Automating the Provisioning of Selective Teams with Guest Access: Introduction

Add members to team external

Series Contents

  • Introduction (you are here)
  • History & Background
  • Part 1: Application Authentication — Azure AD Application Registrations
  • Part 2: Request Storage — SharePoint
  • Part 3: Request Process Automation — Microsoft Power Automate & Microsoft Graph
  • Part 4: Enhanced User Interface — Power Apps
  • Part 5: Next Steps — Security


Everyday, people are exploring and embracing new ways to work in Microsoft Teams. The chat-based hub for teamwork is transforming projects, meetings and processes — it’s available for everyone on devices they love. Modern teamwork involves people within and across disparate organizations, requiring that information is securely shared with all stakeholders. Teams provides native guest access capabilities to address these needs.

Teams guest access can be enabled or disabled for an organization — the setting is disabled by default and applies across the organization’s tenant. But how does an organization enable the feature only for select, authorized teams? And once enabled, how does an organization protect it’s information while being shared with guests? The answers to these questions require a deeper understanding of Teams architecture and Microsoft 365 security and compliance capabilities.

The information in this series of posts was gathered by myself and Bruce Weaver (Teams Sr. Technical Specialist) based upon the large number of customers we’ve had ask about this specific scenario. This conversation has been done so many times that it was high time we created a series of blog posts out of them. In this series of posts, we identify the specific controls needed to support guest access on a per-Team basis. We also demonstrate how to implement these controls into an automated Teams provisioning process that streamlines service-desk operations while ensuring only authorized Teams can work with guests. After this we discuss the next steps to secure the information that you are allowing guests to work with.

But before that, let’s talk about the genesis of this challenge, and that requires a little history lesson and background. If you want to skip this part, you can proceed to Part 1. Else, read on!

About the Author:

Michael Mukalian is the Modern Workplace Technical Architect at the Microsoft Technology Center in Philadelphia (Malvern), PA. covering Office 365. He is co-owner of the Tri-State Office 365 User Group (, was a contributing author on the SharePoint 2010 Administrator’s Pocket Consultant, speaks at a number of SharePoint Saturdays and Code Camps around the country and was awarded Microsoft’s MVP award in CY2010 for SharePoint Services. With over 25 years of IT experience and certifications in SharePoint and Office 365, Michael has architected and developed solutions for enterprises of all sizes.


Mukalian, M. (2019). Automating the Provisioning of Selective Teams with Guest Access: Introduction. Available at: [Accessed: 18th February 2020].

Share this on...

Rate this Post: