SOLVED

Verify email of external participant - Join as invited participant

Iron Contributor

I have a question about invited participants to a Teams meeting.

 

If I invite an external participant (for example account@gmail.com), how does the Teams meeting know that the person joining from account@gmail.com?

 

If the person joining, that received the invite at account@gmail.com, simply clicks the join link, they will be prompted to enter their name and will be taken to the lobby as a guest.

 

Is there a standard procedure for Teams to be able to verify the person's email identity and join the meeting directly as an invited participant, and not just a guest?

9 Replies
You can change the settings for guests to be allowed in without sitting in a lobby. Does that help or do you need something else?
Thanks, Terry. This is certainly a workaround for meeting join options, but I would still like to understand if there are instructions we can provide external participants so that they join as an invited participant (where Teams recognizes their specific email address), rather than a guest. This has impact on items like MC226407 - Updates to meeting chat membership.
What about the individual meeting settings? It might be a pain setting it each time, but it is better than nothing. https://support.microsoft.com/en-us/office/change-participant-settings-for-a-teams-meeting-53261366-....

@Brett Wilms Hello, trying to understand what you're really asking. Perhaps you already know this but when collaborating, scheduling Teams meetings etc. there are quite many options, settings and scenarios to consider. You have the Teams meeting settings, Teams meeting options, not to mention all the policies.

 

On top of that there are anonymous users, federated users and guest users. The majority of people say "guests" for all of these, while guests and guest access are different things. You can set up federation (trusted org.) and guest access and the available features for them will differ. You can invite a federated user to a meeting but they can not access teams resources if not invited as guests, for example.

https://docs.microsoft.com/en-us/microsoftteams/communicate-with-users-from-other-organizations#comp...

 

So when sending a teams meeting invite to an external user with no relation with your org. (not a federated or a guest user) or someone just picks up the link in some way, they are "anonymous" but join as guests just to confuse things.

 

Federation needs to be set up and guest access as well (on by default now though) but you add the latter users to your org. by inviting them.

 

With the lobby settings you can control these types and if they will go through or stay in the lobby. All depending on what kind of user they are and what kind of lobby option you've set.

 

Am a bit tired so hope this made sense.

Thanks, @ChristianBergstrom and @Terry Hugill .  I appreciate the added detail and willingness to help, but neither are really hitting on my need.  Let me take a little more long form approach to describe my situation and the behavior I'm seeing.  I used to think that if you invited an external participant all join processes were the same.  Yesterday I discovered that was not the case.

 

I organized a meeting using my business account and invited my personal account to the meeting.  I joined the meeting with my business account in the Teams client on my business computer.

 

I then accessed my personal email from the Google Chrome browser, clicked the join meeting link, and chose to join the meeting in the browser.  The meeting opened, asking me to enter my name (see screenshot01.png).  I was then placed in the lobby.

 

Next, I took a little detour.  In my business Teams environment, I setup a Microsoft Team that allows external members.  After that site was setup, my personal email received an invite to that Team.  In an InPrivate Edge browser, I pasted the invite link into the address bar.  This walked me through a Sign in process where I entered by personal email address, hit next, "Taking you to your organization's sign-in page", kicked me to "Sign in to continue to microsoftonline.com", entered my personal email address, clicked next, entered my password, clicked next, completed multi-factor authentication for my personal account, and rolled into that Microsoft Team.  

 

Then, I copied the address from the original meeting invite and pasted it into a new tab on the InPrivate Edge browser where I had authenticated to access the Microsoft Team.  When I joined the meeting in the browser, this time I was not prompted to enter my name.  Microsoft Teams recognized me (presumably) because I had authenticated with the account.  I joined right into the meeting, because I was an invited guest (not just a guest) (see screenshot02.png).

 

The other behavior I am seeing, I think is related to MC226407.  In the meeting chat, after leaving the meeting, the first personal account that joined (that was placed in the lobby), was removed from the Chat, with the message "[personal account] no longer has access to the chat."  Where as the authenticated account was not removed from the Chat.  I believe this is because they are recognized as the account from the original invite.

 

I'm mostly trying to make sense of this behavior and understand if it can be accomplished without authenticating to a Microsoft Team that is open for external participants.  I can see use cases in my company where it would be beneficial for the external participant to seen as an invited guest and not just a guest.   

 

If you read all of this, thank you. :)  I appreciate the help.

Hi, this is not easy to grasp and perhaps some misunderstanding involved as well. But what lobby option is set on your meeting you are testing with then? Your choice will decide if the anonymous, federated/trusted, guest user enter automatically or not. For an anonymous or federated user to be a true "guest user within your tenant" you'll need to invite them as guest users with an guest account being created in your AAD.

@ChristianBergstromI appreciate you taking the time to try and help :).  Who can bypass the lobby? is set to "People in my organization and guests"

best response confirmed by Brett Wilms (Iron Contributor)
Solution
Hello, this is the definition of that choice "Authenticated users from within the organization, including guest users, join the meeting directly without waiting in the lobby. Users from trusted organizations and anonymous users wait in the lobby. This is the default setting."

In other words, people not being invited to your org. as a guest, that is federated/trusted and anonymous users will get stuck in the lobby and someone must admit them. Unless they are invited as a true guest user within your org (a guest account is created in your Azure AD) OR you can change the lobby setting for the specific meeting to let in federated/trusted directly, and even anonymous users having the link forwarded or similar, if selecting the option Everyone.

So guest users are in your Azure AD with guest accounts. Federated and Anonymous are not, if not explicitly invited.
Thanks for helping me work through this. I think I've got my head around this. In short, there isn't a simple way for Guests to appear as Invited Guests. They would need to be guest accounts in our tenant for this behavior.
1 best response

Accepted Solutions
best response confirmed by Brett Wilms (Iron Contributor)
Solution
Hello, this is the definition of that choice "Authenticated users from within the organization, including guest users, join the meeting directly without waiting in the lobby. Users from trusted organizations and anonymous users wait in the lobby. This is the default setting."

In other words, people not being invited to your org. as a guest, that is federated/trusted and anonymous users will get stuck in the lobby and someone must admit them. Unless they are invited as a true guest user within your org (a guest account is created in your Azure AD) OR you can change the lobby setting for the specific meeting to let in federated/trusted directly, and even anonymous users having the link forwarded or similar, if selecting the option Everyone.

So guest users are in your Azure AD with guest accounts. Federated and Anonymous are not, if not explicitly invited.

View solution in original post