This Microsoft Teams Q&A is dependant on our web seminar of the identical name. Miss it the very first time? Watch the entire web seminar here!
Though Microsoft Teams is definitely an incredibly effective collaboration platform, you should know how you can correctly configure its controls to really make it work with your atmosphere. This is also true with regards to exterior discussing. We’d a lot of questions during our recent web seminar that people made the decision to reply to them altogether in a single large Q&A publish. Let’s get began.
Let’s say the partner you need to tell isn’t within the cloud? So how exactly does that authentication work?
The guest user doesn’t need to be another Azure Active Directory account. The account must be connected using the cloud at the minimum, may it be a website account synced to AAD, a Microsoft account, Google federation, a Hotmail account, etc. However, for non-cloud accounts, there’s a 1-time passcode option to ensure that whenever a non-cloud user wants access, they get a one-time password for your session.
What cleans in the guest account in Contoso?
You may either feel the directory and by hand cleanup dead accounts or employ Azure Access Review like a potential means to fix this. Alternatively, AvePoint’s Cloud Governance solution makes it possible for review and elimination of guest users from Teams and Groups but doesn’t take away the user in the directory. Search for Cloud Governance to possess more functionality associated with this use situation in H1 2020.
Performs this require an Azure AD Premium P1 or P2 license?
There’s no elevated license needed for AAD. You’ll have a ratio of just one:5 compensated licenses to guest users at no additional charge. In the event that customer really wants to use advanced AAD features like Multifactor Authentication (MFA) or Conditional Access for many or all their guest users, they will have to be certain the compensated AAD licenses within the ratio above are licensed at an amount that props up AAD functionality they would like to affect the guest accounts.
When the guest leaves their company, so how exactly does access get revoked?
It will get revoked instantly. Should you try looking in your AAD you can observe these guest accounts exist, but the only method they may be utilized is by using the guest’s original account. Therefore if they get kicked from Fabrikam, they won’t have the means to log in because the guest account is tied straight to Fabrikam.
Does your AAD have to sync for both in hybrid environments for Guest Use of fully function? Presently, we simply sync our local on-prem AD one method to the cloud.
Guest accounts only appear in AAD and don’t get synced to AD on-prem.
Performs this affect SharePoint user profiles too?
Visitors cannot see profile info in SharePoint.
Will the licensing change if your small business is on the G3 government license?
No, it doesn’t.
Are you able to please clarify the guest licensing? If our users have E3 licenses then will the guest user come with an E3 license too?
Yes. When the core user includes a compensated E3 they’re going to have as much as five visitors with similar degree of licensing. They won’t, however, possess a OneDrive or perhaps an email box, so one-to-one chat is restricted. Otherwise, though, they’ll have full functionality in Microsoft Teams, channels, as well as in SharePoint. G3 licensing follows exactly the same model.
For businesses which have began using Business to business, have you ever seen them requiring a burglar verification for that other company to make sure exited employees no more connect?
Since you don’t own the authentication of this user, you’re counting on the truth that wherever they’re originating from is applying proper password policies and proper metrics for making certain that user is who they appear at first sight. You skill is leverage advanced AAD security measures like conditional access and multi-factor authentication if you are searching to apply security controls on the top of whatever is being used through the guest user’s identity provider.
Can there be any as they are reporting feature at work 365 that shows what submissions are distributed to guest users?
There are several, but typically, what you’ll get is a summary of guest users. There isn’t lots of as they are functionality but there’s a far more complete reporting of those features in Cloud Management.
What are the time-based revocation/deactivation settings for visitors?
Nothing as they are.
Are you able to grant visitors use of Office apps?
No. It normally won’t get the opportunity to install the program.
Should you switch on the whitelist/blacklist after it’s been open for some time then are exterior users who’re already contained in AAD denied access if their domain was later blacklisted?
No, they are forward settings only. You’ll need to have a process to undergo and take away individuals users.
Can the guest users be utilized for SharePoint, Portals, or any other add-on apps?
Yes. Guest users really are a feature of AAD and could be leveraged by 1st party services like Microsoft Teams and SharePoint Online in addition to 3rd party applications which are written to integrate with AAD.
Whenever you set guest access in AAD, which platforms does that permit use of? OneDrive, Teams, etc.?
It goes to how exterior discussing is much like an onion. Adding a guest in AAD doesn’t immediately give that user use of any Office 365 content. You must also switch on guest access for Groups and Teams and SharePoint according to your demands.
If your guest is offered use of a group they have access to the funnel, conversations, files, planner – basically the rest of the Microsoft Teams sources. Visitors do not need the “chats” that aren’t a part of defined Teams. The only method that the guest have access to a OneDrive is for those who have exterior discussing enabled for SharePoint and OneDrive and the OneDrive content continues to be clearly distributed to that guest.
Exactly what are you granting guest use of when establishing AAD?
By granting guest access you’re stating that the consumer has become within the directory other product permissions yet. All they are able to do is sign in, and just what they are able to sign in to depends. Since third-party applications can leverage Azure AD, if you wish to give use of these third-party applications, you are able to.
Do you need Flow to automate the exterior discussing process?
Yes. You should use Flow, PowerApps, or Azure Logic Apps to get this done.
Are we able to control permissions and access in the subsite level?
For SharePoint, exterior discussing settings are configured to begin Collection level. Which means that all settings affect all subsites. You can leverage SharePoint’s permission inheritance features to include visitors simply to subsites.
Should i configure SharePoint discussing settings for guest users discussing in Microsoft Teams to operate on files in Teams?
Team people will invariably have the SharePoint site because access isn’t provided to individuals, but towards the underlying Office 365 Group. So, if my guest access settings in Microsoft Teams and Office 365 Groups is switched on and that i add an exterior user to my visitors for your Group, there isn’t any work that should be done around the SharePoint side. Exterior discussing in SharePoint could be off because I am not discussing by having an exterior person, however with that Number of that the exterior member is part of.
For Azure AD, what services at work 365 rely on exterior discussing?
Short answer: it’s usually Groups and Teams and it is sometimes SharePoint.