Jul 27, 2019

Microsoft Teams – Type of member (Guest)


Introduction: 

Microsoft introduces Teams app to collaborate with existing employees in a team as well as external users can participate to use team features like chat, sharing screen, meetings, channel file sharing, etc.

If you are new to Microsoft Teams, please visit my previous articles to get more understanding on teams- Introduction, How to create Teams differently.

Who is Guest in Teams -  Partners, Vendors, Suppliers or consultants i.e. anyone who has no access  to your organization network but requires access to connect with internal teams as a guest user.

Objective: 
This needs valid email address like Gmail.com, Outlook.com or any other partner accounts. The person joined as guests gets full access to authorized team and its channel resources.  it avoids IT administrative overheads  like maintenance of external accounts usernames , passwords or account synchronization work. Partners / Vendors uses their own identities and credentials so no need to utilize Azure AD.

Level of guest access in Microsoft Teams:

  • Azure Active Directory(AAD): This controls the guest access at the directory, tenant, and application level 
  • Microsoft Teams: This controls the guest access in Microsoft Teams only. 
  • Office 365 Groups: This controls the guest access in Office 365 Groups and Microsoft Teams both. 
  • SharePoint Online and OneDrive for Business: This controls the guest access in SharePoint Online, OneDrive for Business, Office 365 Groups, and Microsoft Teams.


Below is the flow diagram for guest access authentication for above levels –

Features available for guest account: Guest user has very limited access on Team resources, check below comparison to understand it more with team member access-

Teams Functionality
Guest
Member
Create a Channel (Team Owner control this setting)
Yes
Yes
Participate in a private chat
Yes
Yes
Participate in a channel conversation
Yes
Yes
Post, delete, and edit messages 
Yes
Yes
Share a channel file
Yes
Yes
VOIP calling
Yes
Yes
Group calling
Yes
Yes
Core call controls supported (hold, mute, video on/off, screen sharing)
Yes
Yes
Transfer target
Yes
Yes
Can transfer a call
Yes
Yes
Can consultative transfer
Yes
Yes
Can add other users to a call via VOIP
Yes
Yes
Share a chat file
Yes
Add apps (tabs, bots, or connectors) 
Yes
Create meetings or access schedules
Yes
Access OneDrive for Business storage
Yes
Create tenant-wide and teams/channels guest access policies
Yes
Invite a user outside the Office 365 tenant's domain
(Team owners control this setting.)
Yes
Create a team
Yes
Discover and join a public team
Yes
View organization chart 
Yes

Add external account as a guest user in teams: 
To add guest user in your new team, First ensure  you have enabled guest setting ON in office 365 admin center. Follow below steps to perform this action -
1. Enable guest access to all teams in Microsoft Teams:
a. Click on link - https://admin.teams.microsoft.com/
b. Go to Org - Wide Settings
c. Find Guest Access option
d. Click on ON button for “Allow Guest Access in Teams” to used.
 

2. To provide guest access to vendors / Stockholders or external guest users  with restrictive access, You have to add new member as guest by providing email address in “Add Member”   This can be done two ways first - Go to office outlook url of the team and add member https://outlook.office365.com/people/group/<yourDomain>.onmicrosoft.com/teamName

3. Or second option is to – go to Teams and select Your  NewTeam -> “Manage Members” -> “Add Member” or directly click on “Add Member” .
 
   
4. Once new guest member has been added, wait for new member to accept the team’s invitation and then guest can login as standard member in selected team.
5. Guest User will get teams invitation link as –
            a.    https://invitations.microsoft.com/redeem/?tenant=<tenantID>&user=<userId>&ticket=<guid>&ver=2.0
6. Once click on that link, confirmation form will be provided to join the team.
7. New guest user has been added, now guest member can use resources shared in exiting team by login to team’s application.


Summary:
Guest access is useful feature to collaborate in Teams, organization can provide permissions to external partners or vendor users to access team’s channel files, chat and other applications without compromising organizational data security and with protection of Azure AD.
Note: Images and features referred from Microsoft site: