Microsoft Teams have become very popular since they added the ability to invite guests to a Team or Group.
Working with your co-workers is a breeze, but getting Guest Access ready for Teams takes a bit of doing. This article will show you how to add guests to Microsoft Teams and what you need to do to get Teams Guest access ready. Then we’ll look at the steps guests have to go through to get signed in to Teams.
I’ve also got a video that shows exactly what a guest without a Microsoft Account (MSA), has to do in order to set up their MSA account and get into Microsoft Teams.
Microsoft Teams Access Checklist
Before adding guests to your Team or Group, there are a few things for you, as the Admin of the tenant, to get ready.
Here’s a great checklist from Microsoft that we’ll use… https://docs.microsoft.com/en-us/microsoftteams/guest-access-checklist. My checklist is a bit different from theirs, but it works.
Here are the Admin steps we’ll go through:
- Enable guest access at the tenant level
- Configure Sharing in Office 365
- Add your guests in Azure AD
- Configure Office 365 Groups
- Verify you have the correct SharePoint sharing option set
- Understand limitations your guests will have
Step 1 – Enable Guest Access at the Tenant Level
In this step, we need to configure the Guest Access and turn Teams on for all users. To do this, go to the Office 365 admin center, go to Settings > Security & privacy. In Sharing, select Edit. You’ll see the box below. Click the drop-down arrow to select Guest, then make sure Teams is on.
Remember to click Save!
Step 2 – Configure Sharing in Office 365
In this step, we need to configure Guest sharing in SharePoint. To do this, go to the Office 365 admin center, go to Settings > Sharing. Now select Edit. Here, you’ll need to switch to On to let users add new guests to the organization.
Be sure to click Save before exiting.
Step 3 – Add Your Guests in Azure AD
If you’re not a power admin or power user of Office 365, you probably haven’t even noticed Azure AD as one of the many items in your Admin panel. I used it for the first time when I added my guests.
Azure AD is a powerful add-on to your Office 365 tenant where you can manage users, your domain, devices, licenses and a host of other things.
It’s suggested that you add guests in Azure AD to get them registered. This is not absolutely necessary because when you add someone to a Team or a Group, they will be put in Azure AD.
Here’s a look at my list of users in Azure AD. To get here, I went to Admin, then clicked way at the bottom of the Admin Centers choices to Azure AD.
Then I went to the Dashboard where I clicked on, New user.
Step 4 – Configure Office 365 Groups
Groups and Teams are different, but related. You’ll need to make sure the O365 Groups settings will allow guests to access the files, conversations, etc. that you want them to.
To do this, you’ll once again go to the Admin Area and then Settings > Services & Add-ins > Office 365 Groups.
Make sure the settings are as shown below.
Step 5 -Verify Sharing in SharePoint
Here’s another setting in the Admin Center. This time from Admin Center, select SharePoint>Sharing.
The button you choose here depends on how restrictive you want to be. You can see it starts with no sharing and progresses to anonymous links (the most permissive).
I’ve selected the last button, which is sharing to authenticated users (those I’ve invited) with anonymous links. I am restricting everyone to a view only as no one will need to make any changes.
Click the OK button when finished to save your changes.
Step 6 – Understand Limitations Your Guests Have
Your guests are somewhat restricted and Microsoft provides this list of items to be aware of.
From the Guest Access Checklist, here is what Microsoft says:
“The guest experience has limitations by design. Make sure you understand the guest experience so you don’t try to fix something that isn’t a problem. For example, here’s a list of some of the functionality that isn’t available to a guest in Microsoft Teams:
- OneDrive for Business
- People search outside of Teams
- Calendar, Scheduled Meetings, or Meeting Details
- PSTN
- Organization chart
- Create or revise a team
- Browse for a team
- Upload files to a person-to-person chat”
How To Add Guests To Your Team
Now we get to the part where you can actually add people to your Team! You can add them from the Azure AD or right from Teams. (This is assuming you’ve already created at least one Team.)
You can work on Teams from the web, or you can download a desktop app. The example images I have are working from the web. When you’re signed into the portal, click on Teams.
You’ll be taken to the front/dashboard of Microsoft Teams and it’ll look something like below (depending on your O365 theme).
To start adding people, click the ellipsis next to your Team name (under Favorites). You’ll see several menu items, select ‘Add Members’.
When you type a name from your organization, the name will appear, but if you’re inviting a guest, you’ll need to add them by email address.
Microsoft Teams automatically sends an email to your guest. Below is what the email looks like to the guest. Your guest will click on the bar in the email and they’ll be taken to your Team.
Let’s take a look at what happens when there is not a Microsoft Account set up. When your guest starts the login process with their email and there is no MSA associated with it, they’ll get the message below.
During this setup process, the guest will be prompted to authenticate their identity not once, but twice. Then they will be granted access and be able to log in.
Video on Setting Up a Microsoft Account While Joining a Microsoft Team
To help you see the process, here’s a four-minute video I did on how to set up a guest account for Teams and the two authentication steps I had to take.
Teams Guest Access Can Be Confusing
For me, (using a gmail address), and having to set up a MSA after I’ve been invited and granted access to Microsoft Teams was confusing. For ‘regular/non-techie’ people, they may not understand having to set up a password for their gmail account when they already have a password for the gmail account!
The guest is forced to set up a different password which will be used only for this MSA account. Then they will have to authenticate themselves twice. Once with their email and once with a text message. So they will need to give up their cell phone number too.
Because of these two things, it is preferable for someone to use their already existing MSA account. It’s my opinion that the Admin should consider sending an email to their prospective guests to ask them if they have an MSA account and if so, to use that.
I have a client who needed to share a folder of songs and documents for a short time (several months). Then those people no longer would need access, but others would. After looking at the process for adding Team Members, we decided Dropbox would work better for this situation.
Microsoft has great products and they are always innovating. Office 365 is intended for businesses and so will need to have security and controls in place to keep documents safe for businesses. Dropbox is also concerned about security, however, their product was initially made for the consumer and I feel it’s easier to use.
Doing what is best for the client and situation makes the most sense to me. What are your thoughts?