Adding External Users to Microsoft Teams Shared Channels

Adding External Users to Microsoft Teams Shared Channels

As we all know, Microsoft Teams Connect (Shared Channels) is a breakthrough for organizations that wish to collaborate externally. 

A shared channel allows you to: 

  • Collaborate efficiently and effortlessly with members both inside and outside the organization. 
  • Have a secure and deliberate way for both parties to share files, meet, and review documents without switching tenants. 
  • Work with external partners in other Azure AD organizations in the same way you do with coworkers. 

To enable external collaboration, turning on B2B Direct Connect is required. Let’s dive deep to know how to enable external collaboration in Microsoft Teams. 

External Memberships in Microsoft Teams 

Firstly, let’s get to know what are all the ways of adding external users to a shared channel. 

External users can be added to a Shared Channel using the following two different ways i.e., as individuals or as a team.  

Share with people – This is where you can add both external users and anyone within the organization into a shared channel. Members who get added to a shared channel will receive a notification and will be able to access the channel instantly. 

Share with a team – Here, you can send an invite to the external user who is a team owner in their organization. The team owner will accept the invite on behalf of their team and they will be prompted to select a team that they own. The selected team will get access to the respective shared channel readily. 

Prerequisites for MS Teams External Collaboration  

There are two main criteria to establish external collaboration between organizations.  

In general, external user access settings must be turned on for external collaboration in Microsoft Teams. Since shared channels got rolled in public preview, it is a must to ensure whether the public preview is turned on.  

Step 1 – Verifying External User Access Configuration: 

To verify the external access settings, follow the steps given below. 

  • Open Teams Admin Center 
  • Navigate to Users –> External access 
  • Select Allow all external domains.   
  • You can also allow collaboration with specific external domains instead of all by selecting Allow only specific external domains

Step 2 – Enabling Microsoft Teams Public Preview: 

To verify the public preview features of Teams client, follow the below steps. By default, follow office preview permission is configured. 

  • Sign-in to Teams admin center. 
  • Navigate to Teams –> Teams Update Policies 
  • Check whether the Update Policy is in Follow Office Preview or Enabled state. 
  • If the setting is in ‘Not enabled’ state, the Teams Public Preview feature will not be available to the end users. 

Find the difference between ‘Follow Office Preview’ and ‘Enabled setting’ in Teams Update Policy below. 

Follow Office Preview – This is a default option that readily enables Teams Public Preview features for any Microsoft 365 user enrolled in Office Preview.  

Enabled – Choosing this option enables Teams Public Preview regardless of Office preview enrollment. The end user must also opt-in to Teams public preview in their Teams app. 

B2B Direct Connect in Shared Channels 

What is B2B Direct Connect? 

Shared Channels are powered by a feature called B2B Direct Connect which offers granular control over who can access your environment. It offers ways to collaborate with users from another Azure AD organization through a mutual way of connection, configured by admins. 

How to Enable B2B Direct Connect? 

With Azure AD authentication, external organizations can collaborate on Teams shared channels without switching tenants or logging in with different credentials. Both organizations must log into Azure AD and enable cross-tenant access settings (outbound and inbound settings to authorize B2B collaboration). It would take up to six hours for the connection to get enabled. 

Basic license requirement for Azure AD External Identities licensing: 

  • Azure AD Premium P1 (or) Premium P2  
  • Your first 50,000 MAUs (Monthly Active Users) per month are free for both Azure AD Premium P1 and Premium P2 features. (Charges will apply only if you cross 50,000 MAUs) 

B2B direct connect is disabled by default.  Perform the following steps to turn on B2B direct connect configuration. 

To enable B2B direct connect, first, you need to add the external organization you want to collaborate with.

  • Sign in to Azure Active Directory. 
  • Navigate to External Identities –> Cross-tenant access settings. 
  • Add organization details by typing the full domain name. 
  • After adding the organization, configure inbound and outbound access settings. 

The second step is to configure inbound and outbound settings in both internal and external organizations. 

Inbound access settings – The ability for internal users to join shared channels outside the organization. 
Outbound access settings – The ability for external users to join shared channels in the organization. 

Configuring Inbound settings: 

  • Click the inbound link for the respective organization you want to configure. 
  • Select B2B direct connect and do the required customization. 
  • Under the External users and groups tab, allow access to all external users/groups or specified users/groups based on the needs.  
  • Under the Applications tab, add Microsoft applicants as Office 365 and save. 

You can also specify external users/groups that you wish to grant access to Shared Channels rather than allowing all users/groups from the other tenant. 

Configuring Outbound settings: 

  • Select the outbound access link for the organization that you want to modify. 
  • Do the needful under B2B direct connect. 
  • Under the External users and groups tab, allow access to all external users/groups or specified users/groups based on the needs.  
  • Under the Applications tab, add Microsoft applicants as Office 365 and save. 

Can Everyone Create Shared Channels? 

If you are unable to create shared channels inside a team, you have to check with Teams channel policy. Microsoft Teams Shared Channel is enabled by default once it becomes available to your tenant. For security concerns, admins can add a custom teams policy and can assign specific users to create shared channels. (Global policy must be disabled to make the custom policy effective).  

Proceed with the following steps to create a custom Teams policy.  

  • Open Teams Admin Center. 
  • Navigate to Teams –> Team Policies 
  • By default, settings related to Shared Channels are all turned on in global policy. Turn off the shared channel settings in global policy. 
  • Add a new custom policy and enable all the shared channel settings. 
  • Select the custom policy and assign specific users who can create shared channels in the organization.

With a Teams channel policy, admins can decide whether your employees can create shared channels, can share them with people outside your organization, and participate in external shared channels. 

  • Create shared channels – Provides Team owners with the ability to create shared channels within and outside the organization. 
  • Invite external users to shared channels – Allow shared channel owners to invite external users to join the channel. 
  • Join external shared channels – Allow users/teams in the organization to join the external shared channel. 
Shared channels Teams policy

Enhance Compliance when Collaborating with Outsiders 

Security and compliance are key concerns of shared channels, as they primarily involve file sharing and external integration. A shared channel membership should be carefully monitored by admins since with great power comes great responsibility. When a shared channel is created, the host tenant owns the channel’s data. Only the host’s compliance policies and sensitive labels will apply to the shared channels. However, admins can ensure compliance by governing channel data with the help of integrated Information Protection tools, such as eDiscovery, legal holds, communication compliance, information barriers, audit logs, retention, and data loss prevention. 

I hope this blog will help you to understand how to integrate B2B direct connect and start enjoying seamless external collaboration between organizations via Shared Channels. Happy Connecting! 

Leave a Reply

Your email address will not be published. Required fields are marked *

Adding External Users to Microsoft Teams Shared Channels

time to read: 6 min
Follow us!