M365 Guests: The 25 Most Frequently Asked Questions
Guest access in Microsoft 365 makes it easy to collaborate with externals by granting them access to relevant files, Teams, or other resources. However, M365 guests also bring challenges related to management and Microsoft 365 security.
In our daily work with M365 administrators and users, certain questions about M365 guests come up particularly often. We’ve compiled the 25 most frequently asked questions about M365 guests here and answered them briefly and concisely for you.
With this knowledge, you can securely and efficiently manage your guests in M365 groups and Teams – whether through Microsoft standard solutions or with the advanced capabilities offered by the External User Manager (EUM).
The External User Manager offers features specifically designed for the secure and efficient management of M365 guests. Approval workflows, lifecycle management, and compliance policies give you full control over guest access.
The 25 Most Frequently Asked Questions About M365 Guests
To view all M365 guests, you can use the Microsoft 365 Admin Center, the Microsoft Entra Admin Center, or a PowerShell script. However, this requires several manual steps. In the External User Manager, you can directly view all guests with their important details through a central dashboard. You can also specifically search for unmanaged guests and easily incorporate them into your guest management. Learn more here: Guest Import: View all M365 guests and manage them efficiently.
Microsoft Teams allows you to invite external participants directly in the meeting planning by entering their email address. For a step-by-step guide, see: Microsoft Teams: External Participants in Meetings.
The Teams Admin Center allows you to set standard guest access permissions that apply to all M365 guests. For more information, see Microsoft Teams: Default Guest Permissions. The External User Manager provides additional controls, such as access reviews, lifecycle management, reporting, and the ability to set individual compliance policies.
Yes, guest access can be disabled for individual Teams or allowed only for specific Teams. This can be achieved with sensitivity labels or a PowerShell script. The External User Manager offers easier and more detailed control, enabling team-specific access reviews. Learn more here: Block Guest Access for Specific Teams in Microsoft Teams.
Microsoft Entra (formerly Azure AD) provides basic options for managing external identities and cross-tenant settings. Some important settings can also be found in other Microsoft admin centers. The External User Manager consolidates all security and compliance features in one app. Learn more: External Identities in Microsoft Entra.
The onboarding process typically involves the communications department contacting guests and providing an introduction. The External User Manager offers an automated onboarding solution that pre-defines security and compliance policies and requires consent agreements. Learn how to improve your onboarding process here: Onboarding Guests in Microsoft Teams and M365 Groups.
Yes, this is possible. In Microsoft Entra, you can blacklist or whitelist domains by adding them to the external collaboration settings. With the External User Manager, domains can be added to the whitelist or blacklist even more easily. Learn more here: How to Blacklist and Whitelist External Domains in M365.
Microsoft does not offer automated functions here. Inactive guests remain in M365 groups and Teams, which can compromise the organization and security of your M365 environment. The External User Manager, on the other hand, allows you to identify inactive guests easily and remove them automatically based on configured timeframes.
Once guest settings are activated and organizational settings are configured in the Teams Admin Center, you can add guest users by going to the team, clicking on the three dots (…), selecting Add member, and entering the guest’s email address. The External User Manager provides additional security measures, such as approval workflows and automated access reviews, to ensure compliance. For more details, see Adding Guests to Microsoft Teams.
In the Microsoft 365 Admin Center, you can configure general guest access under Users > Guest users > Manage Teams settings. In the Teams Admin Center, specific guest access permissions can then be further customized. The External User Manager also offers approval workflows and reports for more precise control and monitoring of guest access.
Guest access can be enabled in the Microsoft Teams Admin Center. Go to Settings & policies > Org-wide default settings > Guest access and turn it on. For more details: Enable Guest Access for Microsoft Teams.
Guest access to OneDrive can lead to data leaks, as guests may view or share sensitive information. Without regular reviews, unauthorized access may go unnoticed. The External User Manager minimizes these risks by automating access reviews.
No, M365 guests cannot currently be converted directly to members. Members need an email address within the organization’s domain, while guests use external domains. To add guests as members, they need an account within your organization’s domain. Learn more here: Microsoft Teams: Change Guest to Member.
In the Microsoft 365 Admin Center, go to Reports > Usage to view which files guests have viewed, downloaded, or edited. In the SharePoint Admin Center under Reports, you can also access activity logs to track guest activities.
Authenticated guests log in with a Microsoft account, while anonymous guests access content only via shared links.
In the SharePoint Admin Center, you can restrict guest sharing for individual SharePoint sites. Go to Sites > Active Sites, select the SharePoint site you want to configure. Under Settings look for External file sharing and set it to Only people in your organization.
This is only possible with the External User Manager. The EUM onboarding portal allows you to set mandatory compliance policies and have documents (GDPR, NDA, etc.) signed.
Approval workflows are a best practice in Microsoft Teams governance to ensure that only authorized people have access to Teams and resources. Unfortunately, Microsoft does not offer integrated approval workflows. However, with the External User Manager approval process, you can easily control guest access and keep your Microsoft 365 environment secure. Learn more: Microsoft Teams: External User Manager.
Microsoft only offers manual options to remove guest access for M365 guests. With the External User Manager, you can automatically remove guest users based on lifecycle rules or inactivity.
The External User Manager is specifically designed to control guests in M365 groups and Teams and prevent data leaks. Key features include guest approval workflows, regular access reviews, lifecycle rules based on predefined criteria or inactivity, and detailed reports on M365 guests.
Yes, this is possible. In the Azure Active Directory Admin Center, you can create a new policy under Conditional Access. Under Users, select guest users to whom the policy will apply. Under Network, you can then specify which geographic regions are allowed or blocked for access.
By default, M365 guests retain access to shared content until it is manually revoked. The External User Manager automatically removes guest users based on predefined lifecycle rules, which also revoke access to shared content.
The External User Manager offers the option to automatically remove guest access after a predefined period. Learn more here: Microsoft Teams: External User Manager. With Microsoft’s standard tools, this can only be done manually.
Using the Guest Import feature in the External User Manager, you can easily incorporate existing M365 guests into centralized management. Learn more here: Guest Import: View all M365 guests and manage them efficiently.
Microsoft does not offer automated inactivity checks. However, with the External User Manager, you can regularly review your M365 guests, view detailed reports, and automatically remove inactive guests based on your configuration.
Make managing M365 guests easy!
The management of M365 guests can be challenging and requires appropriate measures for more control and Microsoft 365 security. The External User Manager makes it easy to manage guest access effectively and securely.
Do you still have questions about M365 guests?
We leave no question unanswered:
Head of Marketing & Sales at Solutions2Share – Florian Pflanz has 6 years of M365 experience and has been involved in numerous projects concerning Microsoft Teams governance. In over 200 workshops, he has collected extensive knowledge and best practices regarding Microsoft Teams and companies’ management requirements.