Table of Contents
Decluttering Your Set of Guest Accounts
Originally published as MC300029 and then again as MC302456 (December 8, Microsoft 365 roadmap item 88430), Microsoft is making it easier for people to manage the guest memberships they have in other organizations (Microsoft 365 tenants) through Teams. Until now, leaving an organization must be initiated from Azure AD’s My Organizations page. However, many users don’t know about this page or how to go about reviewing and removing unwanted memberships in other organizations. The net result is that the organization drop-down menu in Teams can become very cluttered.
The changes due to be rolled out by late December allow users to:
- Decline invitations in the Teams desktop and browser clients.
- Leave an organization from the Teams desktop and browser clients.
- Hide organizations they don’t want to access often to unclutter the organizations listed by the Teams clients (and unhide or show those organizations again if needed).
Let’s examine each change in more detail.
Nope, I Don’t Want to Join
When a user is added as a guest in a team (or Outlook group) for the first time in an organization, Azure B2B Collaboration (aka Microsoft Invitations) generates the guest account and adds it to the team membership. However, the guest account only becomes active after its owner redeems the invitation to join the organization.
The change made in Teams allows people to decline an inbound invitation to become a guest in another organization using the Decline option from the […] menu in Manage Accounts (Figure 1).
Declining an invitation removes the inviting tenant from the list shown to the user in the Teams menu bar. The person who extended the invitation can add the user as a guest to a team or group if they wish to regenerate the invitation.
Leaving You is Bittersweet
The Teams user interface for leaving an organization (Figure 2) brings you to the My organizations page and the process of leaving a tenant follows the same steps as outlined here. Even so, it’s still goodness to make the process more accessible and easier for users.
Once the user reaches the My Organizations page, they can select the organization to leave (not necessarily the one chosen in Teams). After signing the user into the target organization, Azure AD removes the guest account and returns them to their home organization. Azure B2B Collaboration generates email (Figure 3) to let the user know that they’ve left successfully and to remind them that information they created in the organization they’ve just left remains under the control of that organization. The logo in the message is the result of customizing the organization’s Azure AD sign in screens.
In practical terms, the important point here is to remove anything you want from Teams (including documents posted to SharePoint Online) before departing. Remember, removing a guest account from an organization also breaks any sharing links to SharePoint Online and OneDrive for Business data which use the guest account.
Some organizations proactively search for and remove obsolete guest accounts. When this happens, users don’t have to worry about their guest accounts because the host organization deletes them.
Sometimes leaving another tenant by removing a guest account is a step too far. You might want to retain access to the organization, even if you only use it intermittently and not as part of your day-to-day activities. If you look at Figure 2, you see the option to Hide an organization. This keeps your guest account intact while removing the organization from the list shown by Teams to allow the user to switch between tenants. If you’re hiding an organization, it’s often a good idea to mute notifications from that organization too.
If the user wants to add an organization back to the tenant list, they can use the Manage account option in Teams settings to unhide (show) a tenant.
Some Relief in Teams Connect
The advent of shared channels in Teams (due in early 2022) will remove the need to use guest accounts to access Teams information in other organizations because it uses a technology called Teams Connect instead of Azure B2B Collaboration. The big difference is that those who access shared channels in another tenant use their own identities (authentication against Azure AD in their home tenant) instead of guest accounts in the host tenant. However, guest accounts will continue to support access to Teams regular and private channels and sharing links created by SharePoint Online and OneDrive for Business.
Learn more about how Office 365 really works on an ongoing basis by subscribing to the Office 365 for IT Pros eBook. Our monthly updates keep subscribers informed about what’s important across the Office 365 ecosystem.