M365 Guests: The 25 Most Frequently Asked Questions

How do I find all M365 guests in my tenant?

To view all M365 guests, you can use the Microsoft 365 Admin Center, the Microsoft Entra Admin Center, or a PowerShell script. However, this requires several manual steps.

In the External User Manager, you can directly view all guests with their important details through a central dashboard. You can also specifically search for unmanaged guests and easily incorporate them into your guest management.

Learn more here: Guest Import: View all M365 guests and manage them efficiently.

How do I invite external participants to Microsoft Teams meetings?

Microsoft Teams allows you to invite external participants directly in the meeting planning by entering their email address.

For a step-by-step guide, see: Microsoft Teams: External Participants in Meetings.

How can I manage guest permissions for M365 guests in Teams?

The Teams Admin Center allows you to set standard guest access permissions that apply to all M365 guests.

For more information, see Microsoft Teams: Default Guest Permissions.

The External User Manager provides additional controls, such as access reviews, lifecycle management, reporting, and the ability to set individual compliance policies.

Can I restrict guest access to specific teams only?

Yes. Guest access can be disabled or explicitly allowed for specific teams e.g. via sensitivity labels or PowerShell.

The External User Manager makes control easier, as access checks can be performed on a team-specific basis.

Learn more here: Block Guest Access for Specific Teams in Microsoft Teams.

How do I manage M365 guests in Microsoft Entra?

Microsoft Entra provides basic options for managing external identities and cross-tenant settings. Some important settings can also be found in other Microsoft admin centers.

External User Manager combines all security and compliance features in one app.

Learn more: External Identities in Microsoft Entra.

How does guest onboarding work in M365 groups and Microsoft Teams?

The onboarding process is often done manually in coordination with the communications department.

The External User Manager automates onboarding, enforces compliance policies, and enables approval of data protection or NDA documents.

Learn how to improve your onboarding process here: Onboarding Guests in Microsoft Teams and M365 Groups.

Can I blacklist or whitelist domains for M365 guests?

Yes. In Microsoft Entra, you can blacklist or whitelist domains. In the external collaboration settings, you can enter the domains for which invitations should be allowed or denied.

In External User Manager, managing domain restrictions is easier and more centralized.

Learn more here: How to Blacklist and Whitelist External Domains in M365.

What happens to inactive M365 guests?

Microsoft does not offer automated removal of inactive guests. These remain in M365 groups and Teams and threaten the organization and security of your M365 environment.

External User Manager identifies inactive guests and automatically removes them based on defined time periods.

How do I invite M365 guests to Teams?

If your guest settings are enabled and you have configured your organization-wide settings in the Teams Admin Center, you can add guest users.

To do this, go to the three dots (…) in the respective team, click on Add member, and enter the guest’s email address.

The External User Manager adds approvals, compliance checks, and additional security mechanisms to the process.

For more details, see: Adding Guests to Microsoft Teams.

How can I restrict access for M365 guests in Microsoft Teams?

In the Microsoft 365 Admin Center, you can configure general guest access under Users > Guest users > Manage Teams settings.

In the Teams Admin Center, specific guest access permissions can then be further customized.

External User Manager gives you additional control over access, approvals, and reports.

How do I enable guest access for M365 guests in the Admin Center?

Guest access can be enabled in the Microsoft Teams Admin Center. Go to Settings & policies > Org-wide default settings > Guest access and turn it on.

For more details: Enable Guest Access for Microsoft Teams.

What are the risks of guest access to OneDrive data?

Without regular review, guests may retain access to files longer than intended. The risk of data leaks increases.

External User Manager supports you with regular and automated access checks.

Can I convert M365 guests to members?

No. M365 guests cannot currently be converted directly to members.

The reason is that member accounts require an email address that belongs to the organization’s domain, while guest accounts use external domains. To add guests as members, they need an account in your organization’s domain.

How can I see which files M365 guests are accessing?

In the Microsoft 365 Admin Center, go to Reports > Usage. There you will find reports on which files have been viewed, downloaded, or edited by guests.

In the SharePoint Admin Center, you can track activities under Reports.

How do authenticated and anonymous M365 guests differ?

Authenticated guests sign in with a Microsoft account. Anonymous guests only get access via share links.

How can I restrict guest sharing for individual SharePoint sites?

In the SharePoint Admin Center, go to Sites > Active Sites and select the SharePoint site you want to configure. Under Settings look for External file sharing and set it to Only people in your organization.

Can M365 guests accept compliance policies?

Not with standard Microsoft tools.

External User Manager provides an onboarding portal where guests can actively confirm binding compliance policies and documents (GDPR, NDA, etc.).

How do I set up an approval workflow for M365 guests?

Microsoft does not provide a built-in approval workflow.

External User Manager offers an approval process that ensures only authorized guests are granted access.

Learn more: Microsoft Teams: External User Manager.

How do I remove M365 guests who no longer need access?

Microsoft only offers manual options for revoking guest access for M365 guests.

The External User Manager automatically removes guest users with lifecycles based on predefined rules or inactivity.

How does EUM help minimize data loss?

The External User Manager supports you with:

• Approval process for guest users
• Regular access reviews
• Lifecycles based on predefined rules or inactivity
• Detailed reports on M365 guests

These features reduce the risk of accidental or unwanted data sharing.

Can I allow M365 guests only for certain regions?

Yes. In the Azure Active Directory Admin Center, you can create a new policy under Conditional Access. Under Users, select guest users to whom the policy will apply. Under Network, you can then specify which geographic regions are allowed or blocked for access.

How long do M365 guests retain access to content?

By default, until access is manually revoked.

External User Manager automatically revokes access when the guest is removed.

How do I ensure time-limited access for M365 guests?

Standard Microsoft tools do not offer automation for this.

External User Manager enables time-based processes and automatic removal of M365 guests.

Learn more here: Microsoft Teams: External User Manager.

How do I import existing M365 guests into the External User Manager?

With the Guest Import function of External User Manager.

Learn more here: Guest Import: View all M365 guests and manage them efficiently.

How do I identify active or inactive M365 guests?

Microsoft does not offer automated inactivity checks.

External User Manager regularly identifies inactive guests and removes them automatically on request.