B2b cross-tenant direct access, seamless sign in to partner Teams team not working

Question

B2b cross-tenant direct access, seamless sign in to partner Teams team not working

Dieter Tontsch (GMail) 972

Hello,
I am a bit confused about what expectations I should have re. Teams teams and channels vs. Azure AD B2B direct-connect.

According to this article https://learn.microsoft.com/en-us/azure/active-directory/external-identities/cross-tenant-access-settings-b2b-collaboration it says's:
B2B direct connect overview - Azure AD
Azure Active Directory B2B direct connect lets users from other Azure AD tenants seamlessly sign in to your shared resources via Teams shared channels. There's no need for a guest user object in your Azure AD directory.

And this article explains it even better https://learn.microsoft.com/en-us/azure/active-directory/external-identities/b2b-direct-connect-overview stating :
Currently, B2B direct connect capabilities work with Teams shared channels. When B2B direct connect is established between two organizations, users in one organization can create a shared channel in Teams and invite an external B2B direct connect user to it. Then from within Teams, the B2B direct connect user can seamlessly access the shared channel in their home tenant Teams instance, without having to manually sign in to the organization hosting the shared channel.

The later is my final goal. We'd like to establish Teams teams channel communications with a partner company, where users can remain in their own tenant from the Teams perspective, but still can collaborate in this team7channel hosted by our peer.

While we have established a b2b cross-tenant external identity for that organization, and they did the same, we allow for now any user and any application when it comes to b2b direct connect, b2b collaboration tab we left as default. But nevertheless, foreign users belonging to the other tenant, from both points of view, still need to switch to this other tenant within Teams if they want to collaborate within that team of the partner.

On the other hand I figured that if I am searching for an user from the partner by searching for this upn, I do get two options when I'm doing so outside of a team, in chat, favorites etc. I can add this user as a Guest, or I can add him as an External. Basically it is the same user, but somehow it's still not the same, because I have chatted with the guest before, and once I added the External to my favorites I figured that the chat history isn't there and I even can additionally add the Guest to my favorites, it remains a complete different chat channel. However, if I want to add the very same user as a member to a team, I only have the choice to add the guest, this external isn't offered to me. Actually there are three differnt combinations, only Guest, only External or both. Only External is interesting, in chat or favorites I only find the External, within a Team all of a sudden I see him as Guest only.

So now I'd like to know if this b2b direct-access will give me any benefits in order to allow my users to "seamlessly sign in" or not. Because so far this does not look like this to me. Because so far even though we have established this external identity b2b access between organizations, i do not see any difference in terms of Teams collaboration. My peer tenant user I invited still got created as a guest user in my tenant, he needs to switch tenants if he wants to access that Team I invited him to etc... Either this isn't configured properly, or it is not working as expected. I have to mention one last thing, they always talk about shared channels in this context. I cannot create shared channels, all I can choose from is a standard or private channel.

kind regards,
Dieter

Dieter Tontsch (GMail) 972 Reputation points

2022-06-24T13:09:28.487+00:00

This is what I expected to get rid of

No need to switch between the home and guest tenant anymore.

But it does not work so far.

Accepted answer

0 additional answers

Your answer

Dieter Tontsch (GMail) 972 Reputation points

2022-06-24T13:09:28.487+00:00

This is what I expected to get rid of

No need to switch between the home and guest tenant anymore.

But it does not work so far.

Answer 1

Vasil Michev 119.9K MVP Volunteer Moderator

For the time being, the only feature that makes use of B2B Direct connect is "shared channels": https://learn.microsoft.com/en-us/microsoftteams/shared-channels
They do address some of the "collaboration" scenarios and can potentially help you get rid of Guest users and switching tenants. However, this is all B2B Direct Connect enabled currently, until other workloads and features add support for it, I wouldn't consider it as a replacement of the "old" B2B model.
Here's a detailed comparison: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/external-identities-overview#comparing-external-identities-feature-sets

Dieter Tontsch (GMail) 972 Reputation points

2022-06-24T15:40:04.36+00:00

Ok, thanks so far. But why then can't we create shared channels? We can only create standard or private channels, even though we only have the Global (orgwide-default) policy. And it says "Create shared channels=On".

