Cross-Tenant shared channel communication for Microsoft Teams
In the past few years, we have been seeing a lot of companies (cross-tenant) are doing collaboration through Microsoft Teams. Communicating on specific projects, sharing files, and making decisions. Similarly, if there is a company with multiple child organizations (multi-Tenant) then this happens frequently. The only thing that they are getting impacted is with isolation, every time they must communicate with a specific company, they need to switch their organization. And when they switch the organization, they become blind to what is happening on their own organization. Hence to overcome this situation, new features on team has been introduced to establish cross-tenant shared channel communication.
This feature will be most effective to those organizations which work with multiple companies to communicate and share resources also to those big companies which have multiple child organizations and need to communicate frequently.
To enable this feature, there is a pre-requisite of license on Microsoft 365. This feature can only be enabled if you have at least (Mandatory) Azure Active Directory Premium Plan 1 (AADP P1).
So, what will happen if we enable this feature?
Basically, when we enable shared channels in Teams with another organization (Tenant):
-
Team owners in your organization will be able to invite people from other organizations to participate in shared channels.
-
Your organization’s custom (line of business) apps will be available in shared channels and external participants will be able to access them.
-
Your organization’s apps list will be available in shared channels and external participants will be able to access them.
How to configure Share Channel?
- Enable shared channels on Microsoft Teams
- Configure cross-tenant access settings in Azure AD for inbound and outbound settings
- Testing
Scenario:
For the configuration and Testing of the Cross-Tenant shared channel I created two different tenants as of below.
- PDHEWAJU
- TRIAL
Enable Shared Channel on Microsoft Teams
By default, shared channels are enabled on Microsoft Teams. Configured this on the tenant I used for testing. Although just to confirm follow below steps:
- In the Teams admin center, expand Teams, and then select Teams policies.
- Select the policy for which you want to enable shared channels, and then select Edit.
-
-
- To allow team owners to create shared channels, turn Create shared channels on.
- To allow team owners to share shared channels with people outside the organization, turn Invite external users to shared channels on.
- To allow users to be invited to shared channels in other organizations, turn Join external shared channels on.
- To allow team owners to create shared channels, turn Create shared channels on.
4. Select Apply.
-
Also, to allow external channel participants to participants, external access needs to be enabled. Although this is also enabled by default.
- In the Teams admin center, expand Users, and then select External access.
- Under Teams and Skype for Business users in external organizations, ensure that the organizations that you want to collaborate with are not blocked.
Configure cross-tenant access settings in Azure AD for inbound and outbound settings
To configure cross-tenant, we need to add tenant (organization) for/from which we are allowing to share our resource. And after that we configure Azure AD B2B direct connect (which only comes with Azure AD Premium Plan 1). While configuring B2B direct connect, we need to configure inbound settings and outbound settings. So, what does these settings does?
- Configure inbound settings for the organization to allow users from the organization to be invited to your shared channels.
- Configure outbound settings for the organization to allow your users to be invited to the other organization’s shared channels.
Step 1: Add an organization
- Login to your Azure Active Directory using a Global administrator or Security administrator account. In my case I logged in to
- Select External Identities, and then select Cross-tenant access settings.
- Select Organizational settings.
- Select Add organization.
- On the Add organization pane, type the full domain name (or tenant ID) for the organization and press Enter.
- Select Add.
- The organization appears in the organizations list. At this point, all access settings for this organization are inherited from your default settings.
Step 2: Configure Inbound settings
- Select the outbound access link for the organization that you want to modify. In my case I have added tenant ‘TRIAL’, hence selected it.
- On the B2B direct connect tab, choose Customize settings.
- On the External users and groups tab, choose Allow access and All external users and groups. (You can choose Select external users and groups if you want to limit access to specific users and groups, such as those who have signed a non-disclosure agreement.)
- On the Applications tab, choose Allow access and Select applications.
- Select Add Microsoft applications.
- Select the Office 365 application, and then choose Select.
- Select Save and close the Inbound access settings blade.
Step 3: Configure Outbound settings
- Select the outbound access link for the organization that you want to modify.
- On the B2B direct connect tab, choose Customize settings.
- On the users and groups tab, choose Allow access and set an Applies to of all users.
- On the External applications tab, choose Allow access and select external applications.
- Select Add Microsoft applications.
- Select the Office 365 application, and then choose Select.
- Select Save, choose Yes to confirm, and close the Outbound access settings blade.
Once the configuration is complete, you will see the Inbound/outbound access as configured.
Similarly, I did the same configuration on tenant TRIAL for tenant PDHEWAJU. So that there be both ways of sharing.
Testing
It’s time for truth :D. we need to check if the configuration works or not?
On Tenant: PDHEWAJU
For testing, I created a new Teams with Shared Channel as of below screenshot.
Note: it might take up to 6 hours to get those changes applied to your tenant. Hence request perform testing after at least after 6 hours.
After creation of channel, I made addition of user from another tenant on this channel. (Note : this user must not be guest user on this tenant on which you are going to add on shared channel).
Here you can see 2 members on my channel, one from TRIAL organization and another from CONTOSO (PDHEWAJU).
On Tenant: TRIAL
When you login with specific user to whom the channel is shared, you will get prompt for the Review Permission. Click on review permission to accept the request of shared channel.
Once this is done, now you are in shared channel with users of Organization PDHEWAJU.
Hope, these steps will ease and guide you to configure shared channel in your organization on requirement basis.