Applies To: Office 365 Admin Microsoft Teams
Guest access in Microsoft Teams allows teams in your organization to collaborate with people outside your organization by granting them access to teams and channels. A guest is someone who isn't an employee, student, or member of your organization. They don't have a school or work account with your organization. For example, guests may include partners, vendors, suppliers, or consultants.
Organizations using Microsoft Teams can provide external access to teams, documents in channels, resources, chats, and applications to their partners, while maintaining complete control over their own corporate data.
Microsoft Teams is built upon Office 365 Groups and provides a new way to access shared assets for an Office 365 group. Microsoft Teams is the best solution for persistent chat among group/team members. Office 365 Groups is a service that provides cross-application membership for a set of shared team assets, like a SharePoint site or a Power BI dashboard, so that the team can collaborate effectively and securely.
How a guest joins a team
A team owner in Microsoft Teams can add and manage guests in their teams via the web or desktop. Only users who have an email address corresponding to an Azure Active Directory or Office 365 work or school account can be added as a guest user.
Note: Before guests can join a team, an admin must enable guest access in Microsoft Teams. To do that, sign in with your Office 365 global admin account. Then, choose Settings > Services & add-ins > Microsoft Teams. Select Guest in Select the user/license type you want to configure, and select On in Turn Microsoft Teams on or off for all users of this type. It can take up to an hour for the settings to take effect. For more details, see "Turn on or off guest access for Microsoft Teams" on this article's Manage tab.
Here's how a guest becomes a member of a team:
Step 1 A team owner or an Office 365 admin adds a guest to a team.
Step 2 The Office 365 admin or the team owner can manage a guest's capabilities as necessary. For example, allowing a guest to add or delete channels or disabling access to files.
Step 3 The guest receives a welcome email from the team owner, inviting them to join the team. After accepting the invitation, the guest can participate in teams and channels, receive and respond to channel messages, access files in channels, and participate in chat. While using Microsoft Teams, a combination of text and icons gives all team members clear indication of guest participation in a team. For more details, see What the guest experience is like.
Guests can leave the team at any time via Microsoft Teams web and desktop clients. For details, see How do I leave a team?
Note: Only people who are outside of your organization, such as partners or consultants, can be added as guests. People from within your organization can join as regular team members.
What the guest experience is like
When a guest is invited to join a team, they receive a welcome email message that includes some information about the team and what to expect now that they're a member. The guest must redeem the invitation in the email message before they can access the team and its channels.
All team members see a message in the channel thread announcing that the team owner has added a guest and providing the guest's name. Everyone on the team can identify easily who is a guest. As shown in the following screenshot of a sample team, a banner indicates "This team has guests" and a "GUEST" label appears next to each guest's name.
The following table compares the Microsoft Teams functionality available for an organization's team members to the functionality available for a guest user on the team.
Capability in Teams |
Teams user in the organization |
Guest user |
Create a channel
Team owners control this setting. |
|
|
Participate in a private chat |
|
|
Participate in a channel conversation |
|
|
Post, delete, and edit messages |
|
|
Share a channel file |
|
|
Share a chat file |
|
|
Add apps (tabs, bots, or connectors) |
|
|
Create tenant-wide and teams/channels guest access
policies |
|
|
Invite a user outside the Office 365 tenant's
domain |
|
|
Create a team |
|
|
Discover and join a public team |
|
|
View organization chart |
Note: Office 365 admins control the features available to guests.
Guest access is included with all Office 365 Business Premium, Office 365 Enterprise, and Office 365 Education subscriptions. No additional Office 365 license is necessary.
Microsoft Teams guest access is a tenant-level setting and is turned off by default. Admins can manage guest access via the Office 365 admin center. For more details, see Manage guest access to Microsoft Teams and Control guest access to Microsoft Teams.
Note: The Microsoft Teams guest access tenant setting only prevents guest sign-in. Team owners will be able to invite new guests and add existing directory guest users to their respective teams. As a reminder, Microsoft Teams always honor Azure Active Directory external settings to allow or prevent guest user addition to the tenant.
In addition, you can use the Azure Active Directory portal to manage guests and their access to Office 365 and Microsoft Teams resources. Microsoft Teams guest access makes use of Azure Active Directory business-to-business (B2B) collaboration capabilities as the underlying infrastructure to store security principles information such as identity properties, memberships, and multi-factor authentication settings. To learn more about Azure Active Directory B2B, see What is Azure AD B2B collaboration? and Azure Active Directory B2B collaboration FAQs.
Related key services and dependencies
Microsoft Teams relies on SharePoint Online and OneDrive for Business to store files and documents for channels and chat conversations. In addition, Microsoft Teams relies on Office 365 groups to store teams' memberships and other properties such as team data classification settings.
To enable the full Microsoft Teams guest access experience, Office 365 admins need to select On for the following settings:
Control guest access to Microsoft Teams
Sign in with your Office 365 global admin account at https://portal.office.com/adminportal/home.
