Microsoft Teams guest access checklist

Use this checklist to help you turn on and configure guest access in Microsoft Teams. You need to be a Global Administrator or a Teams Administrator to make these changes.

Important

You may have to wait a few hours for your changes to take effect.

Watch this short video (5:31 minutes) to see how to turn on guest access throughout Microsoft 365, including Teams.

Step 1: Turn on guest access at the Teams org-wide level

You must be a Teams service admin to make these changes. See Use Teams administrator roles to manage Teams to read about getting admin roles and permissions.

  1. In the Teams admin center, select Org-Wide settings > Guest access.

  2. Set the Allow guest access in Microsoft Teams switch to On.

    Screenshot shows an example of a Teams settings toggle

  3. On this same page, turn on or turn off Calling, Meeting, and Messaging settings for guests.

  4. Click Save.

Tip

If you're using default settings in Azure Active Directory, SharePoint Online, and Microsoft 365 Groups, you may be done configuring guest access. In this case, you can skip the rest of the steps. If you're not sure, or if you're using custom settings for AAD, SharePoint Online, or Microsoft 365 Groups, continue with the rest of the steps in this checklist.

Step 2: Configure Azure AD business-to-business settings

These are the Azure AD settings that support guest access in Teams. Once these settings are configured, you'll be able to add and manage guests in Teams.

  1. Sign in to the Azure portal as a tenant administrator.

  2. Select Azure Active Directory > Users > User settings.

  3. Under External users, select Manage external collaboration settings.

    Note

    The External collaboration settings are also available from the Organizational relationships page. In Azure Active Directory, under Manage, go to Organizational relationships > Settings.

  4. On the External collaboration settings page, choose the policies you want to enable.

    • Guest users permissions are limited: This policy determines permissions for guests in your directory. Select Yes to block guests from certain directory tasks, like enumerating users, groups, or other directory resources. Select No to give guests the same access to directory data as regular users in your directory.
    • Admins and users in the guest inviter role can invite: To allow admins and users in the "Guest Inviter" role to invite guests, set this policy to Yes.
    • Members can invite: To allow non-admin members of your directory to invite guests, set this policy to Yes (recommended). If you prefer that only admins be able to add guests, you can set this policy to No. Keep in mind that setting No will limit the guest experience for non-admin teams owners; they'll only be able to add guests in Teams that have already been added in AAD by the admin.
    • Guests can invite: To allow guests to invite other guests, set this policy to Yes.

      Important

      Currently, Teams doesn't support the guest inviter role, so even if you set Guests can invite to Yes, guests can't invite other guests in Teams.

    • Enable email one-time passcode for guests (Preview): For more information about the one-time passcode feature, see Email one-time passcode authentication (preview).
    • Collaboration restrictions: For more information about allowing or blocking invitations to specific domains, see Allow or block invitations to B2B users from specific organizations.

      Note

      For collaboration restrictions, see Enable B2B external collaboration and manage who can invite guests.

    For more information about controlling who can invite guests, see Delegate invitations for Azure Active Directory B2B collaboration.

Step 3: Configure Microsoft 365 Groups

  1. In the Microsoft 365 admin center, go to Settings > Org Settings, click Services, and then select Microsoft 365 Groups.

    Screenshot shows the Microsoft 365 Groups settings

  2. Make sure that the Let group members outside the organization access group content check box is selected. If this setting is not selected, guests won't be able to access any group content.

    Screenshot shows the Microsoft 365 Groups settings

  3. Make sure that the Let group owners add people outside the organization to groups check box is selected. If this setting is not selected, team owners won't be able to add new guests. At a minimum, this setting must be on to support guest access.

For detailed instructions about configuring these settings, see Manage guest access in Microsoft 365 Groups and Control guest access in Microsoft 365 Groups.

Step 4: Configure sharing in Microsoft 365

Make sure that users can add guests. Here's how:

  1. In the Microsoft 365 admin center, go to Settings > Org Settings, click Security & privacy, and then select Sharing.

    Screenshot shows an example of services settings

  2. Select the Let users add new guests to this organization check box, and then click Save changes.

    Screenshot shows an example of a sharing settings toggle

    Note

    This setting is equivalent to the Members can invite setting in User settings > External users in Azure AD.

Step 5: Verify sharing setting in SharePoint

  1. Sign in to the Microsoft 365 admin center.

  2. Under Admin centers, select SharePoint.

  3. In the new SharePoint admin center, under Sites, select Active sites.

    Active sites in the SharePoint admin center

  4. Select the site, and then click Sharing.

  5. Make sure that the option is set to Anyone or New and existing guests.

    Screenshot shows an example of a SharePoint Online settings toggle

Step 6: Set up guest user permissions

In the Teams application, at the individual team level, configure guest permissions that control whether guests can create, update, or delete channels. Teams admins as well as team owners can configure these settings.

Screenshot shows an example of a team/channel settings toggle

To learn more about guest access, see Guest access in Teams and Turn on or turn off guest access to Microsoft Teams.

Step 7: Turn on "Anonymous users can join a meeting" if you want guests to join meetings

If you want guests to join meetings, turn on the Anonymous users can join a meeting setting in the Microsoft Teams admin center.

  1. In the left navigation of the Microsoft Teams admin center, go to Meetings > Meeting settings.

  2. Under Participants, turn on Anonymous users can join a meeting.

To learn more, see Manage meeting settings in Teams.

Troubleshooting

If you have problems setting up guest access or adding guests in Teams, use these resources to help you:

Troubleshoot problems with guest access in Microsoft Teams

Teams troubleshooting