Guest access allows users outside your organization to access your existing teams and channels and cooperate with the people in your organization.
Guests are people like partners, suppliers, and consultants that are not workers or members of your organization. Anyone who is not a part of your organization can be added to Teams as a guest. Which means that anyone that has a business (I.e. an Azure AD account) or a consumer e-mail account (Outlook.com, Gmail.com etc.) can join your teams and channels with full access as a guest. All guests in Teams are covered by the same compliance and auditing protection with the rest of Microsoft 365 and can be managed securely within Azure AD.
Guest Access is a tenant-level setting that is turned off by default on the Admin Center and when it is turned on everyone in your organization can add guests to Microsoft 356 Groups. Guest Access includes a lot of Microsoft 365 subscriptions without the need of an extra license.
There are two different options as Guest Access and External Access for communication with people outside your organization in Organization-wide Settings of Teams Admin Center . Guests access allows people outside your organization to reach your teams and channels while External Access allows communication by entering their e-mail into the Search Box in Teams. Most importantly, WHILE EXTERNAL ACCESS GIVES ACCESS PERMISSION TO AN ENTIRE DOMAIN, GUEST ACCESS GIVES ACCESS PERMISSION TO INDIVIDUALS!
You can see the guest access diagram below:
Managing Guest Access
Guest Access can be managed at 4 main levels:
- Azure Active Directory
- Microsoft Teams
- Microsoft 365 Groups
- SharePoint Online & OneDrive for Business
Azure Active Directory
Microsoft 365 Groups