Use PowerShell to control guest access to a team

In addition to using the Microsoft 365 admin center and the Azure Active Directory (Azure AD) portal, you can use Windows PowerShell to control guest access. With PowerShell, you can do the following:

  • Allow or block guest access to all teams and Office 365 Groups

  • Allow guests to be added to all teams and Office 365 Groups

  • Allow or block guest users from a specific team or Office 365 group

For details, see "Use PowerShell to control guest access" in Manage guest access in Office 365 Groups.

You can also use PowerShell to allow or block a guest user based on their domain. For example, let's say your business (Contoso) has a partnership with another business (Fabrikam). You can add Fabrikam to your Allow list so your users can add those guests to their groups. For more information, see Allow/Block guest access to Office 365 Groups.

If you want to block guests in Teams and still want to allow them to access SharePoint sites, you can use Azure AD Powershell cmdlets to disable the AllowGuestsToAccessGroups parameter on the Company object, assuming external sharing is turned on for SharePoint sites.

Guest access vs. external access

External access (federation) and guest access are different:

  • Guest access gives access permission to an individual. External access gives access permission to an entire domain.

  • Guest access, once granted by a team owner, allows a guest to access resources, such as channel discussions and files, for a specific team, and chat with other users in the team they have been invited to. With external access (federated chat), the external chat participants have no access to the inviting organization’s teams or team resources. They can only participate in one-on-one federated chat. Tenant admins can choose between the two communication options depending on which level of collaboration is desirable with the external party. Admins can choose either approaches or both, depending on their organizational needs, but we recommend enabling guest access for a fuller, collaborative Teams experience.

For a detailed comparison, see Manage external access.