Controlling Collabration with External Users via Cross-Tenant Access

Question

Controlling Collabration with External Users via Cross-Tenant Access

kerem 0

Hello,

We want to limit the users of a different organization who can chat with users within our organization via Teams. To do that we want to use Cross-Tenant Access in Entra, rather than External Access in Teams admin center. I created a security group for this purpose. I added myself to the group. I also received the object-id of a security group in the remote tenant. When I created the Cross-Tenant Access for the remote tenant, I was able to see the users in the external tenant in my teams and was able to chat with them. I added a new user to the group but he is not able to see any users.

Does anyone have any idea about this problem? Did anyone used Cross-Tenant Access for such a purpose?

2 answers

Your answer

Answer 1

Ran Hou-MSFT 7,625 Microsoft External Staff

Hi @Kerem

According to the documentation, you need to configure both inbound and outbound settings for this scenario. Inbound settings determine who can access your resources, and outbound settings determine who your users can access.

One possible reason why the new user is not able to see any users from the external tenant is that the cross-tenant access settings have not been updated yet. It may take up to 24 hours for the changes to take effect. Another possible reason is that the external tenant has not configured their cross-tenant access settings to allow your users to access their resources. The external tenant needs to add your tenant as an organization and specify the security group object ID that contains the users who are allowed to access their resources. They also need to enable the trust setting for multi-factor authentication to allow access to B2B direct connect users.

Hope the above information is helpful for you!

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

kerem 0 Reputation points

2023-12-04T06:12:16.8033333+00:00

Hi @Ran Hou-MSFT , Thank you for your answer. I'll check with my collegue today again and inform you if this is a 24 hour issue. For the other tenant, it does not have Azure P1 license. So they couldn't do cross-tenant configuration on their entra id part. But documentation says only B2B direct connect needs the license on both side.
kerem 0 Reputation points

2023-12-04T07:30:14.67+00:00

Hi @Ran Hou-MSFT ,

We have tested it. It is still not working. Let me tell you the whole configuration.

Only our tenant have P1 license. So we only configured the cross-tenant access from our side. I've created a security group in our side. Right now, me and another collegue of mine is added to this security group. We used this group in outbound rules. We also retrieved an object-id of a security group from other tenant. We used this security group for the inbound rules. My user was added to this group from the beginning and I can see and chat with these users from Teams. I can't see any other users from the other tenant. But after I added my collegue to this group, he is not able to see those users. It's been more than 24 hours since he is added to the group.
Ran Hou-MSFT 7,625 Reputation points Microsoft External Staff

2023-12-05T06:41:36.0866667+00:00

Hi @Kerem

Have you tried to add other colleagues to this group to check if the issue still exists？

Answer 2

kerem 0

Hİ @Ran Hou-MSFT ,

Today I configured the outbound access settings from select a group or users to All Users and changed it backed to the previous group(because my user who works as expected was the member of the group before configuring the cross-tenant access with the remote tenant), after that I'm also not able to send message for the users specified in the group in the remote domain. I've given it some time to make sure new settings are synced. If it doesn't work I'll delete the cross-tenant setting and re-configure it again.

Ran Hou-MSFT 7,625 Reputation points Microsoft External Staff

2023-12-06T05:39:40.7066667+00:00

Hi @Kerem

Is there any progress on this issue?
kerem 0 Reputation points

2023-12-06T10:31:34.4966667+00:00

Hi @Ran Hou-MSFT ,

Unfortunately it is still not working. After deleting the old cross-tenant access and implementing the new one problem is not fixed.
Ran Hou-MSFT 7,625 Reputation points Microsoft External Staff

2023-12-07T07:50:40.11+00:00

Hi @Kerem

Hope the following link is helpful for you!

https://learn.microsoft.com/en-us/entra/external-id/cross-tenant-access-settings-b2b-collaboration

Otherwise, you can try to contact the Global Customer Service to solve the issue.

Share via

Controlling Collabration with External Users via Cross-Tenant Access

2 answers

Your answer