top of page
  • Hanna Korotka

Cybersecurity Awareness - Secure Collaboration in Microsoft Teams with External Users

In the modern, highly connected digital landscape, collaboration across organizational boundaries is becoming increasingly essential. Microsoft Teams offers robust features for secure collaboration, allowing your organization to work seamlessly with individuals outside your company.

However, it's crucial to implement these features thoughtfully to ensure cybersecurity and data protection. In this article, we'll explore two key options for collaborating with external users: External Access and Guest Access.

External Access

External access is a feature that enables users within your organization to communicate with people outside your organization who use Microsoft as their identity provider, including those from other organizations.

Each external access option has both an organization setting and user policies. The organization settings apply to your entire organization. User policies determine which users can use the options that you've configured at the organization level.

Organization settings:

1. Specify Trusted Microsoft 365 Organizations: Admin can define which domains your organization trusts for external meetings and chat in Teams admin center > Users > External access > Choose which domains your users have access to. Options include:

  • Allow All External Domains: This is the default setting, permitting communication with any external domain using Teams or Skype for Business.

  • Allow Only Specific External Domains: Create a list of allowed domains while blocking all others.

  • Block Specific Domains: Block communication with specific domains while allowing all others.

  • Block All External Domains: Prevent users from communicating with any external domain.

2. Manage Chat with External Teams Users Not Managed by an Organization: As admin, you can choose to enable or disable chat with external, unmanaged Teams users (those not managed by an organization, such as Microsoft Teams (free)) in the Teams admin center > Users > External access turn on the People in my organization can communicate with Teams users whose accounts aren't managed by an organization setting. If enabled, you can also control whether unmanaged Teams users can initiate chats with your organization.

To allow chat with unmanaged Teams accounts

  1. In the Teams admin center, go to Users > External access.

  2. Turn on the People in my organization can communicate with Teams users whose accounts aren't managed by an organization setting

  3. If you want to allow external unmanaged Teams users to start the conversation, select the External users with Teams accounts not managed by an organization can contact users in my organization checkbox.

  4. Select Save.

User policies determine which users within your organization can chat or meet with external users. External access policies are configured by using Set-CsExternalAccessPolicy cmdlet. Key parameters include:

  • -EnableFederationAccess: Allow or prevent meetings and chat with other Teams organizations and Skype for Business.

  • -EnableTeamsConsumerAccess: Allow or prevent chat with Teams users not managed by an organization.

  • -EnableTeamsConsumerInbound: Control whether Teams users not managed by an organization can initiate conversations.

For end-users, collaborating with external individuals is seamless. Users can accept or block external collaborators, preview messages before accepting, and manage their collaboration preferences.

Guest Access

If your users need to collaborate extensively with external users across documents, tasks, and conversations, Guest Access in Microsoft Teams is the way to go.

Guest access - A feature that allows you to invite people from outside your organization to join a team. Guests can also call, chat, and meet with people in your organization and you can share files and folders with them. Invited people get an Azure AD B2B collaboration guest account in your directory.

To set up a team for collaboration with guests, follow these steps:

1. Azure External Collaboration Settings:

Ensure that your Azure Active Directory's B2B external collaboration settings allow sharing with guests. This setting overrides any sharing configurations made in Microsoft 365.

2. Teams Guest Access Settings:

In the Microsoft 365 admin center, navigate to Teams > Users > Guest access and turn Guest access "On." Adjust additional guest settings as needed.

3. Microsoft 365 Groups Guest Settings:

Teams uses Microsoft 365 Groups for team membership. Ensure that Microsoft 365 Groups' guest settings are enabled to enable guest access in Teams.

4. SharePoint Organization-Level Sharing Settings:

Since Teams stores content in SharePoint, ensure that your organization-level sharing settings in SharePoint permit sharing with guests.

5. SharePoint Organization-Level Default Link Settings:

Configure default file and folder link settings that suit your collaboration needs, such as "Anyone with the link," "Only people in your organization," or "Specific people."

6. SharePoint Site-Level Sharing Settings:

Check site-level sharing settings for your SharePoint site associated with the team, ensuring they align with your collaboration requirements.

With these configurations in place, users can invite both internal and external users to the team, allowing them to collaborate effectively in a secure environment. Remember that guest permissions for channels can be customized by team owners, and file permissions for guests are determined by your SharePoint settings, which can only be changed by admin.

For End-Users: Add Guests to a team in Microsoft Teams

To invite guests to a team:

  1. In the team, select More options, and then select Add member.

  2. Type the email address of the guest whom you want to invite.

  3. Select Edit guest information.

  4. Type the guest's full name and select the check mark.

  5. Select Add, and then select Close.

Guests will receive a welcome email invitation that includes some information about the team and what to expect now that they're a member. The guest must accept the invitation by selecting Open Microsoft Teams in the email message before they can access the team and its channels.

Guests have fewer capabilities than team members, but there's still a lot they can do in channels, where the work actually gets done! Team owners can set guest permissions for channels. To set guest permissions:

  1. Select Teams on the left side of the app.

  2. Go to the team name, and select More options > Manage team.

  3. Select Settings > Guest permissions. Check or uncheck the permissions you want to allow.

Your guests can now collaborate with team members in channels.

By following these best practices for secure collaboration in Microsoft Teams, you can enjoy the benefits of enhanced productivity and seamless teamwork while safeguarding your organization's data and assets. Collaboration across boundaries has never been more secure or efficient!

To help you to have peace of mind knowing your business is secure, click here to schedule a Microsoft 365 Secure Score review with our experts today. We'll evaluate your current cybersecurity measures, identify potential vulnerabilities, and help you implement a strategic security plan to keep your company safe.

16 views0 comments


Get the Latest News to Your Inbox

bottom of page