Managing Guests

Question

Hi,&nbsp;I would like to ask you how to manage guest. We would like to manage all guests and provide our end users only list of allowed guests which they can add to Teams. They can not add guests by themselves.&nbsp;On the other hand we would like to provide them an option that they can share documents from their OneDrive as they wish and with who they need. But, if we allow sharing files from OneDrive, they share files with someone from different tenant, it automatically creates guest account in our AAD when guest accepts the invitation.&nbsp;&nbsp;Do you have any advice how to manage it? Is it possible to combine it?&nbsp;Thanks,&nbsp;Mirek

moe_kinani · Answer

Hi Miroslav,I think you can use Azure AD B2B collaboration, then allow them to show up on Teams from Org Wide Setting-&gt;Guest Access. You can also force Conditional Access restriction for those Accounts.Hope this helps!Moehttps://docs.microsoft.com/en-us/azure/active-directory/b2b/licensing-guidancehttps://docs.microsoft.com/en-us/azure/active-directory/b2b/what-is-b2bhttps://docs.microsoft.com/en-us/microsoftteams/manage-guests

mirek_n · Answer

Hi&nbsp;Moe_Kinani,&nbsp;thank you for the links. I have read all of them already but I have not found the answer there or I am not sure about it and this is the reason why I posted here the question.&nbsp;I know that I can set conditional access to external people. My case is only about managing guests and have a control who is in my tenant as a guest but on the other side provide comfortable platform for my end users. I am not sure if these to ways are not against each other. For managing access guests is really nice feature "Access packages". But when I allow end users to share content from OneDrive or SharePoint then they create guests in my tenant also and first way is absolutely pointless...&nbsp;Mirek

thijs lecomte · Answer

Mirek_N&nbsp;&nbsp;Managing guests can be extremely tricky and it's well manageable in MS365 at the moment.&nbsp;It's try if you disable adding guests through Teams, they can go around and add them through Sharepoint/Onedrive.&nbsp;If you want complete control, you need to disable guest invites all together and work out some kind of automated system. Here you setup up a request form, a business owner decides and an automated guest provisioning is kicked off.

mirek_n · Answer

Hi&nbsp;Thijs Lecomte, thank you for your comment. I was afraid of this solution that there does not exist a way how to manage it together. Currently Microsoft provides a solution how to manage guest it is called "Access packages" https://aad.portal.azure.com/#blade/Microsoft_AAD_ERM/DashboardBlade/elmEntitlementIt is not so comfortable but it is a way how to do it. I wanted let people share documents directly from OneDrive and avoid going to different portal, add guest and then share files.&nbsp;Mirek

Forum Discussion

Managing Guests