Forum Discussion
Possible to isolate guest users to a single team and stop users sharing other resources with them?
- Oct 04, 2023
Hi briannorman,
to address the challenges you mentioned, you can do the following:
- To prevent owners of the guest team from inviting new external users, you can modify the team permissions to remove the "Add members" permission from the Owner role. You can then grant the "Add members" permission to a specific group of administrators who are responsible for managing guest users.
- To prevent internal users from inviting guest users to access SharePoint or OneDrive files, you can disable guest sharing for SharePoint and OneDrive. You can do this by going to the SharePoint admin center or OneDrive admin center, respectively, and clicking Sharing. Under Guest sharing, select Disable guest sharing.
Allowing owners to invite internal users to the guest team
To allow owners to invite internal users to the guest team, you can add the "Add members" permission to the Owner role for the guest team. You can do this by going to the Teams admin center, clicking Teams, and then clicking the name of the guest team. Under Permissions, click Manage roles. Select the Owner role and then click Edit. Under Permissions, select the Add members checkbox and then click Save.
Ensuring that guest users only have access to files in the team they were added to
To ensure that guest users only have access to files in the team they were added to, you can disable guest sharing for SharePoint and OneDrive. You can also use SharePoint security groups to control access to SharePoint files and folders. For example, you can create a security group for guest users and then grant that group access to the files and folders in the guest team.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
Hi briannorman,
The simplest solution to isolate guest users to a single team and stop users sharing other resources with them is to:
- Create a new team in Teams and call it "Guest Users".
- Set the team permissions so that guest users have full access to all channels and files in the team.
- Invite guest users to the team.
Once you have done this, guest users will only be able to access the "Guest Users" team and the resources within that team. Other users in your organization will not be able to share other resources with guest users.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
LeonPavesic thanks for the quick response, this is kind of what we were doing before but it had the following challenges:
- any owners of the guest team can invite new external users to that team, we would like to allow owners to be able to invite internal users but need administrators to invite new guest users
- once the guest user is created in the active directory internal users were able to invite them to access any sharepoint / onedrive files they liked, we want to ensure the only files the guests have access to are those in the team they were added to
Are there things we can do to solve the above?
- LeonPavesicOct 04, 2023Silver Contributor
Hi briannorman,
to address the challenges you mentioned, you can do the following:
- To prevent owners of the guest team from inviting new external users, you can modify the team permissions to remove the "Add members" permission from the Owner role. You can then grant the "Add members" permission to a specific group of administrators who are responsible for managing guest users.
- To prevent internal users from inviting guest users to access SharePoint or OneDrive files, you can disable guest sharing for SharePoint and OneDrive. You can do this by going to the SharePoint admin center or OneDrive admin center, respectively, and clicking Sharing. Under Guest sharing, select Disable guest sharing.
Allowing owners to invite internal users to the guest team
To allow owners to invite internal users to the guest team, you can add the "Add members" permission to the Owner role for the guest team. You can do this by going to the Teams admin center, clicking Teams, and then clicking the name of the guest team. Under Permissions, click Manage roles. Select the Owner role and then click Edit. Under Permissions, select the Add members checkbox and then click Save.
Ensuring that guest users only have access to files in the team they were added to
To ensure that guest users only have access to files in the team they were added to, you can disable guest sharing for SharePoint and OneDrive. You can also use SharePoint security groups to control access to SharePoint files and folders. For example, you can create a security group for guest users and then grant that group access to the files and folders in the guest team.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)