Share via

#EXT# users, teams, and emails

Gérald Meunier 1 Reputation point
2021-06-18T08:27:22.617+00:00

HI everyone,

We are a sport association using Teams.
Members connect to teams as guest and belong each to :

  • 1 general Team (all members) (ex. club)
  • 1 Team related to each category they belong (Age, sport) (ex U9, U15, U18, Seniors)

The good thing about this is that we can send emails to each group with the use of club@keyman .tld or u9@keyman .tld

On Azure AD side, each guest (member) is registered with his/her personal email address.

Now we wanted to provide them access to a PowerApp.

In order for those guests to be able to use the PowerApp, we had to provide them with a O365 licence.
What we did is to assign to the group Club in Azure AD (which has all the members) the licence.

Consequences :

  • Guests do have access to the PowerApp application we created, which is nice and was the objective

But :

  • In Azure AD all those guests profiles have been transformed with a #EXT# profile. ok fine.
  • The email address also has been updated with a #EXT#

Here come the issues

  • The email address can not be updated (certainly normal system-wise)
  • If we send a mail to a Teams group (ie . U9@keyman .tld), the members do not get that email anymore

Is what we did wrong?
Or do we gain a functionality by losing one ?

Many thanks in advance for your feedback,

Gerald

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Teams | Microsoft Teams for business | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gérald Meunier 1 Reputation point
    2021-06-21T07:09:11.21+00:00

    @Sharon Zhao-MSFT Thank you for your reply.

    In fact, we have not been able to reproduce the issue ourselves.

    Just to answer your questions, yes the members are guest and we are using their personal emails.

    However, we found out some specific issues, linked to the email with Flow.

    Just fyi, we are assigning each member to a specific Team by using a Group rule :
    We were loading some information in the extensionAttribute1 like |Club|U15| or [Club|U15|U18|
    For each Group (corresponding to each Teams Group), we set a dynamic membership rule.
    exemple : extensionAttribute1 contains Club

    The setting up or the update of the extensionAttribute1 was done by Flow.
    We were using the Azure AD update user. It was working well and now there is an error with the mail field. We were not able to understand why the mail is said to be badly formatted.
    So instead we used the http in flow to patch the user.
    When doing this the extensionAttribute1 was updated, but the email was deleted.
    So still with http we also included the mail update, same issue.
    We finally found a workaround by not using the extensionAttribute1 anymore but by using the department instead.
    The department gets updated with the necessary information to assign or dynamic membership rules and the email is not being deleted anymore.

    The issue could come from the JSON used with http but the update of the extensionAttribute1 was working correctly. And before that, the Azure AD update user had issues as well with the email.

    As for the attribution of the licenses, in the O365 Basic license, we selected only the PowerApp license (in case there were some side-effect interaction with the exchange license for example)

    For the moment, it is working. When we will have more time we will redo some testings on a dummy account.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.