Inviting external users to your Microsoft Teams environment is necessary for collaboration, but it is also risky if you do not control their user permissions correctly.
In 2020, 95 million users came on board with Microsoft Teams, with over 500,000 organizations using Teams for their main collaboration platform as flexible and remote working quickly became the norm. These numbers will continue to rise this year.
Once you have your own house in check, you must prioritize how to share Teams with external users correctly.
An interesting factor is that external access sharing is on by default in Microsoft Teams. It means anyone can communicate with any outside domain. This default setting makes sense for quick setup and user adoption for organizations, but this needs some retrospective action if not done so already.
Firstly, you need to identify and access multiple admin centers to adjust the permissions allocated to your users. The Microsoft Teams admin center makes sense, but let’s not forget the Microsoft 365 admin center and the SharePoint admin center.
We are now talking about collaboration governance – how users can gain access and move resources for business collaboration. Actions must follow the regulations and standards set by the organization. Click the following Microsoft how-to guide for a step–by–step setup.
Assuming users will collaborate on content across Teams, you must be equally in control of your SharePoint permissions. Here you differentiate between the organizational and site-level depending on the amount of access you would like to offer. One rule of thumb is to keep any information unsuitable for external use in a site with external sharing turned off.
Guest access in teams allows you to collaborate with external users who are not part of your organization.
If you want to chat, show documentation, but keep complete control over your data, then allocating guest permissions to externals is the way to go. Guest access users must at least have a business account of some kind. On top of adjusting settings in Microsoft 365, SharePoint, and Teams admin centers, you will also need to address Azure Active Directory.
I recommend reading the following Microsoft article for full detail on setting up guest users and applying sensitivity labels. Guest users can then participate in the Teams experience without accidentally accessing confidential data.
When you create a team in Microsoft Teams, a SharePoint team site is automatically created. Vice versa Microsoft 365 groups are automatically created when a team site is made in SharePoint. Here you must make sure all users related to these sites and groups have permissions turned on, or they will not collaborate effectively across Teams, SharePoint, and wider Microsoft 365 services.
Once you have set permissions, you want to monitor and identify who your users are over time. As more users collaborate on teams, it becomes increasingly difficult to know who is new, where they are, what permissions they have, and get that information quickly. You must pull the data from each separate admin center and aggregate it yourself.
An instant overview of who is entitled to access your environment is a huge time-saver. Furthermore, automatic notifications that alert you of any changes would allow you to focus on other tasks. Please let me introduce you to Rencore Governance.
With Rencore Governance, you can build precision checks that provide you data on external login user history and trigger automation integrations to deal with access rights.
These checks include:
Rencore Governance provides maximum flexibility and efficiency for Microsoft 365, Teams, SharePoint, Azure, and Power Platform governance. You can quickly discover, assess, and communicate data. Monitor end-user activity. Identify deviations from policies and automate fixing.
If you want to learn more about Teams management I recommend reading our free whitepaper “Microsoft Teams governance best practices“. The whitepaper examines the key aspects of Teams governance and offers a guide on creating a comprehensive governance strategy.