Allowing External Users to Collaborate in Microsoft Teams Using Guest Access
Question
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
Your company has a Microsoft 365 subscription.
You plan to configure the environment to allow external users to collaborate in Microsoft Teams by using guest access.
The company implements a new security policy that has the following requirements: -> Only guest users from specific domains must be allowed to connect to collaborate by using Microsoft Teams.
-> Guest users must be prevented from inviting other guests.
You need to recommend a solution to meet the security policy requirements.
Solution: From PowerShell, you run the New-AzureADPolicy and Set-AzureADPolicy cmdlets.
Does this meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.B.
No, the proposed solution does not meet the stated security policy requirements.
The New-AzureADPolicy and Set-AzureADPolicy cmdlets are used to create and manage policies in Azure Active Directory (AD), which can be used to control user behavior and access to various resources. However, these cmdlets alone cannot provide the specific controls required by the security policy.
To meet the policy requirements, you need to configure guest access settings for Teams. This can be done by using the Microsoft Teams admin center or PowerShell.
In the Microsoft Teams admin center, you can configure guest access settings by going to the "Org-wide settings" page, selecting "Guest access", and then specifying the domains that are allowed to collaborate in Teams. You can also disable the "Allow guest users to invite" setting to prevent guests from inviting other guests.
Alternatively, you can use PowerShell to configure these settings by running the Set-CsTeamsCollaborationPolicy cmdlet. For example, you can run the following command to restrict guest access to specific domains:
Set-CsTeamsCollaborationPolicy -Identity Global -RestrictedAllowListDomains "contoso.com","fabrikam.com"
You can also run the following command to disable guest users from inviting other guests:
Set-CsTeamsCollaborationPolicy -Identity Global -AllowGuestUserToInvite $false
Therefore, the correct solution would involve configuring guest access settings for Teams, not using the AzureADPolicy cmdlets.
