External collaboration settings doesn't work

Question

Hello everybody,

I want to configure a restriction for adding guest external users in a Team (in Teams).

My objectives :

• Owner can't invite external guest
• Only one user can invite external guest (not all of the members of the team)

In below my action :

• Admin Center > Settings > Org settings > Microsoft 365 Groups : disable "Let group owners add people outside your organization to Microsoft 365 Groups as guests"
• Azure AD > External Identities > External collaboration settings : select "Only users assigned to specific admin roles can invite guest users"
• Azure AD > Users > [I select my user who can add guess external user] > Assigned roles : add assignments "Guest Inviter"

First, a user create a team. After that, he invite the user with the "Guest Inviter" role.

My problem : the owner can't add external guest, but the user with the "Guest Inviter" role too !

I see the Guest invite settings doesn't work.

For testing, I change the setting "Only users assigned to specific admin roles can invite guest users" by "Anyone in the organization can invite guest users including guests and non-admins (most inclusive)", but the result is the same.

I think I have forgot one thing but I don't find my error.

Can you help me for this problem ?

Have a good day :)

Answer 1

Hi @Florian TULON

If you would like to add guest to your team, you should have this option "Let group owners add people outside your organization to Microsoft 365 Groups as guests" enabled.

Please refer to this part:

I think that my only possibility of controlling the outside people who can connect to the teams is to filter by domain.

Yes in Teams admin center you can control which domains you would like to collaborate with in Teams, other domains would be blocked.

I have an other question : What is the role "Guest Inviter" for ?

To my understanding, this role is an AAD level setting.

Users assigned this role would be able to invite guest in Azure AD protocol.

In Teams if you have already invited a guest to your tenant, the team owner would still be able to add the guest as a member to the team, even if they don't have the role "Guest Inviter" assigned. But would not be able to invite new guests to your tenant.

If the team owner has this role assigned, he would be able to invite new guests.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hello,

Thank you for your feedbacks.

I didn't know that only owner can add external people on a Team.

So I have block all possibilities to add external people because I have disable "Let group owners add people outside your organization to Microsoft 365 Groups as guests".

I think that my only possibility of controlling the outside people who can connect to the teams is to filter by domain.

What do you think ?

I have an other question : What is the role "Guest Inviter" for ?

Thank you.

Answer 3

Hi Florian

Go to the Teams management Console -> USers and See :

• Guest access : allow guests access
• External Access : allow external domains

You can tune every settings on these pages as you will.

I hope it bring some help to you

See you soon