Microsoft Teams – Manage External and Guest Access communication for users

Microsoft Teams becoming an unrivaled communication platform its been adopted by most of the corporate organizations right from small, medium and large scale businesses.

Teams adoption rate have been thriving a lot and there are organizations managing their daily operations and projects completely via better organized Teams and channels.

In this article we will have an overview and the options available to expose Microsoft Teams for communication to the external network and other office 365 organizations.

As an initial prerequisite we must ensure that all the Office 365 URL and IP Ranges are allowed.

Login to Microsoft Teams Admin center portal here we have 2 options.

  1. External Access
  2. Guest Access

For external access the screenshot is pretty much explanatory. The best way is to add only the allowed domains which would block the other external organizations.

We do have an option to toggle the second feature where the Skype for Business online users have the ability to communicate with the Skype Users. But then if all the users are switched to Teams only mode then enabling the latter functionality will not be working.

External access lets our Teams users communicate with allowed domains.
Only the allowed domains in the list can communicate with each other.
They cannot be a member of a Teams or any Channels, however they can initiate peer to peer chats, audio , video calls and can join the meeting initiated from Outlook.

As of now below are the features that will be working between external access domains.

With Guest Access anyone with a business or consumer email account, such as Outlook, Gmail, or others, can participate as a guest in Teams. We can grant them access to our existing teams and channels.

Guest access can be further manipulated based on our business requirements with the below options.

Meeting and messaging choices can be further controlled in guest access.

Once the guest access is enabled the end users can go ahead and add external ids like gmail in their channels like below.

The external guest account will receive a descriptive invite which will provide information about Microsoft Teams.

Note: For all the invited external users a corresponding azure AD account will be created in our Tenant with the user type of Guest.

Few users reported challenge in communicating with allowed federated domains.

While most of the users were able to communicate across federated domains and there were few users experiencing the below error.

On further analysis found that there are two federation policies.

And the affected users were assigned to disabled federation access policies.

After moving them to federation only policy the issue got resolved.

Grant-CsExternalAccessPolicy -Identity “S Hameed” -PolicyName FederationOnly

Thanks & Regards

Sathish Veerapandian

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: