Teams: the difference between remote and guest access

As organizations start to adopt Microsoft Teams, something that users and remote workers are consistently running into is how to take advantage of guest access AND remote access. You might be thinking, “Why emphasize the AND’? Are they not the same? The short answer: no, they aren’t. The purpose of this Blog is to explain the differences between guest access and remote access and then break down the layers of external sharing in Microsoft Teams. Let’s start!

Guest Access vs. Remote Access

Before we can explain what the differences are, we must first define exactly what each means. Next, we break down the nuances of what separates the two.

Determining who a “guest” is

Microsoft defines guest access as allowing users to “add individual users from outside your organization to your teams and channels in Microsoft Teams.” In other words, people outside your organization can access existing teams and channels in teams.

Overview guest access teams

Use guest access to add an individual user (regardless of domain) to a team, where they can chat, call, meet, and collaborate on organizational files (stored in SharePoint or OneDrive for Business), using Microsoft 365 or Office 365 apps like Word, Excel or PowerPoint. A guest user can get almost the same Teams capabilities as a native team member. For more information, read Guest access in Teams.

Guests are added to your organization’s Active Directory.
To communicate with a guest, the guest must be signed in to Teams with their guest account. This means that a guest may need to sign out of their own Teams account to sign in to your Teams account, or switch organizations if they’re the same account.
Guest users have access to more resources in Teams – such as files, teams, and channels – than external (federated) users.
The Teams admin controls everything a guest can or cannot do in the Teams admin center. Read Manage guest access for more information.

Guest Accessibility

Fortunately, anyone with an email address can get guest access and access team chats, meetings, and files they’ve been invited to. If you’re an admin, you can prevent guests from having full access to your organization’s Teams tenant; luckily, and you can configure the settings to your liking (see below).

It’s also important to note that guest access is tied to an organization’s Azure AD, Office 365, or Microsoft 365 service limit.

Overview remote access teams

Define remote access

Remote access is defined as “a way for Teams users from across a remote domain to use Teams to search for you, call, chat, and host meetings with you.” This means that if you work for Company A that uses Teams, and a colleague from Company B grants you remote access to their Teams tenant, you can seamlessly switch between the two within the Teams app to communicate with that colleague.

Use remote access (federation) when you need a solution that allows remote users in other domains to search, call, chat, and set up meetings with you. External users can’t access your organization’s teams or team resources. Choose remote access when you want to communicate with external users who are still on Skype for Business (online or on-premises) or Skype (coming early 2020).

Remote access is enabled by default in Teams, which means your organization can communicate with all external domains. The Teams admin can disable it or specify which domains to include (or exclude). Read Manage remote access for more information.

If you want external users to have access to teams and channels, guest access might be a better way.

Setup and Common Remote Access Scenarios

When it comes to setting up remote access, there are three settings to choose from: open federation, allow specific domains, and block specific domains. Open federation is the default in Teams and allows users to search, call, chat, and host meetings with anyone outside the organization.

With the ability to “allow” and “block” specific domains, organizations can dictate which external groups can access. If only a few key partners need it, using the ‘allow specific domains’ route would be the best option.

Some of the following scenarios are ideal times to set up remote access in your organization’s tenant:

People in your organization should contact specific companies outside the organization

• Let team users in your organization interact with S4B Online users with external organizations
• Enable team users to communicate with Skype users

Key Feature Comparisons: Guest Access vs. Remote Access

Now let’s break down some of the main similarities and differences between the two features:

Which access fits which scenario?

Before we get into which scenario fits which access, it’s important to mention that you can take advantage of both options! They are not mutually exclusive.

Whether you want to use guest access or remote access plays a role in determining the scope of your collaboration. If you want a way for external user domains to find you, call, chat, and set up meetings with you, remote access is the way to go.

If you want an individual user to have access to a team where they can chat, call, meet, and collaborate on company files stored in Teams SharePoint or OneDrive, guest access is the better option. The important thing to note for guest access is that a guest user can get almost all Teams capabilities as a native Team member unless otherwise set by the admin.

And there you have it! A breakdown of the feature comparison between guest and remote access and scenarios where you can and should use both for remote collaboration. If you have any questions or feedback, let us know in the comments section below!