Azure AD External Identities, B2B Direct Connect, and current Guest accounts

Hi @Andy Jackson • Thank you for reaching out. Please find my response inline.

B2B direct connect lets you set up a mutual trust relationship between two different Azure AD organizations. You won't be establishing trust between your tenant and the Gmail user's home tenant. The Gmail account will be a guest account for all the tenants. This is why you will always end up using B2B collaboration and inviting Gmail users as external partners.

As Gmail account won't be a good fit for B2B direct connect scenario, I have answered your questions from external user perspective, who is a member of the External Azure AD tenant.

• A guest has been invited to an Azure AD tenant using an external account.
  This will create a guest user account in your Azure AD tenant. The Invitation accepted property will be set to No until the user redeems the invite by clicking on the link sent via the invitation email.
• The guest user in question is added to a Microsoft Teams Team as a guest.
  Since the user is already invited to your tenant and the guest user account is already created in Azure AD, the same account will be used. If the user is not already invited to an Azure AD tenant as a guest user, adding the user to a Microsoft Teams Team as a guest will create the guest user account in Azure AD. When the user signs in to Teams first time by switching to the Guest tenant, the invitation will be redeemed automatically.
• A shared channel is created within the Team in question. The owner of the Team "invites" the external account to the shared channel (not as a guest.) What is the external user's experience now that they are both a guest and an externally invited B2B Direct Connect user?
  B2B direct-connect users don’t have a presence in your Azure AD organization, so these users are managed in the Teams client by the shared channel owner. So there won't be any conflict/impact on the existing guest account.
  With B2B direct connect, you add the external user to a shared channel within a team. That is why, this user can access the resources within the shared channel, but won't have access to the entire team or any other resources outside the shared channel. For example, they don’t have access to the Azure AD admin portal.

Hope this helps. Feel free to tag me in your reply if you have any questions.

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Hi @AmanpreetSingh-MSFT ... I also have a question that fits here thematically, when I set up a B2B direct connect trust, what do I do with previously invited guests of the Azure Trust domain. Do I have to delete them before and re-invite them after the trust? Because the hint text says:
"B2B direct connect inbound access settings determine whether users from external Azure AD organizations can access your resources without being added to your tenant as guests. By selecting "Allow access" below, you're permitting users and groups from other organizations to connect with you. To establish a connection, an admin from the other organization must also enable B2B direct connect."