Microsoft Teams guest access checklist
Use this checklist to help you turn on and configure guest access in Microsoft Teams. You need to be a Global Administrator or a Teams Administrator to make these changes.
You may have to wait a few hours for your changes to take effect.
Watch this short video (5:31 minutes) to see how to turn on guest access throughout Microsoft 365, including Teams.
Step 1: Turn on guest access at the Teams org-wide level
You must be a Teams service admin to make these changes. See Use Teams administrator roles to manage Teams to read about getting admin roles and permissions.
In the Teams admin center, select Org-Wide settings > Guest access.
Set the Allow guest access in Microsoft Teams switch to On.
On this same page, turn on or turn off Calling, Meeting, and Messaging settings for guests.
If you're using default settings in Azure Active Directory, SharePoint Online, and Microsoft 365 Groups, you may be done configuring guest access. In this case, you can skip the rest of the steps. If you're not sure, or if you're using custom settings for AAD, SharePoint Online, or Microsoft 365 Groups, continue with the rest of the steps in this checklist.
Step 2: Configure Azure AD business-to-business settings
Sign in to the Azure portal as a tenant administrator.
Select Azure Active Directory > Users > User settings.
Under External users, select Manage external collaboration settings.
The External collaboration settings are also available from the Organizational relationships page. In Azure Active Directory, under Manage, go to Organizational relationships > Settings.
On the External collaboration settings page, choose the policies you want to enable.
- Guest users permissions are limited: This policy determines permissions for guests in your directory. Select Yes to block guests from certain directory tasks, like enumerating users, groups, or other directory resources. Select No to give guests the same access to directory data as regular users in your directory.
- Admins and users in the guest inviter role can invite: To allow admins and users in the "Guest Inviter" role to invite guests, set this policy to Yes.
- Members can invite: To allow non-admin members of your directory to invite guests, set this policy to Yes (recommended). If you prefer that only admins be able to add guests, you can set this policy to No. Keep in mind that setting No will limit the guest experience for non-admin teams owners; they'll only be able to add guests in Teams that have already been added in AAD by the admin.
- Guests can invite: To allow guests to invite other guests, set this policy to Yes.
Currently, Teams doesn't support the guest inviter role, so even if you set Guests can invite to Yes, guests can't invite other guests in Teams.
- Enable email one-time passcode for guests (Preview): For more information about the one-time passcode feature, see Email one-time passcode authentication (preview).
- Collaboration restrictions: For more information about allowing or blocking invitations to specific domains, see Allow or block invitations to B2B users from specific organizations.
For collaboration restrictions, see Enable B2B external collaboration and manage who can invite guests.
For more information about controlling who can invite guests, see Delegate invitations for Azure Active Directory B2B collaboration.
Step 3: Configure Microsoft 365 Groups
In the Microsoft 365 admin center, go to Settings > Org Settings, click Services, and then select Microsoft 365 Groups.
Make sure that the Let group members outside the organization access group content check box is selected. If this setting is not selected, guests won't be able to access any group content.
Make sure that the Let group owners add people outside the organization to groups check box is selected. If this setting is not selected, team owners won't be able to add new guests. At a minimum, this setting must be on to support guest access.
Step 4: Configure sharing in Microsoft 365
Make sure that users can add guests. Here's how:
In the Microsoft 365 admin center, go to Settings > Org Settings, click Security & privacy, and then select Sharing.
Select the Let users add new guests to this organization check box, and then click Save changes.
This setting is equivalent to the Members can invite setting in User settings > External users in Azure AD.
Step 5: Verify sharing setting in SharePoint
Sign in to the Microsoft 365 admin center.
Under Admin centers, select SharePoint.
In the new SharePoint admin center, under Sites, select Active sites.
Select the site, and then click Sharing.
Make sure that the option is set to Anyone or New and existing guests.
Step 6: Set up guest user permissions
In the Teams application, at the individual team level, configure guest permissions that control whether guests can create, update, or delete channels. Teams admins as well as team owners can configure these settings.
To learn more about guest access, see Guest access in Teams and Turn on or turn off guest access to Microsoft Teams.
Step 7: Turn on "Anonymous users can join a meeting" if you want guests to join meetings
If you want guests to join meetings, turn on the Anonymous users can join a meeting setting in the Microsoft Teams admin center.
In the left navigation of the Microsoft Teams admin center, go to Meetings > Meeting settings.
Under Participants, turn on Anonymous users can join a meeting.
To learn more, see Manage meeting settings in Teams.
If you have problems setting up guest access or adding guests in Teams, use these resources to help you: