Nextplane, Inc.
  • Solutions
    • Platforms
      • Microsoft Teams
      • Slack
      • Cisco Webex
    • Services
      • Team Collaboration Connectivity
      • Open Channels
      • Unified Presence for Microsoft Teams
      • Unified Presence for Zoom
      • Internal Collaboration
      • External Collaboration
      • Guest Account Sprawl Management
      • Collaboration Score
  • How It Works
  • Customers
  • Pricing
  • Blog
  • Company
    • Resources
    • News Room
    • Support
    • Status
    • Contact us
  • Login
  • Request a demo
Site Search
BLOG
Melissa Abramson
AUTHOR: Melissa Abramson
Jul 8, 2019 - 6 min read
Twitter
Tweet
LinkedIn
Share
security

Microsoft Teams External Collaboration Options – Guest Accounts vs. Direct Federation

In order for collaboration to truly flourish, platforms need to reach beyond the boundaries of your organization and allow for open collaboration with partners and customers. Unfortunately, those customers and partners might use different team collaboration solutions or they might still use a legacy Unified Communications platform.

You may think that even if there are multiple collaboration platforms within the enterprise, your teams and workers can still communicate across different platforms. Many of the new team collaboration platforms like Microsoft Teams or Slack include guest access, allowing anyone to invite an outside user (outside of a team or an organization) to join the platform and collaborate via chat, join channels, share files, etc. 

While these platforms provide some options for connectivity, they are not truly open. And there are limitations, cost considerations and security risks in the current form of interoperability that these platforms provide.

For Microsoft Teams users, Microsoft includes Guest Access, which enables inter-company (outside your organization) collaboration via chat or channels for external partners, customers, suppliers, etc. This means your users can invite ANY external user with a business or consumer email account, such as Gmail, to participate as a guest in Microsoft Teams with full access to team chats, meetings, and files. Though this sounds like an easy way to provide external access to your organization, there are limitations and additional support that IT should be aware of in order to maintain security and control while preventing cost overruns. Below are a few to keep in mind:

User Authorization and Authentication

First and foremost, MS Teams guest accounts require corresponding Azure AD accounts. This means when your users invite their external colleagues to collaborate using an MS Teams guest account, their external colleagues have to create and maintain Azure AD accounts. 

However, it’s nearly impossible for you to control whether these external Azure AD accounts have strong security measures like password complexity, password expiration, and Two-Factor Authentication (2FA). Microsoft became aware of these security concerns, and as a result, decoupled guest accounts’ authorization from authentication. Authentication will be managed by the external users, which you cannot control, but the authorization can be controlled by your organization.

Given today’s landscape, hackers can wreak havoc on weak guest accounts and gain access to unsuspecting end-users. Increasingly, IT departments view guest access as an unmitigated risk to their infrastructure.

Once the guest accounts are granted, as the MS Teams admin you need to manage them. However, since these users belong to other companies you cannot disable their guest accounts when they leave their organization. This can create additional security and access control headaches.

End-User Support

A lack of end-user support is another issue that comes up with guest accounts. For example, if your partners decide to block domains on the Microsoft O365 service, their end users cannot accept and use guest accounts to collaborate with workers within your company. In such a scenario, troubleshooting why guest accounts aren’t working is impossible and will create unnecessary support escalations as your end-users become frustrated when they can’t work with their colleagues. 

Licensing Limitations and Costs

The number of guest accounts a company can extend is limited. For instance, Microsoft only allows five guest accounts per paid Azure AD license. In other words, a company with 1,000 Microsoft licenses can only send out 5,000 guest account invitations. 

Further complicating the issue is that Microsoft guest accounts invites are not limited to MS Teams, but can be sent out for other Microsoft services such as sharing files on One Drive and SharePoint. Moreover, there is no limitation or control on how many guest account invites a user can send, as long as your company stays within its overall limit. So invitations can begin to pile up. If any one user or team goes beyond a company’s limit, this prevents everyone from sending out guest account invites.

Direct Federation

As an alternative to guest access, Microsoft also offers a limited form of Direct Federation. The main difference between guest access and the direct federation is that direct federation only provides presence and one-to-one chat sessions. With guest access, you can grant permissions for external users to participate in channels, share files and access your corporate resources, such as One Drive. 

Direct federation is a more secure way for collaboration with external parties. Unlike guest accounts, you can be sure the external user is on a managed UC or collaboration platform and that they don’t have access to any of your corporate resources. On the other hand, it offers limited capabilities. Below is a detailed comparison of both options. 

Table 1 – Feature comparison of Guest and Microsoft Direct Federation (source: Technet)

FeatureMS Direct FederationGuest Accounts
ChatYesYes
PresenceYesYes
Voice CallYesYes
Search for users across external tenantsYesNo
Share FilesNoYes
Access to Teams resourcesNoYes
Channels and Group
Chat
NoYes
MeetingYesYes
Additional users can
be added to a chat
with an external user
NoN/A
User is identified as an external partyYesYes
Out of office message
is shown
NoYes
Blocking individual
users
NoYes
@mentions are
supported
NoYes

While guest accounts seem like the best option to enable B2B communication between enterprises, it is important to remember that once your organization provides guest access to external users, situations could arise where these guest accounts expose your organization to security risks. 

Since guest accounts are normally connected to Azure AD accounts (B2B federation), when your users invite someone, you take a security risk as it is unclear that the Azure AD account with which the guest account is connected effectively managed or not.

A Different Alternative

We believe that inter-company communication should be controlled as much as possible with both organizations participating in full control of their users. 

Inter-company collaboration and communication should be seamless and secure. Enterprises should always be able to use their preferred Unified Communications or Team Collaboration tool to maintain control over all communication and collaboration. To eliminate security, support and cost issues, we recommend using a unique API based integration which provides federation capabilities between managed platforms, so the stakeholders of the organizations can be sure that communication to other parties is only done with their explicit consent.

March 24, 2021
A Look at the Key Microsoft Teams Presence Updates from 2020

Presence indicates the user’s current availability and status to other users. By default, anyone in your organization using Teams can see (in nearly real-time) if other users are available online. As a result, presence in significant ways influences collaboration and organizational productivity.  Research finds that 47% of UC users see a moderate to a significant

» CONTINUE READING
January 25, 2021
A backdoor into your network: how to mitigate the risks of team collaboration guest accounts

Team collaboration tools are taking the world by storm. Platforms including Microsoft Teams, Cisco WebEx Teams, and Slack offer a breadth of functionality and user-friendly experiences that have hooked corporate workers. Employers also love them because the staff is happy and productive, driving a host of business benefits. According to Nemertes Research, nearly 70% of

» CONTINUE READING
December 11, 2020
Team collaboration: the hidden and not-so-hidden costs of guest accounts

Team collaboration tools are changing the world of work. Especially since pandemic lockdowns, they have opened the door to enhanced productivity and communication with partners and customers. In a world where digital has become the new normal, these tools are fast-becoming mission critical. However, there are hidden challenges to embracing this new way of working. When internal and external users don’t share

» CONTINUE READING
December 3, 2020
What team collaboration tools need to be a true email killer

Over the past couple of years, team collaboration applications such as Slack have started to radically change the way organizations work. With the advent of the pandemic, their foothold in the enterprise has now grown significantly, and those changes are set to be permanent. But what of the often-repeated claims that these new cloud-based platforms will shortly signal the death

» CONTINUE READING
November 23, 2020
Using Microsoft Teams Safely and Securely in Your Company

If you look closely at how modern professionals go about their daily tasks nowadays compared to just 10 years ago, it’s clear to see just how much has changed.  Originally, working together on a project meant that everyone was doing so in the same room. Thanks to technology, a shared physical workspace is no longer

» CONTINUE READING
November 16, 2020
Microsoft Teams FOMO: Switching Teams and Guest Access

In 2017, Microsoft introduced Microsoft Teams at Ignite. Microsoft Teams is a team collaboration platform, which brings together everything a team needs to collaborate: chat and threaded conversations, meetings & video conferencing, content collaboration with the power of Microsoft 365 applications, and the ability to create and integrate apps and workflows.   Today Microsoft Teams is

» CONTINUE READING
October 29, 2020
OpenChoice Channels for Slack: Frequently Asked Questions

Business agility has always been necessary, but the financial and work from home challenges induced by the pandemic makes it more essential than ever before. According to McKinsey, successful agile business transformation can boost customer satisfaction, increase employee engagement and improve operational performance—and potentially deliver a 20% to 30% uptick in financial performance. Achieving these goals

» CONTINUE READING
September 10, 2020
Microsoft Teams vs. Zoom: Which One is Better?

As the demand for remote and mobile work increases, the need for effective collaboration is growing, too. Whether you want to enjoy a virtual happy hour with friends or host a business meeting with colleagues, Microsoft Teams and Zoom are two popular options that can make either scenario a reality. Microsoft Teams is an all-in-one

» CONTINUE READING
September 8, 2020
Mattermost vs. Slack: Detailed Comparison 2020

Without teamwork, your business (quite literally) cannot work. Whether you manage a workforce that’s onsite, remote, or a combination of the two, effective collaboration is often what will influence the outcome of your company’s initiatives. If you want to see positive results faster, adopting information sharing technologies in an online environment can help streamline the

» CONTINUE READING

CURIOUS TO LEARN MORE ABOUT NEXTPLANE'S SERVICES?

We’re with you every step of the way with customer success and professional training teams, and 24/7 customer support.

    • Services
    • Customers
    • Company
    • Security
    • Privacy
    • Status
    • Blog
    • Solutions
      • Solutions
      • Platforms
        • Platforms
        • Microsoft Teams
        • Slack
        • Cisco Webex
      • Services
        • Services
        • Team Collaboration Connectivity
        • Open Channels
        • Unified Presence for Microsoft Teams
        • Unified Presence for Zoom
        • Internal Collaboration
        • External Collaboration
        • Guest Account Sprawl Management
        • Collaboration Score
    • How It Works
    • Customers
    • Pricing
    • Blog
    • Company
      • Company
      • Resources
      • News Room
      • Support
      • Status
      • Contact us
    • Login
    • Request a demo