Free live demo

Microsoft Teams Guests Explained

AGAT Software team

In this post, we are going to explain everything you need to know about Microsoft Teams Guests

What are Guests?

Guest users are accounts that do not belong to the company’s tenant. They are invited to a specific team/s.

These users will be able to communicate in the following scenarios:

  • Become Guest members of Channels – they will not see any other channel
  • Participate in a private chat
  • Post, delete and edit messages
  • Share a file from a channel

How to control the guest user capabilities?

Once you are logged into to the Office admin portal, click on Teams in the sidebar below Admin Centers

In that page, you can configure which features should apply to guest users.

How to identify a guest account?

1- In the members’ view of a team/channel it explicitly mentions which user is a guest:

2. In the users’ view of Office 365, users who follow this syntax is considered as a guest:

user_domain.com#EXT#@your.tenant.com

For example:

Capabilities

For a full list of capabilities and limitations please take a look at the following document:

https://docs.microsoft.com/en-us/microsoftteams/guest-experience

1.A guest user can find all users from the Office 365 tenant domain and chat with them

https://web.microsoftstream.com/video/b7d387de-ef42-484c-b99a-ef6d3c4582e0

Risks

  • When one invites a guest into a channel, permission is given to contact anyone in theorganization in a Peer to Peer session. Thus, the company users can be subjected to harassment or a violation of conflict of interestThere is also a lack of visibility on guest actions.
  • When one invites a guest to a channel, permission is also given to contact other guests in the organization in a Peer to Peer session. Thus, the other guest users can be subjected to harassment or a violation of conflict of interest.When the organization users are joined as guests to an external organization, they can share information. Thus,the company can be subjected to data leaks and intellectual property loss.

Mitigation

In order to solve many of the risks of having guests, microsoft offers their solutions via their product called Information Barriers (here you can see a blog with all the capabilities and limitations)

Here at AGAT Software, we offer SphereShield, asuite of compliance and governance solutions for Microsoft Teams. To learn more, visit the Ethical Wall page

Use caseMicrosoft Native CapabilitiesSphereShield
Limit a guest to only contact a specific  groupAvailable in information BarriersAvailable in Ethical Wall
Limit  a guest to only send files to a specific groupNot availableAvailable in Ethical Wall
Limit a guest to only share screen with specific groupsNot availableAvailable in Ethical Wall
Prevent internal users from sharing files when they are guests in other organizationsNot availableAvailable in Ethical Wall
Prevent internal users from sharing sensitive information when they are guests in other organizationsNot availableAvailable in Sphereshield DLP

Guest Access to Specific Teams

Here we offer a few resources on different solutions to prevent guests from being added to specific groups. Some of the solutions may be difficult to implement.

https://docs.microsoft.com/en-us/microsoft-365/solutions/per-group-guest-access?view=o365-worldwide

https://tomtalks.blog/2020/04/controlling-microsoft-teams-guest-access-on-a-per-team-basis/

https://techcommunity.microsoft.com/t5/microsoft-teams/allow-or-block-guest-users-from-a-specific-team-in-microsoft/m-p/175918