Forum Discussion

Iron Contributor

Mar 14, 2020

Managing Guests

Hi, I would like to ask you how to manage guest. We would like to manage all guests and provide our end users only list of allowed guests which they can add to Teams. They can not add guests by t...

microsoft 365

Moe_Kinani

Bronze Contributor

Hi Miroslav,
I think you can use Azure AD B2B collaboration, then allow them to show up on Teams from Org Wide Setting->Guest Access. You can also force Conditional Access restriction for those Accounts.

Hope this helps!
Moe

https://docs.microsoft.com/en-us/azure/active-directory/b2b/licensing-guidance

https://docs.microsoft.com/en-us/azure/active-directory/b2b/what-is-b2b

https://docs.microsoft.com/en-us/microsoftteams/manage-guests

Mirek_N

Iron Contributor

Mar 15, 2020

Hi Moe_Kinani,

thank you for the links. I have read all of them already but I have not found the answer there or I am not sure about it and this is the reason why I posted here the question.

I know that I can set conditional access to external people. My case is only about managing guests and have a control who is in my tenant as a guest but on the other side provide comfortable platform for my end users. I am not sure if these to ways are not against each other. For managing access guests is really nice feature "Access packages". But when I allow end users to share content from OneDrive or SharePoint then they create guests in my tenant also and first way is absolutely pointless...

Mirek

Thijs Lecomte
Bronze Contributor
Mar 17, 2020
Mirek_N

Managing guests can be extremely tricky and it's well manageable in MS365 at the moment.

It's try if you disable adding guests through Teams, they can go around and add them through Sharepoint/Onedrive.

If you want complete control, you need to disable guest invites all together and work out some kind of automated system. Here you setup up a request form, a business owner decides and an automated guest provisioning is kicked off.
- Mirek_N
  Iron Contributor
  Mar 19, 2020
  Hi Thijs Lecomte, thank you for your comment. I was afraid of this solution that there does not exist a way how to manage it together. Currently Microsoft provides a solution how to manage guest it is called "Access packages" https://aad.portal.azure.com/#blade/Microsoft_AAD_ERM/DashboardBlade/elmEntitlement
  It is not so comfortable but it is a way how to do it. I wanted let people share documents directly from OneDrive and avoid going to different portal, add guest and then share files.
  
  Mirek