Tip: for customizing on Modern Site shared with B2B guests, use SPFx and not PowerApps

In Modern SharePoint, the citizen-developer way for page customization is through PowerApps (instead of the dreaded InfoPath approach). This works out fine..., unless your site is shared with external Azure AD B2B guests. A condition for PowerApps usage is namely that the logged-on user is licensed for a PowerApps Plan. For regular member accounts this license is typical provisioned on onboarding time. For guest accounts you cannot trust that each of them has a PowerApps license already themselves, and then access to use the PowerApps customization requires that a license is assigned in the inviting tenant. But probably you do not want to assign licenses in the inviting tenant to Azure AD B2B guests. After all, one of the charms of the Azure AD B2B model is that for each paid Azure AD license the organization is entitled to invite up to 5 guest accounts without additional costs.

The result for guests that do not have a PowerApps license themselves, is a broken user experience. Instead of a working custom control / form in the SharePoint page, the guest site visitors are confronted with a notification about need for PowerApps Plan license:

A minimal approach to at least avoid the broken UI experience would be to hide the PowerApps control for guest accounts. But also this is not possible: audience targeting on arbitrary webparts is not supported in Modern Pages, see Overview of audience targeting in modern SharePoint sites.

In a SPFx control you can utilize an alternative for audience check, by check on permission group, or check on account type (member or guest). A code example of this approach: Show and hide SPFx Webpart Content based on user permission.

However, when using SPFx for page customization then you’re not subject to additional licensing on top of SharePoint license. So it would not even be needed to hide the control in case logged-on user is a guest account....

Conclusion: if you plan to share a Modern SharePoint site with external guests, then better not use PowerApps for customizing a page that is accessible for guest accounts. Better approach is via SPFx, and accepts this requires coding skills iso no/low-code.

Be aware: Azure AD Hybrid-Join requires Chromium Edge sign-in

Microsoft is loudly promoting and actively pushing upgrade from classic Edge browser to the new Chromium Edge. One thing to be aware of for organizations that utilize Azure AD Hybrid Join for conditional access to enterprise applications, is that Chromium Edge requires user sign-in with Azure AD account. Without the Azure AD sign-in, Chromium Edge does not enroll in hybrid join, and the remote user is denied access to the company enterprise resources (such as Office 365 services, but also any other enterprise application that have Single Sign-On with Azure AD).

See: Hybrid Join - Chromium Edge Browser and Microsoft Edge identity support and configuration