🎉 Our Microsoft 365 Reporting & Management Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Microsoft Teams

How to Find Guest Users in Microsoft Teams Private Channels

Private channels in Microsoft Teams are created to share sensitive information with a limited set of team members. External users are often added to these channels for project-based collaboration, vendor coordination, client reviews, or short-term partnerships. However, without proper oversight, they may retain access even after the project ends, which raises the risks of data leaks and unauthorized access. This guide shows how to identify external users in Teams private channels to enforce secure access controls.

Solution 1
Solution 2
Solution 3
Solution 4
Important Tips
Errors and Resolution Steps
FAQs

Identify Guest Users in Private Channels Using Teams Admin Center

Microsoft 365 Permission Required
Teams Administrator Least Privilege
Global Administrator Most Privilege
  • Log in to the Microsoft Teams admin center.
  • Navigate to Teams»Manage teams and select the desired team you want to inspect.
  • Next, switch to the Channels tab and apply the filter by setting Type = Private to view all private channels for that specific team.
  • Select a specific private channel from the filtered list to find the guest users labeled with “Guest” under the Role column.
Identify Guest Users in Private Channels Using Teams Admin Center
  • Note: Microsoft Teams admin center allows you to view guest users only for a specific private channel at a time, which can be inefficient when reporting multiple channels.

Get All External Members in Teams Private Channel Using PowerShell

Microsoft 365 Permission Required
Teams Administrator Least Privilege
Global Administrator Most Privilege
  • Connect to the Microsoft Teams PowerShell module using the cmdlet below.
  • Windows PowerShell Windows PowerShell 
     Connect-MicrosoftTeams
  • Execute the PowerShell snippet below to list all external members in Microsoft Teams private channels.
  • Windows PowerShell Windows PowerShell 
     $results = Get-Team | ForEach-Object {
    $team = $_
    Get-TeamChannel -GroupId $team.GroupId | Where-Object MembershipType -eq "Private" | ForEach-Object {
        $channel = $_
        Get-TeamChannelUser -GroupId $team.GroupId -DisplayName $channel.DisplayName | Where-Object Role -eq "Guest" | ForEach-Object {
            [PSCustomObject]@{
                TeamName    = $team.DisplayName
                ChannelName = $channel.DisplayName
                GuestUser   = $_.User  # Shows the guest user's UPN
                Role        = $_.Role }}}}
$results | Format-Table -AutoSize
Get All External Members in Teams Private Channel Using PowerShell
  • The execution of the snippet displays the guest users from all private channels in Microsoft Teams with details, such as team name, channel name, guest user’s UPN, and Role.

List Guest Users in Teams Private Channels Using PowerShell Script

Microsoft 365 Permission Required
Teams Administrator Least Privilege
Global Administrator Most Privilege
  • Although cmdlets like Get-Team, Get-TeamChannel, and Get-TeamChannelUser provide some insights, they do not support comprehensive reporting with detailed data.
  • To overcome this, we have developed a PowerShell script that exports all external members of Microsoft Teams private channels.
  • The report includes details, such as team name, channel name, membership type, external member name, external member email, and external member ID.
  • Download and run the script as shown below to generate a report of Teams private channels with guest users.
  • Windows PowerShell Windows PowerShell 
     .\FindTeamsChannelsWithExternalMembers.ps1 -ChannelType Private
List Guest Users in Teams Private Channels Using PowerShell Script
FindTeamsChannelsWithExternalMembers.ps1
AdminDroid Teams Reporting

Enhance Visibility into External Collaboration in Teams Private Channels with AdminDroid!

AdminDroid’s Microsoft Teams reporting tool provides detailed insights on guest users across private, shared, and public channels, with their activities, member counts, and more. These insights help to ensure better governance, improve security, and simplify guest user management in Microsoft Teams.

Review Private Channel Memberships to Avoid Silent External Access Risks

Track all private channel members including internal and external users to remove unnecessary access for inactive members in Teams.

Track Guests Added in Teams Private Channels to Safeguard Collaboration Boundaries

Identify guest users added in private channels to ensure external access is granted only for authorized external users in desired channels.

Audit External User Activities in Private Channels to Strengthen Access Oversight

Track external user activities in private channels such as file uploads, link sharing, message edits, and more to maintain data security and compliance.

Analyze Private Channels for Risky Guest Access with Teams 360° Visibility

Leverage the Teams 360° visibility dashboard to explore guest interactions across Teams private channels, their activity trends, and more to improve oversight of external collaboration.

Visualize External Access in Private Channels with Teams Channel Statistics Dashboards

Utilize the Teams channel statistics dashboard to identify ownerless private channels, empty private channels, and those with guest access to improve guest user management.

