Microsoft Teams – List all external team members with team owners and team name – Part 1

Enabling External Collaboration

With the introduction of new collaboration tools such as Microsoft teams, administrators and technology teams begin to face new challenges.

One of the challenges that i faced recently is finding the balance between giving our end users an open experience with Microsoft Teams, while reducing the administrative overhead that comes along with this responsibility.

The aim was to move away from the process that “Every external users access should be requested for individually through the helpdesk”. And rather create a more streamlined, self-service approach.

This was achieved by enabling non-admin members of our tenant the ability to invite guests to collaborate on resources secured by our Azure AD, such as SharePoint sites, Microsoft Teams or Azure resources.

If you are looking for guidelines on how you should govern teams in your organisation take a look at my post on Microsoft Teams Governance!

Validating Microsoft Teams External Users

By enabling non-admin users unimpeded access to invite guests to collaborate on resources, we no longer had a way to filter these resources or to gather information on;

• Who they where
• Where they came from
• Why do they require access
• How long did they need access for

This information which was previously captured as part of a helpdesk ticket, was simply no longer there, and so the question was, how do we move forward with this.

The answer: Microsoft Teams Powershell Cmdlet

The script

Upon coming across the Microsoft Teams Powershell Cmdlet i set out to see if i could find a way to piece together my requirements using what was available to me. The end result is a script which does the below.

1. Connects to Microsoft Teams
   
2. Get all teams and pass them to $Teams
   
3. For each team in $Teams
4. Get the groupid and pass it to $GroupID
5. Get Team Users “name” who have a role of “Guest” and pass it to $TeamGuests
6. Get Team Users “name” who have a role of “Owner” and pass it to $Owner
   
7. For each Guest in $TeamGuests
8. Get-Team where groupid is from $GroupID, Select the groupid, displayname, teamowner, guest.
   
9. Formats the output into a list, Makes sure output is unique and outputs the file to the location of your choice.

##Cleaninguptheteamscloset##
#1. Connect to Microsoft Teams
Connect-MicrosoftTeams
# 2. Get all teams and pass them to $Teams
$Teams = Get-team

# 3. For each team in $Teams
# 4. Get the groupid and pass it to $GroupID
# 5. Get Team Users "name" who have a role of "Guest" and pass it to $TeamGuests
# 6. Get Team Users "name" who have a role of "Owner" and pass it to $Owner
$Teams | ForEach-Object{
    $GroupID = $_.GroupID
    
     $global:TeamGuests = Get-TeamUser -GroupId $GroupID -Role Guest | select name
     $global:Owner = Get-TeamUser -GroupId $GroupID -Role Owner | select name
# 7. For each Guest in $TeamGuests
# 8. Get-Team where groupid is from $GroupID, Select the groupid, displayname, teamowner, guest.
        $TeamGuests | ForEach-Object {
        Get-Team -GroupId $GroupID | select Groupid, Displayname,@{ Name = 'TeamOwner'; Expression = {$global:Owner}}, @{Name = 'TeamGuestUser'; Expression = {$global:TeamGuests}}
# 9. Formats the output into a list, Makes sure output is unique and outputs the file to the location of your choice.
        ## Please Ensure you change the output location to a location of your choice ##
       
        } | fl | Get-Unique | Out-File -Append C:\Temp\PowershellExtracts\TeamGuestUsers.txt

}

In part two of this post i will be aiming to add an automated way of emailing all the Teams Owners with their respective External Team Members and advising them to “clear out users who no longer require access”.

I hope that this post serves useful.

If you have any questions or suggestions on how i can improve my post, code, or anything else, please don’t hesitate to comment below!

Thank you for reading.

Click here for Part 2