Teams shared channels – examples.

Since 2 weeks it has been possible to create and share the new type of channel inside Teams – this caused many similar questions from customers – i will try to answer the 2 most prominent here.

External collaboration in shared channels is powered by B2B direct connect, a new way to collaborate with other Azure AD organizations—no need to add the external user as a B2B guest. Azure AD admins can manage B2B direct connect using cross-tenant access policies. External collaboration is off by default. To enable a shared channel between organizations, both sides must configure cross-tenant access policies. Admins can grant, restrict, or revoke access for external users at an individual, group, or tenant level.

Make a note, that to use the ability to block or allow specific users or groups, Azure AD premium P1 is required

So far so good.

EXAMPLE 1 – We want to enable this feature but limit for specific external companies.

So out of the box – this preview feature comes disabled.

So to turn it on at all, you need to go to the Azure portal and Find “Azure Active Directory”

Now click “Edit Inbound defaults” to open up for inbound access.

And do the same for “Edit Outbound details”

The settings must look like this:

So now ALL users can share and collaborate with all Users and Groups in all external Azure AD Tenants. !

So here is how to block specific organizations:

Leave the defaults as is, and the go to “Organizational settings” still in Cross-tenant access

Click “Add organization” and search by use of domain name, or tenant ID. It will ask to copy defaults, do that, and then narrow down from there, It is possible to Block or Allow the following:

  • Whole tenant
  • Single User
  • Specific group (Team)

Now access is allowed for ALL tenants – except the one(s) specified in Organizational settings.

EXAMPLE 2 – We want todisable this feature but allow for specific external companies.

So the other way around – if you did not touch the settings yet, you can skip the next couple of steps to change the default to block, its already there.

Otherwise – start by setting defaults, for botth inbound and outbound.

Now all is blocked and we can – just like before – add a single or multiple external tenants into Organizational settings

Again you will notice newly added orgs, inherit the settings.

Now again we can narrow the allow list down as far as:

  • Whole tenant
  • Single User
  • Specific group (Team)

Add specific users or Teams (groups) by GUID and choose the individual settings.

Look at theese resources for more info:

Leave a Reply

Your email address will not be published. Required fields are marked *