Microsoft Teams guest access checklist
Use this checklist to help you turn on and configure guest access in Microsoft Teams. You need to be a Global Administrator or a Teams Administrator to make these changes.
You may have to wait up to 24 hours for your changes to take effect.
Watch this short video (5:31 minutes) to see how to turn on guest access throughout Microsoft 365, including Teams.
Step 1: Turn on guest access at the Teams org-wide level
To turn on guest access, go to the Microsoft Teams admin center.
In the Teams admin center, select Org-Wide settings > Guest access.
Set the Allow guest access in Microsoft Teams switch to On.
On this same page, turn on or turn off Calling, Meeting, and Messaging settings for guests.
If you're using default settings in Azure Active Directory, SharePoint Online, and Office 365 Groups, you may be done configuring guest access. In this case, you can skip the rest of the steps. If you're not sure, or if you're using custom settings for AAD, SharePoint Online, or Office 365 Groups, continue with the rest of the steps in this checklist.
Step 2: Configure Azure AD business-to-business settings
Sign in to the Azure portal as a tenant administrator.
Select Azure Active Directory > Users > User settings.
Under External users, select Manage external collaboration settings.
The External collaboration settings are also available from the Organizational relationships page. In Azure Active Directory, under Manage, go to Organizational relationships > Settings.
On the External collaboration settings page, choose the policies you want to enable.
Guest users permissions are limited: This policy determines permissions for guests in your directory. Select Yes to block guests from certain directory tasks, like enumerating users, groups, or other directory resources. Select No to give guests the same access to directory data as regular users in your directory.
Admins and users in the guest inviter role can invite: To allow admins and users in the "Guest Inviter" role to invite guests, set this policy to Yes.
Members can invite: To allow non-admin members of your directory to invite guests, set this policy to Yes.
If you set Members can invite to No and then enable guest access in Office 365 Groups and Microsoft Teams, admins can control guest invitations to your directory. After guests are in the directory, they can be added to teams by non-admin members who are team owners. For more information, see Authorize guest access in Microsoft Teams.
For guest access to work at all in Teams, you must set Members can invite to Yes.
Guests can invite: To allow guests to invite other guests, set this policy to Yes.
Currently, Teams doesn't support the guest inviter role, so even if you set Guests can invite to Yes, guests can't invite other guests in Teams.
Enable email one-time passcode for guests (Preview): For more information about the one-time passcode feature, see Email one-time passcode authentication (preview).
Collaboration restrictions: For more information about allowing or blocking invitations to specific domains, see Allow or block invitations to B2B users from specific organizations.
For collaboration restrictions, see Enable B2B external collaboration and manage who can invite guests.
For more information about controlling who can invite guests, see Delegate invitations for Azure Active Directory B2B collaboration.
Step 3: Configure Office 365 Groups
In the Microsoft 365 admin center, go to Settings > Services & add-ins, and then select Office 365 Groups.
Make sure that the Let group members outside the organization access group content check box is selected. If this setting is not selected, guests won't be able to access any group content.
Make sure that the Let group owners add people outside the organization to groups check box is selected. If this setting is not selected, team owners won't be able to add new guests. At a minimum, this setting must be on to support guest access.
Step 4: Configure sharing in Office 365
Make sure that users can add guests. Here's how:
In the Microsoft 365 admin center, go to Settings > Security & privacy.
In Sharing, select Edit.
Set Let users add new guests to this organization to On, and then click Save.
This setting is equivalent to the Members can invite setting in User settings > External users in Azure AD.
Step 5: Verify sharing setting in SharePoint
Sign in to the Microsoft 365 admin center.
Under Admin centers, select SharePoint.
In the new SharePoint admin center, under Sites, select Active sites.
Select the site, and then click Sharing.
Make sure that the option is set to Anyone or New and existing guests.
Step 6: Set up guest user permissions
In the Teams application, at the individual team level, configure guest permissions that control whether guests can create, update, or delete channels. Teams admins as well as team owners can configure these settings.
To learn more about guest access, see Guest access in Teams and Turn on or turn off guest access to Microsoft Teams.
If you have problems setting up guest access or adding guests in Teams, use these resources to help you: