Guest access in Office 365 can be configured across several different levels. Guest access across different services needs to be considered and planned carefully; some settings may lead to rather unexpected results. Starting on the tenant level, decision to allow or disallow guest access for Office 365 tenant will dictate options available for individual services. If guest access is turned off at the tenant level, guest access cannot be granted for any of the Office 365 services.

 

Guest access for OneDrive and SharePoint, at a service level, is closely tied together. There are four options that can be specified for OneDrive and SharePoint with OneDrive guest access always being the same or less permissive then SharePoint.

Another point where guest access is controlled is at Office 365 Group level. Groups members can be empowered with ability to invite external members to the team.

 

Guest access to SharePoint can also be controlled at individual site collection level. So in a situation where guest access is disabled for Office 365 Group, guest users can still be invited to have access to content stored in SharePoint. When guest access to Office 365 Groups is allowed but guest access to a SharePoint site is not, guest users will not have access to the data stored in SharePoint.

Finally, if an organisation is planning to allow guest access to Microsoft Teams, the following conditions need to be met:

  • Tenant level guest sharing must be allowed
  • In SharePoint Online (service level) guest access needs to be set to Existing guests, New and existing guests or Anyone.
  • In Office 365 Groups guest access setting must be set to: Let group owners add people outside the organization to groups.
  • Guest access must be allowed in MS Teams (service level).