A client reached out to me recently stymied that while Guest Access in Teams was enabled, they were unable to actually invite guests to participate in their Teams. After a review, and a lot of web searching, I discovered that this is apparently a pretty common issue and the solution is not well documented at all. It turns out you also must enable a feature in the Azure AD component of the tenant in order to make this work.
Here’s what makes it work:
Allow Guest access/Invite Guests
The documentation on this is very sketchy from Microsoft. There are two things that must be done in order to permit guests and permit members to invite guests.
- Enable Guest Access
- Log into the Tenant
- Open Teams Admin Center (https://admin.teams.microsoft.com/)
- Open “Org-Wide Settings”
- Click on External Access
- Enable: Users can communicate with Skype for Business and Teams Users
- Enable: Skype for Business users can communicate with Skype users
- Click on Guest Access
- Enable: Allow guest access in Teams
- Save settings
- Click on External Access
- Enable Guest Invites
- Log into the Tenant
- Open Azure Active Directory
- Within Azure Active Directory admin center
- click on Azure Active Directory
- click on Organizational Relationship
- Select Settings
- Enable: Guest users permissions are limited
- Enable: Admins and users in the guest inviter role can invite
- Enable: Members can invite
- Disable: Guests can invite (enabled by default but I’d recommend disabling this)
- Enable: Enable Email One-Time Passcode for guests (Preview)
- Set Collaborative Restrictions to: Allow invitations to be sent to any domain (most inclusive)
NOTE: Enabling Guest access can take 2 – 24 hours to take effect after enabling the feature.