Sep 08 2016 08:00 AM
Today, we announced the new guest access feature for Office 365 Groups, the group membership service that provides a single identity for teams in Office 365. The new guest access feature gives you the ability to include people outside of your company in an Office 365 group.
Sep 08 2016 08:37 AM
Sep 08 2016 08:49 AM
Yes it will take some time as we are rolling out the feature, in the mean time if you would like to access this settings you could do that via Azure Portal (http://manage.windowsazure.com) under Configure>User Access section - "Allow New Invitations".
Sep 08 2016 09:51 AM
Awesome news, gratz all for the milestone! We all know how many times it has been requested :)
=====================
Reposting from the comments on the blog article:
The one part not clear to me is what kind of access they will get by default? And can we control that so we don’t end up with the “guest user deleted all the Group files” scenario?
The help articles indicate that this might be possible by controlling the settings template, however I cannot see any matching option.
Also, might be a good idea to update the help articles with the instructions on how to control Guest access per group (the 08d542b9-071f-4e16-94b0-74abb372e3d9 template).
Sep 08 2016 09:51 AM
That doesn't work either. All 3 flip switches are enabled and still get the error message that you can only add people inside your organization.
Sep 08 2016 09:56 AM
David, we are still in the process of rolling out this feature, so it might take hours/days before you can see this feature light up in your tenant.
Sep 08 2016 11:15 AM
Must be something else needed; tried weith all three as yes and also with LIMIT GUEST ACCESS as NO.
Sep 08 2016 11:45 AM
Sep 08 2016 10:44 PM
Sep 09 2016 02:16 AM
From the blog post: "Guest access works for any email accounts including corporate and consumer domains (such as Outlook.com or Gmail.com). If the guest email identity is associated with a Microsoft account (such as Office 365 or Outlook.com accounts, for instance), the user is directed to a sign-in page to identify themselves. If the guest doesn’t have a Microsoft account, they will be directed to a sign-up page to create an account."
Decoding it:
Guest access requires either an O365 account or an MS account. If a user does not already have one of these accounts, then he/she MUST sign-up for an MS account before being able to access a Group as a guest. As usual, it is possible to sign-up for an MSA using any email account, including corporate and consumer domains.
Correct?
Sep 09 2016 04:00 AM - edited Sep 09 2016 04:00 AM
Does https://azure.microsoft.com/en-us/documentation/articles/active-directory-create-users/ help?
I see the settings (still in Preview) by going to the portal, selecting the AAD instance for my tenant, and then selecting the Configure tab. The User Access settings are towards the end. I don't think you need to go near these settings because the default values should allow guest access.
Sep 09 2016 04:26 AM
Thanks TOny, I have that all set - as you said they were already set. I could not find those settings in the new portal, only the old portal.
(side note - thanks for the screen shot you attached. I only noticed it when coming back to reply. They don't feature very prominently do they.... Attached images should really show a thumbnail)
I am seeing 'All/Owners/Guests' in the group I've set up, but still get a warning that only individuals from within the organisation can be added when I try to add someone external.
I realise it might be a number of days away. Is there any visual indication to know external group membership is active on your tenant, or do we just keep trying until it works?
Sep 09 2016 04:59 AM
What does your AAD policy for groups show when you look at the settings using
Get-MsolAllSettings | ForEach Values?
You need:
I have been using this feature for the last month or so with a lot of success. For instance, with a team of people from Microsoft and other companies to build the "Field Guide to Office 365 Groups" session for Ignite. The "flighting" of the feature to First Release tenants takes time as multiple components have to be in place for everything to work and when they all come together, you'll be able to use guest access as documented.
FWIW, I have an article coming on Petri.com today that describes my experience of using guest access and some of the twists along the way. You might get some value from that text. And of course, we will have an update for the Office 365 for IT Pros eBook that covers this topic in depth. I think we'll release an update for the PDF, EPUB, and Kindle versions of the book next Monday.
TR
Sep 09 2016 05:17 AM
In powershell I can get Get-MsolPartnerInformation and various other cmdlets to work, but not Get-MsolAllSettings. Is there a module that I need to install?
I'll keep an eye out for your post
Sep 09 2016 05:19 AM
Aargh :( Why does posting a reply fail so often. "Correct the hilighted errors and try again" - there aren't any!!
Sep 09 2016 05:21 AM
You need version 1.1.130.0 of the Azure AD PowerShell module to maintain AD policies like the one used by Office 365 Groups...
To test what you have:
[PS] C:\> (Get-Item C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll).VersionInfo.FileVersion
(all explained in chapter 5 of Office 365 for IT Pros...)
Sep 09 2016 05:21 AM
Man this reply editor is buggy. It never works
Sep 09 2016 05:23 AM
Ah even better, it tells you it isn't working - but it is. Sorry for the spam people.
Sep 09 2016 05:34 AM
Thanks for your help Tony. Now I'm getting an authentication error, regardless of which admin username and password I use.
Sep 09 2016 09:00 AM
IN AD CONFIGURE USER ACCESS, should Limit guest access be ON or OFF - seems it should be OFF?