Understood that they are separate access, however as you know, when you create a Team, a SharePoint site also gets created.  Right now there is no way to centrally manage guest access to both - SP can be set in the console, Teams needs powershell.  Also, whitelisting doesn't really apply in every scenario.  Some may need more granular control at a per-Team level.

@ThereseSolimeno This doesn't really answer the question.  There doesn't appear to be a way to set org only access by default in either SharePoint or Teams.  My question was if anyone is aware of something on the roadmap to change this.  EDITED - I have unmarked it as the best response. (TS)

@Andrew Hodges   One of the issues that I have run into with this, is the inability to properly manage Guest without running a bunch of posh commands to check to see if we have stale users.  Once a guest accepts the terms of access, they can be added to SP sites, Groups, Teams, etc. with the only oversite being the user, unless you can run the PowerShell reports and then using those reports to cross check the audit to see if there has been any activity, in most cases the 90 day limit comes into play here, where as my users are audited for 180 days.  I then need to use PowerShell to remove any Guest that has had no activity in 90 days, but again PowerShell.  There are no reports in the GUI for this and no centralized management of this. This part I think is what @David Phillips  is referring to, (At least I hope it is..lol).  It would be good to truly have some centralized management for Guest users in O365.  Right now I have to take too many steps to check, and in a large environment's, this takes time.

@EliteFlames6 @David Phillips   You've thought this out very well - have you check our Uservoice feedback forum to see if this suggestion has been made to the development team?  If so, you can vote on the item and you'll get notified of developments.  If not, you can create a new request and others will vote on it/them.

Thanks @Andrew Hodges ,

I am going through this now, and it looks promising for the external file sharing, I just did something similar with forced encryption to external parties and limiting the life of those messages to 30 days, but the needed P2 license would come into question.  Normally for actions such as this, (any security related Azure Policy), you cannot just get away with purchasing just 1 or 2 - P1/P2 license, for any security needs, you have to license the entire tenant, or you are out of compliance with Microsoft depending on what you are doing.

Note: Found this out while getting my Secure Score up!!

For large tenants such as mine this could be very costly, even as we are planning our full Azure subscription rollout in our prod tenant.  I will test this out in our Dev/Test tenant to see if I can justify the potential cost.  If seems to help the issue, but seems puts to 'owness' on the user, (Group Owners/Managers), to police behind themselves honestly, (  ).    But if this works as shown, it is a really good step forward.  Thanks for providing.