Your account is blocked when signing in as guest in Microsoft Teams
If you’re running into trouble trying to sign in a guest user to your Microsoft Teams team, you’re not the only one.
Today, i encountered an error that left me scratching my head. After some investigation, we were able to identify the problem and resolve it. In this blog post, I’ll share my experience and show you how i went about troubleshooting the issue. Specifically, I’ll walk you through the steps i took when a previously added guest user was unable to sign in, receiving an error message each time.
Your account is blocked
So if you’re looking for some tips on how to troubleshoot guest user sign-in issues in Teams, please keep reading!
Investigate the issue
By default MFA is enabled in our tenant, but he never setup his guest account for MFA. Assuming this the signin process already stopped before logging in.
So, we went to the Azure Portal
Opened the Azure Active Directory and searched for the guest account.
Initialy the account seems fine.
The Audit logs where only filled by the actions of the Teams owner when adding the user to the team. Where normally the message is displayed: Microsoft Invitation Acceptance Portal when the user has accepted the invitation to the team, this message was not displayed in the logs.
When looking up the sign-in logs, there are some failures where the user tried to log in.
Looking in to the details of the failure, the Failure reason was pretty specific.
User blocked due to risk on home tenant.
So, based on the steps above, we have concluded that the issue is due to an account state in their own tenant.
So we took a look at their own Azure Activie Directory in the Azure Portal. Moved to Security and under the topic reporting the Risky users item.
The specific user was listed as risky user, we have selected the user and clicked the option Dismiss user(s) risk from the top menu.
After a couple of minutes we tried to log in to Teams and the MFA account setup was displayed. After setting up the MFA, the sign-in is marked as successful.
Hopefully this blog will save you some time in the future ;-)
some extra information about Identity protection can be found here
If you have any questions or suggestions regarding this issue, please use the comments below.