Mar 14 2020
- last edited on
Jan 14 2022
I would like to ask you how to manage guest. We would like to manage all guests and provide our end users only list of allowed guests which they can add to Teams. They can not add guests by themselves.
On the other hand we would like to provide them an option that they can share documents from their OneDrive as they wish and with who they need. But, if we allow sharing files from OneDrive, they share files with someone from different tenant, it automatically creates guest account in our AAD when guest accepts the invitation.
Do you have any advice how to manage it? Is it possible to combine it?
Mar 15 2020 06:55 AM - edited Mar 15 2020 06:59 AM
Mar 15 2020 07:04 AM
thank you for the links. I have read all of them already but I have not found the answer there or I am not sure about it and this is the reason why I posted here the question.
I know that I can set conditional access to external people. My case is only about managing guests and have a control who is in my tenant as a guest but on the other side provide comfortable platform for my end users. I am not sure if these to ways are not against each other. For managing access guests is really nice feature "Access packages". But when I allow end users to share content from OneDrive or SharePoint then they create guests in my tenant also and first way is absolutely pointless...
Mar 17 2020 11:26 AM
Managing guests can be extremely tricky and it's well manageable in MS365 at the moment.
It's try if you disable adding guests through Teams, they can go around and add them through Sharepoint/Onedrive.
If you want complete control, you need to disable guest invites all together and work out some kind of automated system. Here you setup up a request form, a business owner decides and an automated guest provisioning is kicked off.
Mar 19 2020 09:41 AM
Hi @Thijs Lecomte, thank you for your comment. I was afraid of this solution that there does not exist a way how to manage it together. Currently Microsoft provides a solution how to manage guest it is called "Access packages" https://aad.portal.azure.com/#blade/Microsoft_AAD_ERM/DashboardBlade/elmEntitlement
It is not so comfortable but it is a way how to do it. I wanted let people share documents directly from OneDrive and avoid going to different portal, add guest and then share files.