Well, the problem might be that many different components are flighted concurrently. Sometimes looking at the *version settings in the EXO configuration helps. Here's what I see in my tenant:

ObjectVersion : 16212
PreviousAdminDisplayVersion : 0.10 (14.0.100.0)
RBACConfigurationVersion : 0.1 (15.1.609.13)
AdminDisplayVersion : 0.20 (15.1.609.13)
ExchangeVersion : 0.1 (8.0.535.0)

Limiting user access to the directory should be ON. If OFF, you allow guest users full access to your directory (same level as tenant users), which you don't want...

I finally got lit up and sent my first guest into my personal email.  Recieved a not that i've been subscribed and will recieve updates from the group, but nothing clickable in the email to actually access the group.

Am i missing something?

See the attached screen shot of an invitation. If you don't see a link in the invitation, your tenant might not be fully flighted.

BTW, my article at https://www.petri.com/external-access-office-365-groups might explain a lot about some of the questions I have seen... Or not (as the case may be)...

I think I am half way there - see attached screenshot - am seeing the SHARING panel in Security & Privacy but still getting an error when I try ro add someone. Wait a bit more I suppose ...

The Guests tab appeared in my tenant, but now I get error saying to ask my admin for help :) Guests are enabled in the settings, guess I have to wait a bit more.

In the meantime, can anyone clarify what kind of access Guests get to Files, and are we able to modify this? By default I mean, so we can avoid the "Guest deleted all the group files" scenario.

Delighted to clarify... A guest user is a group member. Apart from group owners, who can administer the group, there is no distiction between the rights of different group members. A guest user has exactly the same level of access to group files and the notebook as possessed by other group members. And yes, this means that a guest user can delete files from the library should they feel so inclined. Basically, don't invite guest users whom you don't trust - or segregrate documents that guest users need to access into specific groups.

Tony, I remember that some time ago (still in the Yammer network) you advised against fiddling with permissions in a Group doclib. Do you still think the same?

IMHO, with the introduction of guests and team sites to Groups, in many cases it will be really necessary to customize the permissions. Don't you think so?

I don't want to avoid answering the question, but I do think that we need to wait and see what is possible after the full roll-out of team sites for groups is completed. The issue right now is that group access is "special" and very different to SharePoint-style access. When groups have the full functionality of team sites available, it might be possible to play with permissions. So I think we have to wait a little while longer and then see whether it is possible to assign different document-level permissions to different members within a group.

I appreciate your careful approach and I agree with you.

Nevertheless, as pointed out by @Vasil Michev, I think that, for example, restricting guests to be visitors and not full members, will be a common requirement.

Hence I hope that with the introduction of Group team sites MS will eliminate any "specialness" from Group access, rendering it completely "standard" as in SharePoint.

While standardization is good, Office 365 Groups are a rather special construct where a central idea is that all members of a group - including guest users - share a common level of access to group resources. Now this isn't strictly true for guest users because they don't have direct access to the group mailbox, but it holds valid for the SharePoint resources. Unlike permissions that are granted to an individual user who has a specific and recognizable identity, you'd have to be able to go to a lower level and support different permissions within members who hold a common identity - and that is where the problem lies.

Thanks Tony, definitely not happy about that bit though. We did indeed discuss it back on the OTN in the context of "every user in the company being able to delete files from any Public Group". Now it's the same all over, even though the MSFT folks seemed to agree at the time that some changes might be for the best... 

Hi @Brian Mather and @Tony Redmond. Here's a tip aside of the conversation topic that will help when sharing screenshots. Add "Photos" rather than "Choose Files". Photos will appear in the the body of the post. "Choose Files" is more suited to attaching documents.

(I'm catching up with the conversation and wanted to offer this to help future conversations.)

Good theory, but I tried to add the screenshot as a photo and the browser (Chrome) barfed. So I didn't.

I'm using Chrome too and it has happily eaten the photos I spoon-fed it. Your screenshot wasn't too big a mouthful for Chrome to swallow.