A Complete Guide for Guest Access in office 365 Groups

Featured image

In this modern digital world, there is a critical need for any organizations to collaborate closely with their customers, partners, suppliers or consultants outside of their organization for a successful business. Sensing the importance of collaboration with external users and in response to the customer feedback in user voice, on September 8, 2016, Microsoft has rolled out new guest access feature for Office 365 groups in Outlook on the web portal.

Note:

  1. 1. Guest access is a tenant-level setting and is enabled by default. Before proceeding, go to SharePoint admin center and ensure sharing is allowed for any one of the following tenant level settings,
    • Allow users to invite and share with authenticated external users
    • Allow sharing to authenticated external users and using anonymous access links
  2. 2. Also ensure guest user policy is enabled in Azure AD to control access for guest users. For more info refer this link.

If you are a group owner, the new guest access feature allows you to add people outside of your organization (guest users) to your Office 365 group using Guests option in Outlook on the web portal, only if the external sharing has been enabled for your organization. But, Global admins can add guest users to any Office 365 groups in the organization.

Once external users added as guest members to Office 365 groups, they will receive a welcome email with link to access to group files in SharePoint Online, and they can start conversation with new group, and receive email messages and calendar invites sent to the group, and have automatic access to cloud-based file attachments. Also guest members can leave the group at any time.

As a guest member, when you click Read group files link in your welcome email, you will be redirected to access the group files in SharePoint Online, in which you will have full control to view and edit group files, and also share group files to existing group members/guest members. But you will neither be able to add new guest user nor share groups files to new group members/guest members.

Also guest members can access the group OneNote notebook, if they received link from group member.

When you click the Group conversations link at the top-right corner of group files page, you will be redirected to the group site, but you will not be able to access the group conversations.

Currently guest members can interact with group only through the group emails received in their inbox. Moreover, all group emails and calendar invitations the guest receives will include a reminder to use “reply all” in response to the group, along with links to view group files in SharePoint Online and leave or unsubscribe from the group, as shown in the below screenshot.

Control Guest User Access/Add Guest User for Office 365 Groups

You can refer below link to control guest user access/add guest user for all Office 365 groups in a tenant using either PowerShell/UI tenant, and also to control add guest user for a specific group using PowerShell.

https://support.office.com/en-us/article/Guest-access-to-Office-365-groups-Admin-Help-7c713d74-a144-4eab-92e7-d50df526ff96?ui=en-US&rs=en-US&ad=US

NOTE: By default, guest user access/add guest user for Office 365 groups is enabled for tenant-level. Also, add guest user for Office 365 groups is enabled for individual gropus.

PowerShell Script to Disable Adding Guest Users for Multiple Office 365 Groups via CSV

Connect-MsolService 

$csv = Import-Csv C:\csv\groups.csv
Foreach($Group in $csv)
{
$Groupname = Get-MsolGroup -SearchString  $Group.GroupName 
$GroupSettings = Get-MsolAllSettings -TargetObjectId $Groupname.ObjectId
if($GroupSettings)
{
$Value = $GroupSettings.GetSettingsValue()
$Value["AllowToAddGuests"] = "False"
Set-MsolSettings -SettingId $GroupSettings.ObjectId -SettingsValue $Value -TargetObjectId $Groupname.ObjectId
Write-Host "AddToGuest Successfully Blocked for"$Group.GroupName 
}
else
{
$GroupTemp = Get-MsolSettingTemplate -TemplateId 08d542b9-071f-4e16-94b0-74abb372e3d9
$CreateSetting = $GroupTemp.CreateSettingsObject()
$NewGroupSetting = New-MsolSettings -SettingsObject $CreateSetting -TargetObjectId $Groupname.ObjectId
$GroupSettings = Get-MsolAllSettings -TargetObjectId $Groupname.ObjectId
$Value = $GroupSettings.GetSettingsValue()
$Value["AllowToAddGuests"] = "False"
Set-MsolSettings -SettingId $GroupSettings.ObjectId -SettingsValue $Value -TargetObjectId
$Groupname.ObjectId
Write-Host "AddToGuest Successfully Blocked for"$Group.GroupName 
}
}

Sample CSV File