Share via

Invitations are blocked for this directory due to suspicious activity - New tenant

Joseph Cherre 0 Reputation points
2026-05-20T21:39:58.89+00:00

Hello Microsoft Support,

We are experiencing a critical issue with our Azure AD tenant. All B2B guest invitations are failing with the following error:

"Invitations are blocked for this directory due to suspicious activity. Please contact Microsoft support for help."

ErrorCode: Forbidden (403)

Context of Issue: This is a brand new tenant recently upgraded to Pay-As-You-Go subscription. I was sending the invitations to the external collaborators as the Global Administrators of this tenant. Only a few manual invitations were attempted (around 10), not bulk operations. The block occurred almost immediately after a couple invitation attempts. We need to onboard approximately 30 external collaborators for business operations. These users are legitimate customers/partners for our organization who need access to our services. The error message indicates our directory’s invitation capability is now completely blocked due to suspected abuse.

We have verified:

  • External collaboration settings allow invitations from anyone in the organization.
  • No domain restrictions are configured.
  • The issue persists both from the Azure Portal and via Microsoft Graph PowerShell.

Impact:

  • We can no longer invite any new guests.
  • Our onboarding of legitimate users is fully blocked.
  • This is affecting critical business operations and timelines.

Request:

  • Please review and remove the "suspicious activity" block on our directory's invitation capability.
  • Please confirm any guidelines or best practices according to our current suscription to avoid hitting this block in the future.
  • We can provide business justification for this external users if needed.
Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-05-20T21:40:19.72+00:00

    This issue cannot be resolved through configuration changes in the tenant. The behavior indicates a service-side protection/block that must be reviewed and removed by Microsoft support.

    Required next step:

    • Open a critical support ticket with Microsoft (Azure/Microsoft 365 support) from the affected tenant and provide:
      • Tenant ID
      • Error message: “Invitations are blocked for this directory due to suspicious activity. Please contact Microsoft support for help.”
      • Error code: 403 Forbidden
      • Request ID and timestamp
    • The case will be escalated to the appropriate Microsoft internal/Data Protection or service team to investigate and remove the block on B2B invitations.

    Configuration checks already performed (external collaboration settings, domain restrictions, Graph vs portal) are sufficient; no additional portal-side settings will clear this block.

    Once support removes the block, B2B invitations will resume working. For ongoing B2B collaboration, ensure:

    • External collaboration settings and cross-tenant access settings are configured according to business needs.
    • Any allow/block domain lists and cross-tenant access policies are reviewed, as both are evaluated at invitation time.

    Relevant operational points from the documentation:

    • External collaboration settings control who can invite guests, domain restrictions, and guest visibility.
    • Allow/block lists and cross-tenant access settings are both checked at the time of invitation.
    • Cross-tenant access settings are used to manage B2B collaboration with other Microsoft Entra organizations; external collaboration settings are used for non-managed identities.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.