Forum Discussion
Guest access to Team sites created without MS 365 group
Hey All,
Could someone help me understand or explain to me where I'm in the wrong?
I recently created a new site collection (Team site template) without a MS 365 group.
Since our policy says that the Sharepoint owners group permissions needs to be changed to design, this was required. I can't (as far as I know) change these permissions on a Team site that is connected to a MS 365 group.
The issue I then had was adding access to guest accounts. I created an entra ID security group and added all the guests to it. I then gave that group contribute permissions on the Sharepoint site itself.
This however, did not work as I expected. I read that, in order for the guest accounts to have access, I need to create a Team site that IS connected to a MS 365 group.
I created the site (with ms365 group), did not add any members to any groups, but took the previously created security group and added it to the site. This did worked as intended.
I'm a bit confused on what the best practise for this situation is. We don't want the owner group to have full control permissions. But if we want to change this, we can't create a site that allows guests?
By default, we use the owners group to assign a Sharepoint owner to each site. This person is then used to give approvals for changes.
I don't want to create another security group "owners" for this, because we configure access reviews on all security groups and this would just add to the amount of access reviews that the owners need to perform.
I would love to get in touch with someone who is more knowledgeable on this subject to spar a bit. I'm here to try and learn more and improve my way of working or processes/policies where possible, so all input is welcome.
I try to respond within 24 hours!
KR,
MVN
- Have you tried sharing a document in the site with an external person? This should help identify where the issue is.
You don't need to have an M365 Group based site to share externally, but there are policies that can block sharing. Check the site is enabled for external sharing and also that it isn't restricted to specific domains.
- Have you tried sharing a document in the site with an external person? This should help identify where the issue is.
You don't need to have an M365 Group based site to share externally, but there are policies that can block sharing. Check the site is enabled for external sharing and also that it isn't restricted to specific domains.- IMVNICopper Contributor
Thanks for your reply.
I believe I have been mistaken. I tried the same setup again and it worked.
At the time of writing the original post, the guest got a message saying he didn't have permissions to access the site. It did work immediately with a Team site with a 365 group.
Using the same configuration on a dummy site now, does work as intended.
Not sure what went wrong, maybe we were to fast and the permissions weren't properly applied yet.
Thanks for your feedback!