Changes to MS Teams Guest Access

Leveraging MS Teams to support remote meetings and collaboration or looking to introduce the system in 2021? A major update scheduled for February 8th 2021 could change guest access settings for your organisation.

The author of this page: Roisin McLaughlin
Roisin McLaughlin, Marketing Director Dec 17, 2020

In a notification published on December 3rd 2020, Microsoft has advised of an upcoming change in the default tenant configuration for MS Teams. From February 8th 2021, the "service default" for guest access will change from Off to On, meaning guest access will enable by default.

Who will be affected?

This change in service default won't impact tenants who have already opted to allow guest access to Teams or those who have manually set the guest access settings On or Off using the MS Teams admin centre.

Similarly, if you have guest access disabled at the Azure Active Directory level, this service default change will have no material impact on your organisations MS Teams experience, since sharing in M365 is governed at its highest level by the organisational relationship settings in Azure Active Directory.

MS Teams and External Collaboration

A device-agnostic, all-in-one cloud collaboration platform, opening guest permission policies enables your team to communicate and share content with other users, including those external to your organisation. However, for many organisations, external collaboration can raise security concerns, including the risk of uncontrolled file sharing and sensitive data leakage.

Fortunately, MS Teams provides a range of configuration options that enable your organisation to leverage the power of the cloud to support remote communication and collaboration, without compromising on security. Including two different ways to communicate and collaborate with external users, guest and external access.

Guest Access: provides users from outside your organisation similar rights to internal users, allowing guest to call, participate in chats, and access shared files.

External Access or Federation: allows Team users from specified domains to find, chat, call and send meeting invites to people within your organisation without granting access to internal Teams activities or resources.

But how can you determine which level of access is right for your organisation? As a starting point, we suggest following the below security best practices for guest and external access; however, our MS Teams specialists can work with you to build a robust security and governance framework that meets your unique business needs.

Security best practices

  • Apply the principle of least privilege: grant the minimum level of guest permissions necessary for native and guest team members to complete their work

  • Define who has the authorisation to invite guests into Teams -by configuring the external collaboration settings in Azure AD.

  • Disable external sharing for folders and files that contain sensitive data that should be kept in house.