Microsoft Teams - Types Of Members (Guests)

In this article, you will learn about the types of members (Guests) in Microsoft Teams.

Introduction

 
Microsoft introduced Teams app to collaborate with existing employees in a team as well as external users to use team features like chat, sharing screen, meetings, channel file sharing, etc.
 
Who is a guest in Teams?  Partners, vendors, suppliers or consultants; i.e., anyone who has no access to your organization's network but requires access to connect with the internal teams as a guest user.
 

Objective

 
This needs a valid email address like Gmail.com, Outlook.com, or any other partner accounts. The person joined as a guest gets full access to the authorized team and its channel resources. It avoids IT administrative overheads like maintenance of external account usernames, passwords, or account synchronization work. Partners / Vendors use their own identities and credentials so there is no need to utilize Azure AD.
 

Level of guest access in Microsoft Teams

  • Azure Active Directory(AAD)
    This controls the guest access at the directory, tenant, and application-level

  • Microsoft Teams
    This controls the guest access in Microsoft Teams only.

  • Office 365 Groups
    This controls the guest access in Office 365 Groups and Microsoft Teams both.

  • SharePoint Online and OneDrive for Business
    This controls the guest access in SharePoint Online, OneDrive for Business, Office 365 Groups, and Microsoft Teams.
Below is the flow diagram for guest access authentication for above levels.
Microsoft Teams - Type Of Member (Guest)
 

Features available for a guest account

 
Guest users have very limited access to Team resources. Check the below comparison to understand it more with team member access,
 
Teams Functionality
Guest
Member
Create a Channel (Team Owner control this setting)
Yes
Yes
Participate in a private chat
Yes
Yes
Participate in a channel conversation
Yes
Yes
Post, delete, and edit messages 
Yes
Yes
Share a channel file
Yes
Yes
VOIP calling
Yes
Yes
Group calling
Yes
Yes
Core call controls supported (hold, mute, video on/off, screen sharing)
Yes
Yes
Transfer target
Yes
Yes
Can transfer a call
Yes
Yes
Can consultative transfer
Yes
Yes
Can add other users to a call via VOIP
Yes
Yes
Share a chat file
 
Yes
Add apps (tabs, bots, or connectors) 
 
Yes
Create meetings or access schedules
 
Yes
Access OneDrive for Business storage
 
Yes
Create tenant-wide and teams/channels guest access policies
 
Yes
Invite a user outside the Office 365 tenant's domain 
(Team owners control this setting.)
 
Yes
Create a team
 
Yes
Discover and join a public team
 
Yes
View organization chart 
 
Yes
 

Add an external account as a guest user in teams

 
To add a guest user in your new team, first, ensure you have enabled guest setting ON in office 365 admin center. Follow the below steps to perform this action.
  1. Enable guest access to all teams in Microsoft Teams,

    1. Click on link.
    2. Go to Org-Wide Settings.
    3. Find the Guest Access option.
    4. Click on ON button for “Allow Guest Access in Teams” to use.

      Microsoft Teams - Type Of Member (Guest)
  1. To provide guest access to vendors / stockholders or external guest users with restrictive access, you have to add a new member as a guest by providing an email address in “Add Member” This can be done two ways first - Go to Office Outlook URL of the team and add member https://outlook.office365.com/people/group/<yourDomain>.onmicrosoft.com/teamName

  2. Or the second option is to – go to Teams and select YourNewTeam -> “Manage Members” -> “Add Member” or directly click on “Add Member” .

    Microsoft Teams - Type Of Member (Guest)

    Microsoft Teams - Type Of Member (Guest)
    Microsoft Teams - Type Of Member (Guest)
    Microsoft Teams - Type Of Member (Guest)
  1. Once a new guest member has been added, wait for the new member to accept the team’s invitation and then the guest can log in as a standard member in the selected team.
  2. Guest User will get a teams invitation link as https://invitations.microsoft.com/redeem/?tenant=<tenantID>&user=<userId>&ticket=<guid>&ver=2.0
  3. Once they click on that link, a confirmation form will be provided to join the team.
  4. A new guest user has been added, now guest member can use resources shared in exiting team by login to team’s application.

Summary

 
Guest access is a useful feature to collaborate in Teams, the organization can provide permissions to external partners or vendor users to access team’s channel files, chat and other applications without compromising organizational data security and with the protection of Azure AD.
 
Note
Images and features referenced from this site.