Udostępnij za pośrednictwem


Microsoft TEAMS: Guest Access

Introduction:

In this article I will be discussing more about new feature "Guest Access" which has been launched recently in Microsoft TEAMS.

Today, Teams is getting better with the rollout of guest access to all Office 365 commercial and education customers. Now Office 365 users can add people from outside their company to a team, so guests can participate in chats, join meetings, collaborate on documents, and more.

 

Teams is built upon Office 365 Groups and provides a new way to access shared assets for an Office 365 group. Teams is the best solution for persistent chat among group/team members. Office 365 Groups is a service that provides cross-application membership for a set of shared team assets, like a SharePoint site or a Power BI dashboard, so that the team can collaborate effectively and securely.

TEAMS is available in three principle forefronts:

  • Teamwork - Based on today's requirement to easily communicate and share with others you want to work with, including people outside your organization. Anyone with an Azure Active Directory (Azure AD) account can be added as a guest in Teams. That means anyone who is present as a user in Azure AD whether being licensed or not with any service/invited user should be valid Office 365 domain user or synced from On-Premise Active Directory to Azure AD using Directory Synchronization.
  • Public accessibility- We’re introducing the ability to add anyone as a guest in Microsoft Teams. This means that anyone with a business or consumer email account, such as Outlook.com, Gmail.com or others, can participate as a guest in Teams with full access to team chats, meetings and files. Previously, anyone with an Azure Active Directory (Azure AD) account could be added as a guest, and now anyone with an email address can be added to a team. All guests in Teams are covered by the same compliance and auditing protection as the rest of Office 365, and can be managed securely within Azure AD.
  • Security and compliance - We have kept Teams to provide enterprise-grade security and compliance assurances. In Teams, guest accounts are added and securely managed within Azure AD. This enables enterprise-grade security, like conditional access policies for guest user access. In addition, with Azure AD, IT departments have unparalleled insight into the activities of external users in their organization through detailed sign-in and access reports. Guest user content and activities are reported under compliance and auditing reporting of Office 365.
  • IT manageability - Guest access in Teams comes with the ability for IT to centrally manage how guests participate within their Office 365 environment, providing consistency across application experiences in Office 365. IT admins can quickly and easily view, add, or revoke a guest's access to the host tenant.

Guest Access Capabilities:

Capabilities Teams User Guest User
Create channels y y
Private chat y y
Channel conversations y y
Channels Files y y
Chat Files Sharing y n
Add apps (tabs, bots, connectors) y n
Tenant wide and Teams\Channels Guest Access policies y y
Users can be invited via any email address outside the O365 tenant's domain n y
Create team y n
Discover and join public teams y n
View org chart y n

 

How guest joins a teams group:

User have email address corresponds to Office 365 or Azure AD work or school can be added as guest user.

[**Before guest user can join, admins need to enable guest access in their respective tenant. Global administrator needs to click Settings > Services & add-ins > Microsoft Teams. Select Guest in Select the user/license type you want to configure, and select On in Turn Microsoft Teams on or off for all users of this type. It might take 1 hour to replicate across environment]

Steps:

  1. From your teams list, just click  next to the team name, and then click Add members.

 

2. Enter the guest's email address.

[**For guests, you need to set the name other people will see. Click  and then type their name.]

What the guest experience is like:

When guest is invited to join a team, they will receive a notification email that includes some information about teams. The guest must redeem the invitation in email messages.

When user tries to redeem using web following notification is received:

Test User 1 & User 1 are added to "Guest Testing" group:

After Guest user is added to Group, all members of group receive notification:

Experience for guest user "User1"

Note: To switch between different teams instance, user can select Microsoft and vice-versa as per requirement

Troubleshooting:

  1. Login to https://aad.portal.azure.com to manage group and members

  2. Manage Audit logs and activity as per below screen shot

  3. To manage users from Azure AD PowerShell, we need to follow following steps:

    1. Install Azure AD PowerShell modules from Azure Active Directory PowerShell Module and sign-in assistance from Microsoft Online Services Sign-In Assistant for IT Professionals RTW.

    2. Open Windows PowerShell as Administrator

    3. Run Import-Module MSOnline

    4. After Step C, run Connect-MsolService

    5. Once, prompted for User Name & Password, provide Global Administrator credentials for the tenant you want to manage Guest Accounts.

    6. To get the list of Guest Accounts in a tenant run:

      Get-MsolUser -All | where {$_.UserType -eq "Guest"}

    7. To change display name for guest user:

      Set-MsolUser -UserPrincipalName "TU1_akumase3.onmicrosoft.com#EXT#@anuagartest.onmicrosoft.com" -DisplayName "Test Guest User 1"

    8. Verify if display name has been changed:

    9. To disable guest user without deleting:

      Set-MsolUser -UserPrincipalName "TU1_akumase3.onmicrosoft.com#EXT#@anuagartest.onmicrosoft.com" -BlockCredential $True

    10. To remove guest user from tenant:

      Remove-MsolUser -UserPrincipalName "TU1_akumase3.onmicrosoft.com#EXT#@anuagartest.onmicrosoft.com"

**Hope the above article helps you in understanding, managing and troubleshooting "Microsoft TEAMS: Guest Access".

Comments

  • Anonymous
    October 15, 2017
    To enable us to communicate with contractors working on Linux, Microsoft Teams needs just 2 features: ability to invite to a team any Live accountsupport for browser notifications
    • Anonymous
      October 15, 2017
      As of now only users who have an email address corresponding to an Azure Active Directory or Office 365 work or school account can be added as a guest user.Thank You,Anurag
  • Anonymous
    October 22, 2017
    When I try to switch accounts from my tenant Teams to guest account, it keeps switching back. Any idea why?
    • Anonymous
      October 24, 2017
      You would need to collect Desktop logs and look for any kind of sign-in error. You can try to look for "SSO: ssoerr - SSO failed" tag. Simultaneously you can follow below steps as well:1. Collect Fiddler Trace and check the request is being redirected to correct URLs. 2. Confirm that invited user is from a valid O365 domain and if on-premises AD created, the user identity is synchronized to AAD. 3. Check Guest AAD Object:  Open PowerShell a. Connect-MsolService b. Authenticate with your MSFT credentials c. Run Get-MsolUser -UserPrincipalName #ext#@microsoft.onmicrosoft.com |fl d. Check the AlternateEmailAddresses and AlternateSecurityIDs attribute, both which get populated after redemption of the invite. If the attribute is NULL, or CONTAINS a COMMA (,) then we had a problem stamping attribute when the user reedemed the Guest Invitation and the user won't be able to sign in.  Even after following above steps does not help in identifying cause of issue then I would recommend you to open case with Microsoft, as it could be issue with URL redirection for accessing Guest Account.Thank You,Anurag
  • Anonymous
    November 19, 2017
    Quality articles is the main to be a focus for the visitors to visit the web site, that's what this web page is providing.
  • Anonymous
    December 01, 2017
    Thanks for your personal marvelous posting! I actually enjoyed reading it, you might be a great author.I will be sure to bookmark your blog and will eventually come back in the future.I want to encourage you to continue your great posts, have a nice holiday weekend!
  • Anonymous
    April 09, 2018
    Pretty! This has been an extremely wonderful article.Many thanks for providing this info.
  • Anonymous
    October 06, 2018
    Hello,nice share.