An Azure service that identifies anomalies and defects early with time-series detection.
Hello Dave Brickley,
Greetings! Thanks for raising this question in the Q&A forum.
A quick clarification first: the tag on your question points to Azure AI Anomaly Detector, which is a separate Cognitive Service used for time-series anomaly detection in application telemetry, and it has no connection to Microsoft Entra ID user invitations. What is actually blocking your invite is almost certainly either your tenant's guest invite restrictions or Microsoft Entra ID Protection risk-based policies, not the Anomaly Detector service. The error changing from "suspicious activity detected" to "insufficient privileges" is a strong indicator that the real gate is a permissions or Conditional Access check rather than a fraud-style anomaly block, since a genuine risk detection would keep the same risk-related error text rather than switching to a role error.
- Check who is actually allowed to invite guests in your tenant Go to Microsoft Entra admin center and review the guest invite setting. If it is set to restrict inviting to specific admin roles, only users in the Guest Inviter role (or User Administrator, or Global Administrator) can send invitations, and everyone else gets an insufficient privileges error regardless of anomaly detection.
Microsoft Entra admin center > Identity > External Identities > External collaboration settings
Look at the "Guest invite settings" section and confirm which option is selected, then check whether your account is assigned the Guest Inviter role if the restrictive option is chosen.
- Check role assignments for the account performing the invite Confirm the signed-in administrator actually has one of the roles that can invite guests.
Microsoft Entra admin center > Identity > Roles and administration > Guest Inviter
If your account is not listed as a member, have a Global Administrator or Privileged Role Administrator add you, or use an account that already holds the role.
- Rule out Identity Protection risk-based Conditional Access If Microsoft Entra ID Protection has flagged either the signed-in admin's session or the invited user's identity as risky, a Conditional Access policy requiring password reset, MFA, or blocking sign-in entirely can surface as an access denied style error during the invite flow.
Microsoft Entra admin center > Protection > Identity Protection > Risky users
Microsoft Entra admin center > Protection > Conditional Access > Policies
Check if any risky user or risky sign-in entries correspond to the timeframe of your failed invitations, and temporarily disable or scope down any Conditional Access policy that applies to the Invite external user action to confirm whether it is the cause.
- Review sign-in and audit logs for the exact failure reason The Entra sign-in logs and audit logs give the actual policy or permission that triggered the denial, which is far more precise than the UI error text.
Microsoft Entra admin center > Identity > Monitoring & health > Sign-in logs
Microsoft Entra admin center > Identity > Monitoring & health > Audit logs
Filter by the timestamp of a failed invite attempt and check the Failure reason field, which will typically name the exact Conditional Access policy or missing role.
- On the $30 charge you mentioned Tenant-level policies like guest invite restrictions and Conditional Access are self-service settings that any admin with the correct role can change directly in the portal at no cost. There is no legitimate Microsoft charge to lift a policy your own tenant configured. If you were quoted a fee, that likely refers to purchasing a paid support plan to open a support case, which is not required here since this is resolvable through the role and policy checks above. If after checking steps 1 through 4 you still cannot identify the cause, open a free support request through the Entra admin center rather than paying for a separate support channel.
Microsoft Entra admin center > Help + support > New support request
If this answer helps you kindly accept the answer which will help others who have similar questions.
Best Regards,
Jerald Felix.