How to Manage Guest Accounts in Other Tenants from Microsoft Teams

Posted on by Tony Redmond

Decluttering Your Set of Guest Accounts

Originally published as MC300029 and then again as MC302456 (December 8, Microsoft 365 roadmap item 88430), Microsoft is making it easier for people to manage the guest memberships they have in other organizations (Microsoft 365 tenants) through Teams. Until now, leaving an organization must be initiated from Azure AD’s My Organizations page. However, many users don’t know about this page or how to go about reviewing and removing unwanted memberships in other organizations. The net result is that the organization drop-down menu in Teams can become very cluttered.

Changes

The changes due to be rolled out by late December allow users to:

  • Decline invitations in the Teams desktop and browser clients.
  • Leave an organization from the Teams desktop and browser clients.
  • Hide organizations they don’t want to access often to unclutter the organizations listed by the Teams clients (and unhide or show those organizations again if needed).

Let’s examine each change in more detail.

Nope, I Don’t Want to Join

When a user is added as a guest in a team (or Outlook group) for the first time in an organization, Azure B2B Collaboration (aka Microsoft Invitations) generates the guest account and adds it to the team membership. However, the guest account only becomes active after its owner redeems the invitation to join the organization.

The change made in Teams allows people to decline an inbound invitation to become a guest in another organization using the Decline option from the […] menu in Manage Accounts (Figure 1).

Using Teams to decline an invitation to join another organization as a guest
Figure 1: Using Teams to decline an invitation to join another organization as a guest

Declining an invitation removes the inviting tenant from the list shown to the user in the Teams menu bar. The person who extended the invitation can add the user as a guest to a team or group if they wish to regenerate the invitation.

Leaving You is Bittersweet

The Teams user interface for leaving an organization (Figure 2) brings you to the My organizations page and the process of leaving a tenant follows the same steps as outlined here. Even so, it’s still goodness to make the process more accessible and easier for users.

The Teams option to leave another organization
Figure 2: The Teams option to leave another organization

Once the user reaches the My Organizations page, they can select the organization to leave (not necessarily the one chosen in Teams). After signing the user into the target organization, Azure AD removes the guest account and returns them to their home organization. Azure B2B Collaboration generates email (Figure 3) to let the user know that they’ve left successfully and to remind them that information they created in the organization they’ve just left remains under the control of that organization. The logo in the message is the result of customizing the organization’s Azure AD sign in screens.

Figure 3: The last sight of an organization you’ve just left

In practical terms, the important point here is to remove anything you want from Teams (including documents posted to SharePoint Online) before departing. Remember, removing a guest account from an organization also breaks any sharing links to SharePoint Online and OneDrive for Business data which use the guest account.

Some organizations proactively search for and remove obsolete guest accounts. When this happens, users don’t have to worry about their guest accounts because the host organization deletes them.

Stay Hidden

Sometimes leaving another tenant by removing a guest account is a step too far. You might want to retain access to the organization, even if you only use it intermittently and not as part of your day-to-day activities. If you look at Figure 2, you see the option to Hide an organization. This keeps your guest account intact while removing the organization from the list shown by Teams to allow the user to switch between tenants. If you’re hiding an organization, it’s often a good idea to mute notifications from that organization too.

If the user wants to add an organization back to the tenant list, they can use the Manage account option in Teams settings to unhide (show) a tenant.

Some Relief in Teams Connect

The advent of shared channels in Teams (due in early 2022) will remove the need to use guest accounts to access Teams information in other organizations because it uses a technology called Teams Connect instead of Azure B2B Collaboration. The big difference is that those who access shared channels in another tenant use their own identities (authentication against Azure AD in their home tenant) instead of guest accounts in the host tenant. However, guest accounts will continue to support access to Teams regular and private channels and sharing links created by SharePoint Online and OneDrive for Business.

Learn more about how Office 365 really works on an ongoing basis by subscribing to the Office 365 for IT Pros eBook. Our monthly updates keep subscribers informed about what’s important across the Office 365 ecosystem.

3 Replies to “How to Manage Guest Accounts in Other Tenants from Microsoft Teams”

  1. Pingback: [m365weekly] #59 - M365 Weekly Newsletter
  2. Pingback: Five Practical Actions to Control Guest Accounts for Microsoft Teams
  3. Pingback: Why It's a Good Idea to Review and Remove Inactive Azure AD Guest Accounts Annually

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.