In the navigation menu, choose Settings and then select Services & add-ins.
Select Microsoft Teams.
In Select the user/license type you want to configure, select Guest.
Click or tap the toggle next to Turn Microsoft Teams on or off for all users of this type to On to turn on Teams and guest access for your organization, and then choose Save.
Note: It can take up to an hour for the settings to take effect.
Sign in with your Office 365 global admin account at https://portal.office.com/adminportal/home.
In the navigation menu, choose Settings and then select Services & add-ins.
Select Office 365 Groups.
On the Office 365 Groups page, set the toggle to On or Off, depending if you want to let team and group owners outside your organization access Office 365 groups. Click or tap the toggle to On next to Let group owners add people outside the organization to groups.
The Sharing option allows guests to be added to your organization. By default, the Sharing option is enabled. For information about how to turn off the Sharing option, see Turn on or off the Sharing option.
Important: If you turn off the Sharing option, guest access isn't available.
In addition to using the Office 365 admin center and the Azure Active Directory portal, you can use Windows PowerShell to control guest access. With PowerShell, you can do the following:
Allow or block guest access to all teams and Office 365 groups
Allow guests to be added to all teams and Office 365 groups
Allow or block guest users from a specific team or Office 365 group
For more details, see Use PowerShell to control guest access.
You can also use PowerShell to allow or block a guest user based on their domain. For example, let's say your business (Contoso) has a partnership with another business (Fabrikam). You can add Fabrikam to your Allow list so your users can add those guests to their groups. For more information, see Allow/Block guest access to Office 365 groups.
Manage guest access to Microsoft Teams
Sign in with your Office 365 global admin account at https://portal.office.com/adminportal/home.
Go to Users > Guest users.
A team owner or an Office 365 admin can invite a guest to a team on an individual basis. However, admins can't use the Office 365 admin center or the Azure Active Directory portal to invite multiple guests in one action. To invite guests centrally, consider using the Azure Active Directory B2B collaboration preview. For more information, see About the Azure AD B2B collaboration preview.
Currently, you can't edit guest information from the Office 365 admin center or the Exchange admin center. To edit guest accounts (such as display name or profile photo), go to your Azure Active Directory portal. For more information, see Understanding Office 365 Identity and Azure Active Directory.
Frequently asked questions for admins
Here are common questions Office 365 admins have about inviting guests to join a team in Microsoft Teams.
A guest is not an employee, student, or member of your organization. They don't have a school or work account with your organization.
Only users who have an email address corresponding to an Azure Active Directory or Office 365 work or school account can be added as a guest user.
Only people who are outside of your organization, such as partners or consultants, can be added as guests. Users can invite people from within your organization to join as regular team members or subscribers.
As the Office 365 admin, you must enable the guest feature before you or your organization's users (specifically, team owners) can add guests. When a user sees that message, it's likely that the guest feature hasn't been enabled.
As a global admin, you can add a new guest user to the organization in a couple ways:
Global admins who are owners of a team and owners of a team can add a guest to a team through either the Microsoft Teams desktop or the web clients.
Add guests to your organization through Azure Active Directory B2B collaboration. Azure Active Directory B2B collaboration allows a global admin to invite and authorize a set of external users by uploading a comma-separated values (CSV) file of no more than 2,000 lines to the B2B collaboration portal. For more details, check out Azure Active Directory B2B collaboration.
No, individual guest users can't be blocked.
Yes, global admins can use Azure Active Directory Powershell cmdlets to disable the AllowGuestAccessToGroups parameter on the Company object, assuming external sharing is turned on for SharePoint sites.
IT admins can add guests at the tenant level, set and manage guest user policies and permissions, determine which users can invite guests, and pull reports on guest user activity. These controls are available through the Office 365 admin center. Guest user content and activities are under the same compliance and auditing protection as the rest of Office 365.
No. Users can only share Microsoft Teams files with guests who have been invited to join the team.
No additional license is required. Guest access is included with all Office 365 Business Premium, Office 365 Enterprise, and Office 365 Education subscriptions.
Yes, guests are subject to Office 365 and Azure Active Directory service limits.
The guest settings are set in Azure Active Directory. It takes 2 hours to 24 hours for the changes to be effective across your Office 365 organization.
Yes, you can manage SharePoint Online external user settings for the Teams connected team site. For more details, see Manage your SharePoint team site settings.
With Azure Active Directory B2B collaboration, organizations can enforce conditional access and multi-factor authentication (MFA) policies for B2B users. These policies can be enforced at the tenant, app, or individual user level, the same way that they are enabled for full-time employees and members of the organization. Such policies are enforced at the resource organization. For more information, see Conditional access for B2B collaboration users.
More information
Administrator settings for Microsoft Teams
Frequently asked questions about Microsoft Teams – Admin Help
Adding guests to teams