So there have been A LOT of talk about Guest Access and Microsoft Teams so I figured it is time to take a bit of a deeper look at what is and isn’t available at this time. I’m going to highlight a few great additions and then also some items that just are not quite there yet.
Guest Access to Office 365 Accounts
So this is the oldest and most know version of guest access today. You have someone else (Commercial or Education) who uses Office 365 and you want to add them as a Guest to your Team. This was announced and explained back in a September 11, 2017 Blog Post by Microsoft. What is happening under the hood is that user from Tenant G (for Guest) is being provided Azure AD access to your Tenant A. We can see this in both the Office 365 Portal and the Azure AD Portal.
So this was a big step but not all is solved yet in this realm. There are still a few areas you need to be aware of when dealing with an Office 365 Guest Account. In particular, what if Tenant G has Microsoft Teams disabled? As of about two months ago we got a solution at the browser level. If a user from Tenant G logs into Microsoft Teams they will now see this page:
In the screen shot above, you will see where it says “Office (Guest)”. This is the name of Tenant A as defined in Office 365. Well, the “Office” part is. So if this user was Tenant G was invited to 10 different guest tenants, although Teams is disabled for Tenant G, that user can still get to the desired location via the picker. This is a nice addition.
Unfortunately, we are starting to see a larger product gap between Desktop/Web and the Mobile Clients and it feels like it’s growing weekly. Although they share a significant code base there is still some structural barriers. If the user from Tenant G attempts to login to their iOS or Android Client (we won’t talk Windows Phone as that client is very behind now) the user will receive a message saying they cannot login as Teams is disabled for their tenant. To make matters worse, if the user attempts to login via the browser on their phone they are redirected to the Store or App on the phone.
Guest Access for MSA Accounts
At the end of February, Microsoft announced guest access was coming to Microsoft Teams for “anybody”. And although this is true its important that we put a small “asterisk” next to the anybody comment. When you invite a new user to Teams and they go through the registration process their is a MSA (MicroSoft Account) requirement. Although the Microsoft Teams did a fantastic job of making this process as easy as possible we can see it’s still required.
When you click the “Next” button, there is a check that occurs to see if the e-mail address invited is an MSA Account or not. If it is not, then you are walked through the process to “Create Account”. Although you might be thinking you are creating a “Teams Account” under the hood it’s a MSA Account. I don’t think this is underhanded or anything but is important to know, it’s not “True” Guest access as there is still a requirement for MSA.
Once you have gone through and created your account all is good. You have access to your team and it just works. But what about mobile? Again, we see the disconnect between the Desktop/Web verses the Mobile client again. Although I can login to Microsoft Teams as my MSA Account (which is most likely why you need the MSA account – it makes sense to me) you can’t do anything with it.
You are presented with the ability to “select an account” but nothing happens. Says the feature is “coming soon”. So again, the lag of the mobile client hampers the Teams Guest experience.
Don’t get me wrong, I believe the Teams and Guest access are fantastic steps forward. And although I didn’t get into the “Guest Switching” behavior which I think we can all agree needs some work, the steps the Teams team has done in only 13 months is absolutely fantastic. I’m looking forward to what is available in the next 13 months as well.