Monitor Messages Sent by Guest Users in Private Channels for Suspicious Activity

Review messages sent by guest users in private channels with advanced filters to detect unusual message activity and flag channels for investigation.

Overall, AdminDroid’s Microsoft Teams management tool empowers IT admins with deep visibility into external members in Teams private channels, their meeting activities, membership changes, and more. These insights support more secure and controlled collaboration in Microsoft Teams.

Explore a full range of reporting options
Download Live Demo

Important tips

Configure Teams guest access settings to control what external users can do in private channels and protect sensitive Microsoft 365 data.

Set up access reviews in Teams private channels to regularly remove inactive external members, thereby reducing security risks and ensuring controlled access.

Remove a guest from a Team only after checking their private channel access, because removing them will take away their access to all Team channels.

Common Errors and Resolution Steps

Below are common errors and troubleshooting steps that may occur while identifying guest users in the Microsoft Teams private channels.

Error The term 'Connect-MicrosoftTeams' is not recognized as the name of a cmdlet, function, script file, or operable program.

This error occurs when the required Microsoft Teams module is not installed or cannot be found on your system.

Fix Execute the PowerShell cmdlet below to install the Microsoft Teams module. 
Install-Module -Name MicrosoftTeams

Error You must call the Connect-MicrosoftTeams cmdlet before calling any other cmdlets.

This error occurs while executing the Get-Team cmdlet without connecting to the Microsoft Teams PowerShell module.

Fix Make sure you have connected to the Teams PowerShell module by using the cmdlet below. 
Connect-MicrosoftTeams

Error No threadId found for the TeamId <TeamId>.

This error occurs when the “Get-TeamChannelUser” cmdlet is executed with an incorrect GroupId in Microsoft Teams PowerShell.

Fix Verify that the entered GroupId is correct and that the team exists in your organization using the cmdlet below. 
Get-Team

Error Get-TeamChannelUser: Channel not found.

This error occurs while executing the Get-TeamChannelUser cmdlet with a channel name that doesn’t exist in Microsoft Teams PowerShell.

Fix Verify the channel name by retrieving all channels in the team by the cmdlet below. 
$Team = Get-Team -DisplayName <TeamName> 
$GroupId = $Team.GroupId   
Get-TeamAllChannel -GroupId $GroupId
Microsoft Teams
Frequently Asked Questions

Manage External User Activity in Teams Private Channels for Secured Collaboration

How to find all private channels where a specific external user is a member?
Which actions can guest users perform within Teams private channels?
What are the risks of adding guest users to Teams Private Channels?
How to get the external user message activities in the Teams private channels?

1. How to find all private channels where a specific external user is a member?

Admins or authorized users often invite guest users like vendors, partners, or clients to Teams for temporary collaboration. As guests are added to multiple private channels, it's crucial to track them for off‑boarding or compliance audits.

Manually reviewing each private channel in the Teams admin center is time-consuming and inefficient. Therefore, Microsoft Graph PowerShell is used to quickly identify all Teams private channels where a specific external user is a member to support timely access reviews.

Find all private channels where a specific guest user is a member using PowerShell

  • Connect to the Microsoft Teams PowerShell module using the cmdlet below.
    Connect-MicrosoftTeams
  • Ensure to replace the <GuestUPN> with the respective guest UPN before executing the cmdlet.
    $GuestUPN= "<GuestUPN>"
    $result = @(); Get-Team | ForEach-Object {
        $team = $_; Get-TeamChannel -GroupId $team.GroupId | Where-Object { $_.MembershipType -eq 'Private' } | ForEach-Object {
            try { $channel = $_; $users = Get-TeamChannelUser -GroupId $team.GroupId -DisplayName $channel.DisplayName
                $match = $users | Where-Object { $_.User -eq $GuestUPN -and $_.Role -eq 'Guest' }
                if ($match) { $result += [PSCustomObject]@{ TeamName = $team.DisplayName; ChannelName = $channel.DisplayName; MemberName = $match.Name; MemberEmail = $match.User } } }
            catch { Write-Warning "Could not get users for $($channel.DisplayName) in $($team.DisplayName): $_" }}};
     $result | Format-Table -AutoSize
  • This report includes key details, such as team name, channel name, member name, and member email.
find-specific-guest-in-all-private-channels

Gain insights into Teams private channels where a specific guest user is a member in just a few clicks with AdminDroid!

