Can guest accounts be added to distribution lists?

In this article, we clarify whether it is possible to add guest accounts to distribution lists. Why is this relevant for many companies? Guests are not usually part of your organization and are therefore not automatically included in distribution lists. However, in practice, external users often need to be added to distribution lists to facilitate collaboration. We look at whether this is possible and what you need to bear in mind.

The topic of guest accounts is complex and increasingly occupies companies in their everyday work. In our guest account series, we look at various challenges and solutions that we have encountered in our customer projects.

Contact us for advice

What are guest accounts or guests?

Guest accounts in Microsoft Entra ID are special technical user accounts that are used to give external persons (“guests”) – i.e., users who do not belong to your organization – access to selected company resources. Of course, this is done in a controlled manner and for a limited period of time.

It is therefore not a full internal user account, but has a special status and must therefore be managed with care.

The term “guests” is more suitable for describing the “external user group” as a whole. We are referring to the technical component, i.e., the guest accounts behind it, which are relevant for IT.

Microsoft distinguishes between three categories of guest accounts:

Typ	What does that mean exactly
External guest	External users with accounts in another Entra organization or with an external identity provider. They receive guest permissions in the resource organization, and the user object has the type “Guest.”
External member	External users with member permissions in their own organization (e.g., in multi-client capable corporations).
Internal guest	Previously used for external users with internal login credentials. Microsoft now recommends switching these to B2B guest accounts.

These guest accounts are created directly in Entra ID. They are managed centrally, usually via the Entra Admin Center or specialized IAM systems such as our IDM-Portal.

Guest accounts in distribution lists – what works and what doesn’t

Are there different types of distribution lists?

Yes, there is a significant difference between distribution lists in Exchange Online and distribution lists in Microsoft Entra ID.

• Exchange distribution lists are specifically designed for sending email to multiple recipients and are configured in the Exchange management area.

• Entra ID does not use traditional distribution lists like Exchange, but instead offers security groups and M365 groups that are used for access control and collaboration. M365 groups are email-enabled, but they are not the same as traditional Exchange distribution groups.

That is why we will now take a closer look at the Exchange distribution lists.

What happens when a guest account is created?

After a guest account is created in Entra ID, a background process in Exchange Online creates a special email user object with the setting “RecipientTypeDetails” = “GuestMailUser” based on the properties of the guest account.

Can guest accounts be added to distribution lists?

To avoid further suspense, let’s clarify:

✅ Yes, it is possible to add guest accounts to distribution lists.

Since guest mail users have a valid and accessible email address, they can receive emails and can therefore be added to distribution lists.

Please also refer to the Microsoft documentation, which describes that any email address (including external ones) can be added as a member.

What can a guest account do in a distribution list?

The email user object enables the following:

• Emails are forwarded to guest accounts.
• Guest accounts are displayed in the GAL and other Exchange address lists.
• Guest members of Outlook groups can participate in group conversations via email.

How long do guest mail user objects remain?

Guest mail user objects remain in the Exchange directory until the associated guest accounts are removed from Entra ID.

Where can guest mail user objects be edited?

Although you can view guest mail user objects through the Exchange admin center, you cannot update their properties through the GUI. Changes must be made through the Azure AD admin center or using a Graph API (including the Microsoft Graph PowerShell SDK cmdlets) on the guest account. You can update the Exchange-specific properties using the Set-MailUser cmdlet.

You can find a lot of important information on this topic in the following article Comparing Entra ID Guest Accounts and Exchange Online Mail Contacts. This article compares Exchange Online email contacts and Azure AD guest accounts and explores whether email contact tenants should switch to guest accounts.

How long does it take for a guest to appear in Exchange Online?

A guest from Entra will not appear in Exchange Online immediately. Usually, the user is mail-enabled via an automatic process. This takes approx. 24 hours, or longer in individual cases. The guest must have a valid SMTP address. If this takes too long, you can start the enabling process manually via PowerShell.

Topic	Status
Automatic mail enablement provided?	✅ Yes
Within 24h?	⚠️ Usually yes, but not guaranteed
Technical requirements	Guest must have a valid SMTP address
Can it be enforced manually?	✅ Yes, with PowerShell
Can it be used in DL/M365 after enabling?	✅ Yes (if email-enabled)

How our IDM-Portal supports you

With the IDM-Portal from FirstAttribute, you can manage your entire identity and access management via a single portal. An essential element of this are users and groups in Entra ID as well as in Active Directory. For example, you can use the IDM-Portal to:

• create and maintain guests in Entra ID,
• create Entra groups,
• add and remove group members in M365 and security groups

You have the option of doing this from both a group perspective and an individual user perspective.

Summary

Guest accounts can be added to distribution lists in Microsoft Entra ID and Exchange Online as “GuestMailUser” objects. This allows external partners to participate in email exchanges within the organization. A real advantage is that it facilitates collaboration across organizational boundaries.

It is important that guest accounts are actively managed to ensure security and clarity. Changes to guest accounts are best made centrally via the Entra Admin Center or with appropriate PowerShell cmdlets. This keeps collaboration flexible without compromising security and control.

More about the FirstWare IDM-Portal

FirstWare IDM-Portal by FirstAttribute is an integrated Identity and Access Management (IAM) solution that enables automated user and permissions management, whether on-premises or in the cloud.

This portal integrates all facets of identity and access management and provides centralized access to identity and directory services.

Get in touch