users to a group, follow these steps:
+
+If you need to manually add B2B collaboration users to a group after the user was invited, follow these steps:
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator.
 2. Search for and select **Azure Active Directory** from any page.
 3. Under **Manage**, select **Groups**.
 4. Select a group (or select **New group** to create a new one). It's a good idea to include in the group description that the group contains B2B guest users.
 5. Under **Manage**, select **Members**.
 6. Select **Add members**.
-7. Do one of the following:
+7. Complete one of the following set of steps:
 
    - *If the guest user is already in the directory:*
 
@@ -93,7 +154,7 @@ To add B2B collaboration users to an application, follow these steps:
 5. Under **Manage**, select **Users and groups**.
 6. Select **Add user/group**.
 7. On the **Add Assignment** page, select the link under **Users**.
-8. Do one of the following:
+8. Complete one of the following set of steps:
 
    - *If the guest user is already in the directory:*
 
@@ -123,21 +184,6 @@ To add B2B collaboration users to an application, follow these steps:
 
     d. Select **Assign**.
 
-## Resend invitations to guest users
-
-If a guest user hasn't yet redeemed their invitation, you can resend the invitation email.
-
-1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator.
-2. Search for and select **Azure Active Directory** from any page.
-3. Under **Manage**, select **Users**.
-4. In the list, select the user's name to open their user profile.
-5. Under **My Feed**, in the **B2B collaboration** tile, select the **Manage (resend invitation / reset status** link.
-6. If the user hasn't yet accepted the invitation, Select the **Yes** option to resend.
-
-    ![Screenshot showing the Resend Invite radio button.](./media/add-users-administrator/resend-invitation.png)
-
-7. In the confirmation message, select **Yes** to confirm that you want to send the user a new email invitation for redeeming their guest account. An invitation URL will be generated and sent to the user.
-
 ## Next steps
 
 - To learn how non-Azure AD admins can add B2B guest users, see [How users in your organization can invite guest users to an app](add-users-information-worker.md)

articles/active-directory/external-identities/b2b-quickstart-add-guest-users-portal.md

@@ -5,7 +5,7 @@ services: active-directory
 ms.author: cmulligan
 author: csmulligan
 manager: celestedg
-ms.date: 02/16/2023
+ms.date: 04/21/2023
 ms.topic: quickstart
 ms.service: active-directory
 ms.subservice: B2B
@@ -22,47 +22,54 @@ In this quickstart, you'll learn how to add a new guest user to your Azure AD di
 
 If you don’t have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
 
+The updated experience for creating new users covered in this article is available as an Azure AD preview feature. This feature is enabled by default, but you can opt out by going to **Azure AD** > **Preview features** and disabling the **Create user experience** feature. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+
+Instructions for the legacy create user process can be found in the [Add or delete users](../fundamentals/add-users-azure-active-directory.md) article.
+
 ## Prerequisites
 
 To complete the scenario in this quickstart, you need:
 
-- A role that allows you to create users in your tenant directory, such as the Global Administrator role or a limited administrator directory role (for example, Guest inviter or User administrator).
+- A role that allows you to create users in your tenant directory, such as the Global Administrator role or a limited administrator directory role such as Guest Inviter or User Administrator.
 
 - Access to a valid email address outside of your Azure AD tenant, such as a separate work, school, or social email address. You'll use this email to create the guest account in your tenant directory and access the invitation.
 
-## Add a new guest user in Azure AD
+## Invite an external guest user
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) with an account that's been assigned the Global administrator, Guest, inviter, or User administrator role.
+This quickstart guide provides the basic steps to invite an external user. To learn about all of the properties and settings that you can include when you invite an external user, see [How to create and delete a user](../fundamentals/how-to-create-delete-users.md).
 
-1. Under **Azure services**, select **Azure Active Directory** (or use the search box to find and select **Azure Active Directory**).
+1. Sign in to the [Azure portal](https://portal.azure.com/) using one of the roles listed in the Prerequisites.
 
-    :::image type="content" source="media/quickstart-add-users-portal/azure-active-directory-service.png" alt-text="Screenshot showing where to select the Azure Active Directory service.":::
+1. Navigate to **Azure Active Directory** > **Users**.
 
-1. Under **Manage**, select **Users**.
+1. Select **Invite external user** from the menu. 
+
+    ![Screenshot of the invite external user menu option.](media/quickstart-add-users-portal/invite-external-user-menu.png)
+
+### Basics for external users
 
-    :::image type="content" source="media/quickstart-add-users-portal/quickstart-users-portal-user.png" alt-text="Screenshot showing where to select the Users option.":::
+In this section, you're inviting the guest to your tenant using *their email address*. For this quickstart, enter an email address that you can access.
 
-1. Under **New user** select **Invite external user**.
+- **Email**: Enter the email address for the guest user you're inviting.
 
-    :::image type="content" source="media/quickstart-add-users-portal/new-guest-user.png" alt-text="Screenshot showing where to select the New guest user option.":::
+- **Display name**: Provide the display name.
 
-1. On the **New user** page, select **Invite user** and then add the guest user's information.
+-  **Invitation message**: Select the **Send invite message** checkbox to customize a brief message to preview how the invitation message appears.
 
-   - **Name.** The first and last name of the guest user.
-   - **Email address (required)**. The email address of the guest user.
-   - **Personal message (optional)** Include a personal welcome message to the guest user.
-   - **Groups**: You can add the guest user to one or more existing groups, or you can do it later.
-   - **Roles**: If you require Azure AD administrative permissions for the user, you can add them to an Azure AD role.
+![Screenshot of the invite external user Basics tab.](media/quickstart-add-users-portal/invite-external-user-basics-tab.png)
 
-    :::image type="content" source="media/quickstart-add-users-portal/invite-user.png" alt-text="Screenshot showing the new user page.":::
+Select the **Review and invite** button to finalize the process.
 
-1. Select **Invite** to automatically send the invitation to the guest user. A notification appears in the upper right with the message **Successfully invited user**.
+### Review and invite
+
+The final tab captures several key details from the user creation process. Review the details and select the **Invite** button if everything looks good.
+
+An email invitation is sent automatically. 
 
 1. After you send the invitation, the user account is automatically added to the directory as a guest.
 
     :::image type="content" source="media/quickstart-add-users-portal/new-guest-user-directory.png" alt-text="Screenshot showing the new guest user in the directory.":::
 
-
 ## Accept the invitation
 
 Now sign in as the guest user to see the invitation.
@@ -73,7 +80,6 @@ Now sign in as the guest user to see the invitation.
 
     :::image type="content" source="media/quickstart-add-users-portal/quickstart-users-portal-email-small.png" alt-text="Screenshot showing the B2B invitation email.":::
 
-
 1. In the email body, select **Accept invitation**. A **Review permissions** page opens in the browser.
 
     :::image type="content" source="media/quickstart-add-users-portal/consent-screen.png" alt-text="Screenshot showing the Review permissions page.":::