Add a guest to a team
The new Microsoft Teams admin center is here! Starting in March 2018, we've been gradually migrating settings to it from both the current Skype for Business admin center and the Microsoft Teams experience in the Microsoft 365 admin center. If a setting has been migrated, you'll see a notification and then be directed to the setting's location in the new Microsoft Teams admin center. For more information, see Manage Teams during the transition to the new Microsoft Teams admin center.
Anyone with a business or consumer email account, such as Outlook, Gmail, or others, can participate as a guest in Teams.
As an admin, you can add a new guest user to the organization in a couple of ways:
- Global admins who are owners of a team and owners of a team can add a guest to a team through either the Microsoft Teams desktop or the web clients. For more details, check out Add guests to a team
This does not apply when Admins and users in the guest inviter role can invite is enabled. This is because the guest invitor role isn't supported in Teams.
- Add guests to your organization through Azure Active Directory (Azure AD) B2B collaboration. Azure AD B2B collaboration allows a global admin to invite and authorize a set of external users by uploading a comma-separated values (CSV) file of no more than 2,000 lines to the B2B collaboration portal. For more details, check out Azure Active Directory B2B collaboration.
With Azure AD B2B collaboration, organizations can enforce conditional access and multi-factor authentication (MFA) policies for B2B users. These policies can be enforced at the tenant, app, or individual user level, the same way that they are enabled for full-time employees and members of the organization. Such policies are enforced at the resource organization. For more information, see Conditional access for B2B collaboration users. Individual guest users can't be blocked.
Guest users you have already added via Azure AD B2B, Office 365 Groups, or SharePoint Online are ready to go. The Office 365 admin or a team owner can add those guests to their respective teams. If a team is already with an Office 365 group, and a guest is added to the group, the guest will get access to the team. Adding a guest via the Office 365 group doesn't generate an invitation email to the guest, so someone on the team should notify the guest.
You can track guest additions in Azure AD or the Office 365 Security & Compliance Center. Adding a guest in Microsoft Teams is audited and logged as an Azure AD group administration activity "Added member to group". For more details, see Auditing and reporting a B2B collaboration user and Search the audit log in the Office 365 Security & Compliance Center.
Guest access vs. external access (federation)
External access (federation) and guest access are different:
Guest access gives access permission to an individual. External access gives access permission to an entire domain.
Guest access, once granted by a team owner, allows a guest to access resources, such as channel discussions and files, for a specific team, and chat with other users in the team they have been invited to. With external access (federated chat), the external chat participants have no access to the inviting organization’s teams or team resources. They can only participate in one-on-one federated chat. Tenant admins can choose between the two communication options depending on which level of collaboration is desirable with the external party. Admins can choose either approaches or both, depending on their organizational needs, but we recommend enabling guest access for a fuller, collaborative Teams experience.
For a detailed comparison, see Manage external access.