News

Microsoft Teams Guest Access Extended to Consumer E-Mails

• By Kurt Mackie
• February 28, 2018

People with consumer e-mail addresses will soon be able to join an organization's collaboration spaces via an upcoming feature upgrade in Microsoft Teams.

The new capability, which Microsoft said will be available to some Office 365 subscribers "within the next two weeks," will allow external users to join Microsoft Teams meetings, chats and even collaborate on documents, if they're invited. Guest access will be available to all tenancies with Office 365 Business Premium, Enterprise or Education subscriptions.

This enhanced guest access feature will be turned off by default for Office 365 tenancies. Organizations wanting guest access would need to enable it using the Office 365 Admin Center management portal.

Guest access has already been available as an option for organizations using Microsoft Teams. The capability was added in September, but back then it was just available for invitees that had Azure Active Directory-managed identities. If an organization previously turned on guest access for users with Azure AD identities, then they don't have to do anything to activate guest access for users with consumer e-mail accounts, when that capability arrives.

While it'll soon be possible for guests to join teams using their consumer e-mail addresses, such as "Outlook.com, Gmail.com or others," the guests must associate these e-mail addresses with Microsoft accounts. If a guest doesn't have a Microsoft account, they'll see a prompt to create one for free.

In September, Microsoft had explained that guest access in Microsoft Teams is based on the Azure AD B2B service, and that organizations had the same security assurances and controls over guest access as they have with the Azure AD B2B service. Guest access is also affected by Azure AD protections.

"Azure AD also uses adaptive machine learning algorithms and heuristics to detect anomalies and suspicious incidents, enabling mitigation or remediation actions, such as multi-factor authentication, to be triggered as appropriate," Microsoft's announcement noted.

External guests can only get invited to a team by specific Microsoft Teams end users known as "owners," but IT pros have ultimate control over who the Microsoft Teams owners can be in an organization. IT pros also can also revoke guest privileges directly. While owners can set permissions for team members, IT pros can control which permissions are available.

Guest access invitations arrive via e-mail. A guest who joins a team gets some privileges, including the following, according to a Microsoft document on guest access:

• Create a channel
• Participate in a private chat
• Participate in a channel conversation
• Post, delete, and edit messages
• Share a channel file

The document added that "Office 365 admins control the features" that are available to guests. Feature control can be done using the Office 365 Admin Center, the Azure Active Directory Portal or by Windows PowerShell.

Guest users are identifiable within the Microsoft Teams user interface for team participants. The word "Guest" gets added automatically next to their user names within a team.