Microsoft 365 configurations

Microsoft offers various settings in SharePoint and Entra ID that control how employees can collaborate with external guests. We have summarized the functions that can impact the use and functionalities of Guests here.

SharePoint Sharing settings

The SharePoint Sharing Settings allow control over how users can invite guests to Teams or SharePoint for collaboration. The options "Anyone" and "New and existing guests" will result in users inviting guests solely by their email address. This leads to IT administrators having numerous guests in their Entra ID without clarity on which guests are still valid and who is responsible for the guest.

To configure this setting, navigate to the SharePoint admin center > Policies > Sharing, and set the SharePoint Sharing Level to the "Existing guests" option.

Entra ID settings

External collaboration settings

External collaboration settings let you specify what roles in your organization can invite external users for B2B collaboration. These settings also include options for allowing or blocking specific domains, and options for restricting what external guest users can see in your Entra ID directory.

As Microsoft 365 administrator you can access the external collaboration settings here: https://portal.azure.com/#view/Microsoft_AAD_IAM/CompanyRelationshipsMenuBlade/~/Settings (opens in a new tab)

Guest User Access

Entra ID allows you to restrict what external guest users can see in your Entra ID. For example, you can limit guest users' view of group memberships, or allow guests to view only their own profile information. Learn more (opens in a new tab)

Guest invitation settings

By default, all users in your organization, including B2B collaboration guest users, can invite external users to B2B collaboration. If you want to limit the ability to send invitations, you can turn invitations on or off for everyone, or limit invitations to certain roles. Learn more (opens in a new tab)

External user leave settings

Administrators can use the External user leave settings to control whether external users can remove themselves from their organization. If you disallow the ability for external users to remove themselves from your organization, external users will need to contact your admin, or privacy contact to be removed. Learn more (opens in a new tab)

Collaboration restrictions

You can use collaboration restrictions to allow or deny invitations to the domains you specify. If you block domains here, those domains will also be blocked in Guests.

User Settings

In Entra ID > User settings > Administration Portal, you have the ability to control user access to the Entra ID administration portal. By default, this feature is disabled, allowing users to access the Azure administration portal.

Teams guest access settings

Teams offers a toggle switch for guest access, along with a range of configurable options to manage guest activities within a team. Guest access in Teams requires the "Allow guest access" setting to be turned On.

Please verify the status of guest access in Teams and customize the guest settings according to your business requirements. It's important to note that these settings impact all teams collectively.

Microsoft 365 Groups guest settings

Teams uses Microsoft 365 Groups for team membership. The Microsoft 365 Groups guest settings must be turned on in order for guest access in Teams to work.

Collaborate with guests in a team

In this article (opens in a new tab), Microsoft walks you through the Microsoft 365 configuration steps necessary to set up a team for collaboration with guests.