card image

Top Concerns for Office 365 Admins: External Guests — Allowing Access and Sharing

External Guests in Office 365 – Access and Sharing

One important issue to consider in Office 365 is sharing with external guest users whose accounts and credentials are not controlled within your Office 365 tenant.

These are people who are not vendors or contractors who are granted an Office 365 account within your organization’s Office 365 subscription.

By default, at the tenant level, Office 365 Groups allow owners and Office 365 global administrators the ability to:

  • Add external guests as members
  • Provide external guests and members to access Group files and OneNote.

Microsoft Solution

Fix via PowerShell command: Restrict external access and sharing by applying any of these cmdlets to your Office 365 Groups template in Azure Active Directory:

  • Use AllowGuestsToBeOwner cmdlet, set it to “False.”
  • Use AllowGuestsToAccessGroups cmdletm set it to “False.”
  • Use AllowToAddGuests cmdlet, set it to “False.”

Display your organization’s Office 365 guest usage policy as a URL in external sharing emails and educate guest users:

  • Use GuestUsageGuidelinesUrl cmdlet.

AvePoint Solution

Governance Automation Online enables you to set up multiple, granular policies. Whether you’re allowing users to invite other guests, share files or OneNote docs when it’s safe, or prohibit when it’s not.

For even more info on Office 365 — especially Office 365 Groups and Microsoft Teams, be sure to check out our Ebook!

Admins can set up multiple policies for Groups within AvePoint Governance Automation Online and apply them where appropriate . Eg. In this instance the admin lets users choose whether external guests are allowed to join the new Group

When users go into the AvePoint Governance Automation Online catalogue to request a new Group, they can see that they have the choice to allow external guests, or not