Introducing full guest access in Microsoft Teams revolutionized the whole concept of team collaboration.
Something that’s even more important with the rising need for remote work tools. Now, you can invite anyone with an email to join your team, collaborate with you, and even create channels on their own.
As great as that is, you need to be cautious when giving people outside your company access to your content. That’s why we’ve prepared this Ultimate admin guide to Microsoft Teams guest users for you.
Who can be a guest user in Microsoft Teams?
Anyone who isn’t part of your organization can be invited to be a guest user. External partners, vendors, suppliers, contractors – all can be invited as either:
- Business users
Anyone with an Azure Active Directory (AAD) account
- Consumer users
Anyone with any type of email address, such as Outlook or Gmail.
What can Microsoft Teams guest users do?
So, what are guest users allowed to do? The following table lists the features available to guest users, compared to authenticated Teams users:
Microsoft Teams guest users capabilities
As you can see, some features are not available to guest users, but those that are, are sufficient for basic collaboration. You can even invite guest users to your team meetings via a link.
Guests with a work or school account in AAD can accept and authenticate with a simple click. Other uses can validate their identity with a one-time passcode.
When they accept the invitation, guest users are placed in a lobby where they wait for an authenticated participant to admit them. This is a security step before final acceptance in a meeting.
They can then access Files, Chats or Activity, participate in audio conversations, and send and receive instant messages and files. They can share their camera or screen, and view other members’ shared screens in Microsoft Teams.
Setting up guest users’ access for Microsoft Teams
Before you can add guest users to your teams, an Office 365 global admin must enable the guest option.
To enable guest access on the Microsoft Teams level:
Sign in to the Microsoft Teams admin portal
In the navigation menu, click Users > Guest access:
Click the dropdown next to Allow guest access in Microsoft Teams:
Microsoft will display a message saying it will take “a couple of hours” for changes to take effect. So, if you see a message “Contact your administrator” when you try to add a guest to your team, the settings are probably still updating.
Dear reader, this is the functionality of our former product, SysKit Security Manager. Check out our new cloud-based Office 365 governance solution, SysKit Point, to monitor user activity, manage permissions, make reports, and govern your users and resources.
In AAD, a global admin can choose, on a global level, who will be able to invite guest users to an organization:
- Directory admins and users in the guest inviter role;
- AAD members;
Inviting guest users to Microsoft Teams
A Microsoft 365 global admin can add a new guest user to the organization through:
- The Microsoft Teams desktop or the web clients, if a global admin is also an owner of a team. This is a more intuitive and faster approach since the admin is already in the team where they want to invite guest users
- Azure Active Directory B2B collaboration. The global admin can invite and authorize a set of external users by uploading a comma-separated values (CSV) to the B2B collaboration portal:
If global sharing settings allow, a team owner or member can invite guest users through the:
- Microsoft Teams desktop or web application;
- Azure AD Application Access Panel, if a global admin has delegated this option to group or application owners.
Depending on the applied external sharing settings, it’s possible your global AAD admin needs to invite the guest user to the organization before a team owner or member can invite users to the team.
Viewing guest users in Microsoft Teams
Every member can view other members of their Team, including guest members, by clicking Manage team:
You can also view guest users in the Microsoft 365 admin center. Click Users > Guest users:
With SysKit Point, you are able to view all Microsoft Teams guests in your tenant, no matter how they were added to your Teams.
Restricting guest users
You can restrict guest access in Microsoft Teams by using Windows PowerShell. You have three options at your disposal:
- Allow or block guest access to all teams and Microsoft 365 groups;
- Allow users to add guests to all teams and Microsoft 365 groups;
- Allow or block guest users from a specific team or Microsoft 365 group.
In addition to those three options, you can allow or block guest users based on their domain. You can do this using the Microsoft Teams admin center.
- Click Users > External access:
2. You can then choose to:
– Allow all external domains
Users can communicate with users from any external domain.
– Allow only specific external domains
All external domains are blocked, apart from the domains you allow.
– Block only specific external domains
All external domains are allowed, apart from the domains you block.
– Block all external domains
Users can’t communicate with any users from external domains.
Webinar Microsoft Teams Behind the Scenes – Recording
Still not sure what Microsoft Teams can bring you, and how it affects your Microsoft 365 administration? This is the right webinar for you! View the recording.
What you’ll explore:
- Microsoft Teams permissions governance.
- Microsoft Teams settings.
- Microsoft Teams guest access and how to control it.
SysKit Point— A Centralized Microsoft 365 & Teams Reporting Tool
SysKit Point gives you comprehensive Microsoft Teams reporting and management, enabling you to:
- Reach an optimal level of productivity if you use Microsoft Teams for remote work.
- Discover Teams in your tenant and associated Microsoft 365 Groups.
- Find out who your Team Owners, Team Members, and Guest Members are.
- Check Teams’ related audit logs for a custom time period.
- Remove guest users and sharing links from Teams with one click.