In this post, we are going to explain everything you need to know about Microsoft Teams Guests
What are Guests?
Guest users are accounts that do not belong to the company’s tenant. They are invited to a specific team/s.
These users will be able to communicate in the following scenarios:
- Become Guest members of Channels – they will not see any other channel
- Participate in a private chat
- Post, delete and edit messages
- Share a file from a channel
How to control the guest user capabilities?
Once you are logged into to the Office admin portal, click on Teams in the sidebar below Admin Centers
In that page, you can configure which features should apply to guest users.
How to identify a guest account?
1- In the members’ view of a team/channel it explicitly mentions which user is a guest:
2. In the users’ view of Office 365, users who follow this syntax is considered as a guest:
user_domain.com#EXT#@your.tenant.com
For example:
Capabilities
For a full list of capabilities and limitations please take a look at the following document:
https://docs.microsoft.com/en-us/microsoftteams/guest-experience
1.A guest user can find all users from the Office 365 tenant domain and chat with them
https://web.microsoftstream.com/video/b7d387de-ef42-484c-b99a-ef6d3c4582e0
Risks
- When one invites a guest into a channel, permission is given to contact anyone in theorganization in a Peer to Peer session. Thus, the company users can be subjected to harassment or a violation of conflict of interestThere is also a lack of visibility on guest actions.
- When one invites a guest to a channel, permission is also given to contact other guests in the organization in a Peer to Peer session. Thus, the other guest users can be subjected to harassment or a violation of conflict of interest.When the organization users are joined as guests to an external organization, they can share information. Thus,the company can be subjected to data leaks and intellectual property loss.
Mitigation
In order to solve many of the risks of having guests, microsoft offers their solutions via their product called Information Barriers (here you can see a blog with all the capabilities and limitations)
Here at AGAT Software, we offer SphereShield, asuite of compliance and governance solutions for Microsoft Teams. To learn more, visit the Ethical Wall page
Use case | Microsoft Native Capabilities | SphereShield |
Limit a guest to only contact a specific group | Available in information Barriers | Available in Ethical Wall |
Limit a guest to only send files to a specific group | Not available | Available in Ethical Wall |
Limit a guest to only share screen with specific groups | Not available | Available in Ethical Wall |
Prevent internal users from sharing files when they are guests in other organizations | Not available | Available in Ethical Wall |
Prevent internal users from sharing sensitive information when they are guests in other organizations | Not available | Available in Sphereshield DLP |
Guest Access to Specific Teams
Here we offer a few resources on different solutions to prevent guests from being added to specific groups. Some of the solutions may be difficult to implement.
https://docs.microsoft.com/en-us/microsoft-365/solutions/per-group-guest-access?view=o365-worldwide
https://tomtalks.blog/2020/04/controlling-microsoft-teams-guest-access-on-a-per-team-basis/