Guest Access Series: Inviting a Specific Domain into a Specific Team — Introduction

An introduction into how we can leverage the various services in Microsoft 365 and the Power Platform to provide a moderate level of governance when looking to allow a Team Owner to invite external/guests into their Team

Setting the Stage

The Guest Access story is a many-faceted one that can be comprised of many things. For example, the earlier series of allowing individual people to request/provision a team that can have guests allowed is one way. This example is assuming you already have a team, but can’t add a guest through the normal method. So, if this is closed down, how do you invite a guest in? And if you can, how can we make sure (again, moderate governance) that we only invite, say, approved domains?

Well, let’s start with that…how can we govern the ability to add a guest to a Microsoft Team, limiting the invitations to those that are part of a list of allowed domains?

Solution Design

So, this prototype solution leverages a number of assets in the cloud:

• PowerShell Runbook in Azure to get a SharePoint site’s list of allowed domains
• Power Automate Flow to gather all Teams’ group information, along with the allow-domain list for them, and store it in a Dataverse table
• A Power Automate Flow to invite a specific email address into the Team as a guest
• A Power App that’s added into a Team to wrap all the above together to allow people in the team to invite a user in as a guest

So, as my DM would say at the beginning of each session of ‘Old Man’s D&D’: “What do you want to do?” Well, let’s start with our Azure PowerShell Runbook.