Microsoft Teams guest access: 1 really easy way to block access (and 1 that is tougher)
Microsoft Teams guest access depends on the state of two settings, one that’s tenant-wide and one that’s group-specific. To allow the addition of guests to teams in general, you must have the general Unified Groups (Microsoft 365 type groups, including Teams) setting “Allow to add guests” turned on.
You can block the ability to add guests to specific groups by turning off its group-level equivalent. Let’s look at how to check the state of this setting at the group level and manage it for each Team using native admin tools and an alternative solution.
Native Microsoft 365 tools | Alternative solution |
---|---|
Admin Centers exhibit pagination of large volume of groups | Get a global view of all M365 groups and Teams without pagination |
Drill-down required to get to 1 single Team’s properties | Over 150 group properties are available to sort, filter and categorize your groups and Teams. |
Scripting skills required to get or change the setting ‘Allow to add guests’. | No coding needed to create a custom view of groups where guests are allowed to be added or not. |
Changes are made blindly, increasing risk of errors | See a preview of the groups for which you update the ‘Allow to add guests’ setting before committing the changes. |
Blocking Microsoft Teams guest access using Microsoft 356 and Teams Admin Centers
You’ll find the global setting to allow adding guest users to Teams in the general admin center under Org Settings -> Microsoft 365 Groups.
Here you can:
- Turn on or off the ability to add guests to Microsoft 365 groups
- Turn off content access to existing guest members
Note that if the Microsoft 365 group setting is turned off, the Teams setting for existing guests to retain access can remain on.
While the admin centers in Entra allow you to keep control over your tenant, there are challenges when you’re working with large volumes of users or groups.
Unfortunately, neither the Admin Center nor the Teams Admin Center offer the group-level setting to block Microsoft Teams guest access.
In summary, if you have a lot of Teams, you can’t see them all in one place because of pagination.
Besides that, there are some settings which are not visible in the admin centers. This includes the state of the setting to block the addition of guests for specific Microsoft 365 groups and Teams. You’ll need to use PowerShell or a third-party tool for that.
Blocking Microsoft Teams guest access with Microsoft Graph and PowerShell
Assuming that your tenant-level setting allows the addition of guests, you’ll need to retrieve each group’s setting where only a False value indicates that that group is closed to the addition of guests. You can use the Microsoft Graph API GET /v1.0/groups/{groupID}/settings in Graph Explorer.
If you prefer to use Microsoft Graph PowerShell, you can look at the examples on this page.
Either way, you’ll need to create a script to go through all the Teams.
Sounds tedious, right? Why bother when there’s an easy alternative.
The alternative: using sapio365 to block Microsoft teams guest access
sapio365 lets you see all your groups and their properties in one place, including each individual group’s ‘Allow to add guests’ setting as well as the tenant-wide setting (see at the top of the image below).
In fact, there’s a ready-to-apply view that lists all the Teams where guests can be added.
From here it’s easy to block the addition of guests to specific groups. You’ll even see a preview of your changes before you save them.
Do you prefer to include all Microsoft 365, not just Teams? Modify the view and save it! Remove the filter on Teams and apply one on the group type to only include Microsoft 365 groups. You can even group them by the setting for a categorized view of groups for both situations.
Does your manager need a weekly report to help manage Microsoft Teams guest access? sapio365 makes it easy to schedule a recurrent report based on a view, including the custom ones you save.
Summary
As the example above illustrates, sapio365 is an admin tool that helps IT admins with all of their common tasks. It’s ideal for organizations with large environments as it can display all your user data at once in one place.
Then with your data displayed you can filter, sort and organize the data however you want. Customized reporting is a breeze and the ability to preview any bulk changes before applying them reduces unexpected errors.
Using sapio365 to find and block Microsoft Teams guest access is just one of hundreds of IT tasks that sapio365 can tackle. Get a free trial and you can discover how sapio365 can help you save hours of time every day.
blog_sapio365
Submit a comment