Automating the Provisioning of Selective Teams with Guest Access: Introduction
Series Contents
- Introduction (you are here)
- History & Background
- Part 1: Application Authentication — Azure AD Application Registrations
- Part 2: Request Storage — SharePoint
- Part 3: Request Process Automation — Microsoft Power Automate & Microsoft Graph
- Part 3.5: Flow Enhancements
- Part 4: Enhanced User Interface — Power Apps & Teams
- Part 4.1: Governing the ‘Viral’ Creation of Teams
- Part 5: Next Steps — Security
Introduction
Everyday, people are exploring and embracing new ways to work in Microsoft Teams. The chat-based hub for teamwork is transforming projects, meetings and processes — it’s available for everyone on devices they love. Modern teamwork involves people within and across disparate organizations, requiring that information is securely shared with all stakeholders. Teams provides native guest access capabilities to address these needs.
Teams guest access can be enabled or disabled for an organization — the setting is disabled by default and applies across the organization’s tenant. But how does an organization enable the feature only for select, authorized teams? And once enabled, how does an organization protect it’s information while being shared with guests? The answers to these questions require a deeper understanding of Teams architecture and Microsoft 365 security and compliance capabilities.
The information in this series of posts was gathered by myself and Bruce Weaver (Teams Sr. Technical Specialist) based upon the large number of customers we’ve had ask about this specific scenario. This conversation has been done so many times that it was high time we created a series of blog posts out of them. In this series of posts, we identify the specific controls needed to support guest access on a per-Team basis. We also demonstrate how to implement these controls into an automated Teams provisioning process that streamlines service-desk operations while ensuring only authorized Teams can work with guests. After this we discuss the next steps to secure the information that you are allowing guests to work with.
But before that, let’s talk about the genesis of this challenge, and that requires a little history lesson and background. If you want to skip this part, you can proceed to Part 1. Else, read on!