What I do is to create a team from scratch and then try to add channels, is it this what is meant by shared channels too? And I am also a bit confused because of the Shared Channels, from what I know, I am not a Teams expert though, I can have Teams, I can add Channels to a team, but I can only add members to the team, not to it's channels, am I wrong? Within a channel all I see settings-related is channel moderation preferences. Giving this, I am asking myself how I should invite someone from my partner company into this shared channel only, I can invite him into the team, and that's what I already did, but then he again has to switch tenant...

And last, I do not understand your sentence "However, this is all B2B Direct Connect enabled currently, until other workloads and features add support for it, I wouldn't consider it as a replacement of the "old" B2B model." You mean, all that works for now because of B2B direct connect, is this mysterious shared channel thing I don't exactly get? And therefore it's yet not really worth it? What old b2B model do you mean, is that still around and is it capable of more b2b stuff?
Vasil Michev 119.9K Reputation points MVP Volunteer Moderator

2022-06-24T15:47:06.29+00:00

There are certain prerequisites for that. Follow the steps here: https://learn.microsoft.com/en-us/microsoft-365/solutions/collaborate-teams-direct-connect?view=o365-worldwide
There's also one last step needed, as the functionality is currently in Preview. Thus you need to switch the Teams client to Public Preview. Go to the Teams admin center > Teams update policies > set "Show preview features" to Enabled. Then in the client itself, select Public Preview under the ... menu > About.
Dieter Tontsch (GMail) 972 Reputation points

2022-06-25T12:06:13.543+00:00

Thanks for that info.
I have created an extra update policy where public preview is enabled and have assigned this to certain users and myself. But unfortunately I do not get this About --> Enable Public Preview menu, not even after one hour and a reboot of my client PC.

Does this take quite a while to synchronize? May I be more lucky tomorrow? Or is there a chance to manually push this setting?

I read somewhere about adding the setting <EnablePublicPreview>True</EnablePublicPreview> to add this to the xml file. I don't know which xml file is meant, and also it sounded to me like this is only related to Teams Rooms eventually https://learn.microsoft.com/en-us/microsoftteams/public-preview-doc-updates

BTW: I do meet all the other prerequisites you mentioned, and that film from the link you provided explains it very step-by-step, easy to follow, even by someone who has little Teams Admin skills.

Does my peer shared channel guest member also have to have Public Preview enabled just in order to join my shared channel?
Vasil Michev 119.9K Reputation points MVP Volunteer Moderator

2022-06-25T13:11:07.147+00:00

Yeah, it might take a while to appear. Try signing out and back in, hopefully it will trigger it.
The person on the other side must also have the Preview enabled.
JimmyYang-MSFT 58,646 Reputation points Moderator

2022-06-27T09:58:38.627+00:00

@Anonymous

Agree @Vasil Michev said above, you could check it to see if it works for you.
Dieter Tontsch (GMail) 972 Reputation points

2022-06-27T10:04:51.4+00:00

Yes I'm still on it. Meanwhile, after almost 48 hours I managed to get my Preview Enabled Update policy applied and finally I have it available in my Teams client. But now the peer tenant also needed to set this, again it will need more then 24h to apply I guess. Then I will do my tests and will come back with details.

For now I can finally create a shared channel, but yet I don't see the benefit of it compared to a standard channel when it comes to b2b direct connect with partner tenant.... AS I said, my goal is that users from this b2b enabled partner shall not be required to switch tenants in Teams in order to participate in shared channels.
Vasil Michev 119.9K Reputation points MVP Volunteer Moderator

2022-06-27T10:28:33.01+00:00

As I explained above, this is not a full replacement for the B2B model. Shared channels address only a single Teams scenario, it's a better experience overall for that specific scenario, but will not help address all other uses of the old B2B model. Eventually, as Microsoft starts expanding support to other features/workloads, things might change.
Dieter Tontsch (GMail) 972 Reputation points

2022-06-28T11:46:03.11+00:00

Finally I made it work and it's a nice feature though. The biggest problem is that the distribution of the Update Policy with Preview Enabled takes more then 24 hours to be applied. During this time, at least form what I know, there is nothing one can do but wait. Once Preview can be enabled and is enabled on all participants in charge, they do see each others shared channels, and explicitly only the team and the shared channels. No need to switch tenant anymore.

thanks @Vasil Michev
Dieter

Share via

B2b cross-tenant direct access, seamless sign in to partner Teams team not working

0 additional answers

Your answer