Will Atlassian Access work for B2B Guest users in our Azure AD tenant?

Current situation:

We are using the following cloud products: Confluence, Jira Software and Bitbucket. We distinguish two types of users in these products: 1) workers from our own company (registered with a company email addresses) and 2) external users, such as business partners/suppliers (who are registered with their external business email address).

What we hope to achieve:

We would like to use AA to enable SSO, automated user (de)provisioning, and more advanced security policies. We want this two work for all our current users (internal and external).

• We will use our Azure AD tenant as IDP
• We will invite/register the external users currently in our Atlassian products as B2B Guest users in our Azure AD tenant. (More info on B2B Guest users: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b)
• We will have a single Organization for our company which will provide access to Jira Software and Confluence

Questions:

• Will user provisioning and SSO authentication also work for the B2B Guest users in our IDP? Since:
  • The UPN of a B2B Guest users does not contain our company domain. Instead the UPN will end on "@<companydomain>.onmicrosoft.com", which is a domain we obviously cannot verify.
  • The B2B Guest user can still be identified based on their external business email address, since it is registered as the email address in their Azure AD record. However, we cannot verify the company domain of our business partners/suppliers on which their email address is based.
• If yes, will AA recognise the existing external users in our cloud products based on their external email address?
• Any other recommendations or considerations from community members who have set this up successfully?
• Slightly off-topic: Is it possible to have a subset of users login with SSO, while another group of users still uses their local user credentials (application-side).

Thanks for your help.