Office 365 and Azure Active directory allow a 1:5 guest access ratio (that is, for every licensed Office 365 user, five guests are allowed to access resources). This applies for most services, including Azure Active Directory premium licensing for B2B features. In the preceding example, we configured a multi-factor authentication Conditional Access policy for guest users. No licenses had to be assigned to the guest users in order to make it work – Azure Active Directory automatically calculates the number of guests that can be supported based on the number of licenses already present in your tenant.

Since guests don't have licenses by default, they have restrictions placed upon them and are limited to basic tasks. They can only view and edit documents in the online versions of the apps after downloading them. By default, they are placed in the Visitors group, so they are only granted read access to content. You can modify the permissions of the Visitors group to allow documents to be edited, or you can elevate them to members. Regardless of their access to the site, they will not be allocated OneDrive storage or be able to use other Office 365 features, such as creating Flows or accessing Power Apps. For those types of tasks, they will need to be granted user licenses (just like other users in your organization) from the Office 365 or Azure Active Directory portal.