Use PowerShell to control guest access to a team
In addition to using the Microsoft 365 admin center and the Azure Active Directory (Azure AD) portal, you can use Windows PowerShell to control guest access. With PowerShell, you can do the following:
Allow or block guest access to all teams and Office 365 Groups
Allow guests to be added to all teams and Office 365 Groups
Allow or block guest users from a specific team or Office 365 group
For details, see "Use PowerShell to control guest access" in Manage guest access in Office 365 Groups.
You can also use PowerShell to allow or block a guest user based on their domain. For example, let's say your business (Contoso) has a partnership with another business (Fabrikam). You can add Fabrikam to your Allow list so your users can add those guests to their groups. For more information, see Allow/Block guest access to Office 365 Groups.
If you want to block guests in Teams and still want to allow them to access SharePoint sites, you can use Azure AD Powershell cmdlets to disable the AllowGuestsToAccessGroups parameter on the Company object, assuming external sharing is turned on for SharePoint sites.
Use PowerShell to turn guest access on or off
Download the Skype for Business Online PowerShell module from https://www.microsoft.com/en-us/download/details.aspx?id=39366
Connect a PowerShell session to the Skype for Business Online endpoint.
Import-Module SkypeOnlineConnector $Cred = Get-Credential $CSSession = New-CsOnlineSession -Credential $Cred Import-PSSession -Session $CSSession
Check your configuration and if
$False, use the Set-CsTeamsClientConfiguration cmdlet to set it to
Get-CsTeamsClientConfiguration Identity : Global AllowEmailIntoChannel : True RestrictedSenderList : AllowDropBox : True AllowBox : True AllowGoogleDrive : True AllowShareFile : True AllowOrganizationTab : True AllowSkypeBusinessInterop : True ContentPin : RequiredOutsideScheduleMeeting AllowResourceAccountSendMessage : True ResourceAccountContentAccess : NoAccess AllowGuestUser : True AllowScopedPeopleSearchandAccess : False Set-CsTeamsClientConfiguration -AllowGuestUser $True -Identity Global
You can now have guest users in Teams for your organization.
Guest access vs. external access
External access (federation) and guest access are different:
- External access gives access permission to an entire domain.
- Guest access gives access permission to an individual.
For a detailed comparison, see Communicate with users from other organizations.