Microsoft Teams guest access: 1 really easy way to block access (and 1 that is tougher)

May 23, 2025
|By Sonia Bounardjian
Tags: guests sapio365 Teams
How to control Microsoft Teams guest access

Microsoft Teams guest access depends on the state of two settings, one that’s tenant-wide and one that’s group-specific. To allow the addition of guests to teams in general, you must have the general Unified Groups (Microsoft 365 type groups, including Teams) setting “Allow to add guests” turned on.

You can block the ability to add guests to specific groups by turning off its group-level equivalent. Let’s look at how to check the state of this setting at the group level and manage it for each Team using native admin tools and an alternative solution.

Native Microsoft 365 toolsAlternative solution
Admin Centers exhibit pagination of large volume of groupsGet a global view of all M365 groups and Teams without pagination
Drill-down required to get to 1 single Team’s propertiesOver 150 group properties are available to sort, filter and categorize your groups and Teams.
Scripting skills required to get or change the setting ‘Allow to add guests’.No coding needed to create a custom view of groups where guests are allowed to be added or not.
Changes are made blindly, increasing risk of errorsSee a preview of the groups for which you update the ‘Allow to add guests’ setting before committing the changes.

Blocking Microsoft Teams guest access using Microsoft 356 and Teams Admin Centers

You’ll find the global setting to allow adding guest users to Teams in the general admin center under Org Settings -> Microsoft 365 Groups.

Here you can:

  1. Turn on or off the ability to add guests to Microsoft 365 groups
  2. Turn off content access to existing guest members
Tenant-wide setting allowing the addition of guests to Microsoft 365 groups and Teams

Note that if the Microsoft 365 group setting is turned off, the Teams setting for existing guests to retain access can remain on.

General Teams setting allowing access to existing guests who are members of Teams.

While the admin centers in Entra allow you to keep control over your tenant, there are challenges when you’re working with large volumes of users or groups.

Unfortunately, neither the Admin Center nor the Teams Admin Center offer the group-level setting to block Microsoft Teams guest access.

In summary, if you have a lot of Teams, you can’t see them all in one place because of pagination.

Besides that, there are some settings which are not visible in the admin centers. This includes the state of the setting to block the addition of guests for specific Microsoft 365 groups and Teams. You’ll need to use PowerShell or a third-party tool for that.

Blocking Microsoft Teams guest access with Microsoft Graph and PowerShell

Assuming that your tenant-level setting allows the addition of guests, you’ll need to retrieve each group’s setting where only a False value indicates that that group is closed to the addition of guests. You can use the Microsoft Graph API GET /v1.0/groups/{groupID}/settings in Graph Explorer.

Get the value of a group’s setting “Allow to add guests” with Graph Explorer.

If you prefer to use Microsoft Graph PowerShell, you can look at the examples on this page.

Either way, you’ll need to create a script to go through all the Teams.

Sounds tedious, right? Why bother when there’s an easy alternative.

The alternative: using sapio365 to block Microsoft teams guest access

sapio365 lets you see all your groups and their properties in one place, including each individual group’s ‘Allow to add guests’ setting as well as the tenant-wide setting (see at the top of the image below).

In fact, there’s a ready-to-apply view that lists all the Teams where guests can be added.

1 click needed to get a view of Teams where guests can be added.

From here it’s easy to block the addition of guests to specific groups. You’ll even see a preview of your changes before you save them.

Preview bulk changes of the group setting “Allow to add guests”.

Do you prefer to include all Microsoft 365, not just Teams? Modify the view and save it! Remove the filter on Teams and apply one on the group type to only include Microsoft 365 groups. You can even group them by the setting for a categorized view of groups for both situations.

Create and save a custom view for groups.

Does your manager need a weekly report to help manage Microsoft Teams guest access? sapio365 makes it easy to schedule a recurrent report based on a view, including the custom ones you save.

Schedule a recurrent report based on a custom view.

Summary

As the example above illustrates, sapio365 is an admin tool that helps IT admins with all of their common tasks. It’s ideal for organizations with large environments as it can display all your user data at once in one place.

Then with your data displayed you can filter, sort and organize the data however you want. Customized reporting is a breeze and the ability to preview any bulk changes before applying them reduces unexpected errors.

Using sapio365 to find and block Microsoft Teams guest access is just one of hundreds of IT tasks that sapio365 can tackle. Get a free trial and you can discover how sapio365 can help you save hours of time every day.

Get your sapio365 free trial

Sonia Bounardjian

Sonia is a sapio365 product specialist at Ytria. She was part of the initial development team that created sapio365. When she's not busy helping sapio365 users virtually or writing helpful articles in this blog, she's reorganizing her impressive collection of unused high heels.