Controlling Collabration with External Users via Cross-Tenant Access

kerem 0 Reputation points


We want to limit the users of a different organization who can chat with users within our organization via Teams. To do that we want to use Cross-Tenant Access in Entra, rather than External Access in Teams admin center. I created a security group for this purpose. I added myself to the group. I also received the object-id of a security group in the remote tenant. When I created the Cross-Tenant Access for the remote tenant, I was able to see the users in the external tenant in my teams and was able to chat with them. I added a new user to the group but he is not able to see any users.

Does anyone have any idea about this problem? Did anyone used Cross-Tenant Access for such a purpose?

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
9,565 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Ran Hou-MSFT 7,490 Reputation points Microsoft Vendor

    Hi @Kerem

    According to the documentation, you need to configure both inbound and outbound settings for this scenario. Inbound settings determine who can access your resources, and outbound settings determine who your users can access.

    One possible reason why the new user is not able to see any users from the external tenant is that the cross-tenant access settings have not been updated yet. It may take up to 24 hours for the changes to take effect. Another possible reason is that the external tenant has not configured their cross-tenant access settings to allow your users to access their resources. The external tenant needs to add your tenant as an organization and specify the security group object ID that contains the users who are allowed to access their resources. They also need to enable the trust setting for multi-factor authentication to allow access to B2B direct connect users.

    Hope the above information is helpful for you!

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. kerem 0 Reputation points

    @Ran Hou-MSFT ,

    Today I configured the outbound access settings from select a group or users to All Users and changed it backed to the previous group(because my user who works as expected was the member of the group before configuring the cross-tenant access with the remote tenant), after that I'm also not able to send message for the users specified in the group in the remote domain. I've given it some time to make sure new settings are synced. If it doesn't work I'll delete the cross-tenant setting and re-configure it again.