Should user roles be synchronised between Azure AD group and team in MS Teams?

komatat 46 Reputation points
2020-05-20T14:43:46.327+00:00

There are several use cases when user roles are not synchronised between Azure AD and MS Teams, here are two examples with my expectations. Please let me know if they are correct or not, and if not - could I get the link to documentation with description of groups roles in Azure AD and MS Teams? Thanks.

Case 1

  1. As User1 create new Team1 via MS Teams
  2. In MS Teams: add User2 to Team1 and make them Owner
  3. In Azure portal: go to Azure AD -> Groups -> Team1, check Owners and Members tabs << both users are listed in both lists as expected
  4. In Azure portal: remove User1 from Owners list only

Actual result: User1 is removed from Owners and remains in Members in Azure as expected, but the team disappeared for the user in MS Teams

Expected result: I would expect for User1 to have access to the team as a Member

Case 2

  1. As User1 create new Team1 via MS Teams
  2. In Azure portal: go to Azure AD -> Grpups -> Team1, check Members and Owners tabs << User1 is listed under both of them and this looks to be correct
  3. In Azure portal: add User2 to Owners list only << User2 is added to Owners list as expected, the user is also displayed as Owner in MS Teams
  4. In MS Teams: change User2 role from Owner to Member

Actual result: User2 role has changed to Member in MS Teams, User2 is removed from Owners list in Azure and this looks expected. But User2 is not shown in Members in Azure as well.

Expected result: User2 should be added to Members in Azure portal

Regards,
Tanya

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
9,031 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,388 questions
0 comments
Accepted answer
  1. Manu Philip 16,966 Reputation points MVP
    2020-05-25T16:12:07.113+00:00

    Hello @komatat ,
    I did a complete analysis of the test cases you mentioned and looks like it's a Bug as of now in Teams app. Why I am sating it as a bug is, the team disappears from the app is presented in Teams Admin, Azure Admin and in PowerShell search.

    So, I did some testing and found a way to resolve the issue. You can also adopt the approach until it is fixed by MS. There are many user complaints on the same topic already and hopefully, it will come as a fix asap as I guess

    1. Create a dummy user contact in the Office 365 portal
    2. When you see the issues in both cases, add the dummy user as a member to the teams from Teams admin portal. Make the dummy user as admin of the Teams. Change the dummy back to member. Quit Teams (Not close, make sure you quit) and re-open and you will see the team created back to the application. You can remove the dummy user from the team if needed.

    Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion

    Regards,

    Manu

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 94,911 Reputation points MVP
    2020-05-20T16:47:11.41+00:00

    It might take some time before changes applied in one endpoint (say the Teams client) appear in other endpoints (Azure AD or Teams admin center). Your expectations are certainly right, just not immediately.

    0 comments
  2. Sharon Zhao-MSFT 25,051 Reputation points Microsoft Vendor
    2020-05-21T06:16:21.93+00:00

    Hi komatat,

    Agree with michev, I tested in my environment, it just needs time to take effect.

    0 comments
  3. komatat 46 Reputation points
    2020-05-25T12:21:20.23+00:00

    Hi michev, SharonZhao-9394,

    Thanks for your replies but it still doesn't work for me, I don't see any changes after 1.5 hrs (retested with case 1) and this already looks like a huge delay.

    And btw I've checked the team in MS Teams by User2 (who was not touched and has access to the team): as soon as User1 was removed from Owners list in Azure portal, message appeared in General channel in MS Teams saying that admin user has removed User1 from the team.

    So it looks like some events (which look incorrect or at least incomplete) are coming to MS Teams immediately.

    Therefore could I ask you to recheck once again?

    If the behaviour is still deemed correct could you please confirm how much time it usually takes to synchronise?

    Regards,
    Tanya