In AdminDroid’s guest members in private channels report, you can apply the Member Name filter to view all the private channels a specific guest is part of. This saves valuable admin time by eliminating the need for PowerShell and its complex scripts.

private-channels-with-specific-guest-using-droid

2. Which actions can guest users perform within Teams private channels?

Imagine you own a team with external members and need to share a sensitive file with only them and a few internal members. If these files are shared in standard channels, all team members can view them, which increases the risk of exposure. To prevent this, you can create a private channel and add only the required external and internal members to that channel.

But before proceeding, it’s crucial to understand what guest users can and cannot do within these channels. Below is an overview of guest user capabilities in Teams private channels to help you manage access effectively.

guest-actions-in-private-channels

By understanding the above guest actions, admins can effectively manage guest access in Teams private channels. This approach helps to reduce unauthorized access and ensures proper permission management.

3. What are the risks of adding guest users to Teams Private Channels?

In certain instances, guest users may be added to private channels without complete visibility. This can inadvertently expose confidential information to external organizations and elevate the risk of data breaches.

To maintain secure collaboration, it's important for admins to stay informed about the potential risks associated with guest access in private channels and apply appropriate controls to reduce exposure.

  • Persistent access after project completion: After a project ends, guest users often continue to have access to private channels due to unclear ownership and skipped access reviews. This prolonged access can expose sensitive information unnecessarily and increase security risks.
  • Inconsistent access management: When team owners add guest users without notifying admins or security teams, admins may not know which channels have external members. This lack of consideration makes it difficult to enforce security policies, review permissions, and maintain accurate records.
  • Compliance and audit challenges: Admins need to check each private channel site individually, as there is no way to view guest activity across Teams through a centralized view. This fragmented structure complicates auditing and makes it harder to meet compliance requirements.
  • Guest access vulnerabilities via apps and bots: Guest users interacting with apps and bots in Teams may unknowingly trigger automated workflows or access internal business functions. Without proper restrictions, these interactions can lead to unauthorized actions or unintentional data exposure.
  • Meeting access risks: Guest users may retain access to chats, files, and recordings from recurring meetings even after their role ends. This prolonged access can lead to unauthorized participation, data leakage, and compliance issues.

Guest access in private Teams channels can introduce serious risks if not properly managed. Admins should maintain clear oversight, conduct regular reviews, and enforce controls to enhance guest user management in Microsoft Teams to safeguard sensitive information and ensure compliance.

4. How to get the external user message activities in the Teams private channels?

Imagine an external consultant actively posting updates in a Teams private channel during a critical project. Weeks later, key messages appear to be missing. This poses a challenge, as the Teams admin center does not provide visibility into message edits or deletions.

This lack of traceability affects investigations and causes compliance risks. To resolve this, admins can use PowerShell to audit guest message activities within private channels.

Audit external user message activities in private channels using PowerShell

  • Connect to the Exchange Online PowerShell module using the cmdlet below.
    Connect-ExchangeOnline
  • Execute the snippet below to get the audit data on messages of external users in all Teams private channels.
    $start = (Get-Date).AddDays(-<days>)
$end   = Get-Date
$auditEvents = Search-UnifiedAuditLog -StartDate $start -EndDate $end -RecordType MicrosoftTeams -Operations MessageSent, MessageUpdated, MessageDeletedNotification -ResultSize 5000 -SessionCommand ReturnLargeSet
$filtered = $auditEvents | ForEach-Object {
    $data = $_.AuditData | ConvertFrom-Json
    if ($data.ChannelType -eq "Private" -and $data.UserId -like "*#EXT#*") {
        [PSCustomObject]@{
            Timestamp = $data.CreationTime
            GuestUPN  = $data.UserId
            Operation = $data.Operation
            Team      = $data.TeamName
            Channel   = $data.ChannelName}}}
$filtered | Sort-Object Timestamp | Format-Table -AutoSize
  • You can audit guest user messages in Teams private channels for up to 180 days using PowerShell. Replace <days> with 30, 60, or 180 to retrieve audit data that includes timestamp, UPN, operation, team name, and channel name.
audit-guest-messages-in-private-channels-via-powershell

To go beyond the 180-day limit or avoid writing scripts, AdminDroid provides a seamless solution.

Effortlessly track external user message activity in Teams private channels with AdminDroid and stay ahead of security risks!

  • In AdminDroid’s message related activities report, you can apply channel type and user type filters to track guest communication in Teams private channels. This helps detect potential risks and ensures secure collaboration.
  • This report includes key details such as channel name, team name, message content, sender’s email, timestamp, and more.
audit-private-channels-messages-using-droid

Handy tip: Utilize the Alert(🔔) option available in the report to receive regular alerts via email when users post messages, send messages with URLs, or update messages multiple times within a specified time.

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Microsoft Teams
How to Find Guest Users in Microsoft Teams Private Channels
Microsoft Teams Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo