Not able to add external users to shared channels

Renaud Closset 0 Reputation points
2024-07-02T08:41:34.3933333+00:00

Issue

We are unable to add external users (not guests) to Shared Channels in Microsoft Teams.

Shared channels

  • In the Teams Client App we get the error "You can't share this channel with people from this org.".
  • In the Teams Admin interface we get the error "We can't add the email@acme.com to the SharedChannel right now. Try again later."

Public Channels

  • This works as expected; we can add external users to TeamSites and their public channels without any issue

Current Configuration

Microsoft Teams admin center

Teams > Teams Policies

The only available policy (Global Org-wide default) is set up as follows:

  • Create Shared Channels: ON
  • Invite external users to shared channels: ON
  • Join external shared channels: ON

Users > External access

  • Teams and Skype for Business users in external organizations
    • Choose which external domains your users have access to: Allow all domains
  • Skype users
    • Allow users in my organization to communicate with Skype users: ON

Microsoft 365 admin center

Settings > Org settings

  • Microsoft 365 Groups
    • Let group owners add people outside your organization to ‎Microsoft 365 Groups‎ as guests: ON
    • Let guest group members access group content: ON

Microsoft 365 entra admin center

Identity > External Identities > Cross-tenant access settings

  • Organisational settings
    • Our partner "ACME" organisation
      • B2B Collaboration: Default settings
      • B2B direct connection: Customized settings
        • external users and groups
          • Access status: Allow access
          • Applies to: All ACME users and groups
        • Applications:
          • Access status: Allow access
          • Applies to: Select applications
            • Office 365
      • Trust settings: Default settings
      • Cross-tenant sync:
        • Allow users sync into this tenant: OFF
  • Default Settings
    • Inbound Access Settings
      • B2B Collaboration
        • external users and groups
          • Access status: Allow access
          • Applies to: All external users and groups
        • Applications:
          • Access status: Allow access
          • Applies to: All applications
      • B2B direct connection
        • external users and groups
          • Access status: Allow access
          • Applies to: All external users and groups
        • Applications:
          • Access status: Allow access
          • Applies to: Select applications
            • Office 365
      • Trust settings:
        • Trust multifactor authentication from Microsoft Entra tenants: ON
        • Trust compliant devices: ON
        • Trust Microsoft Entra hybrid joined devices: ON

Identity > External Identities > External collaboration settings

  • Guest user access restrictions: Guest users have the same access as members (most inclusive)
  • Guest invite settings: Anyone in the organization can invite guest users including guests and non-admins (most inclusive)
  • Collaboration restrictions: Allow invitations to be sent to any domain (most inclusive)

Questions

The settings we used seem to match all information provided by Microsoft, but we still are unable to add external users to Shared Channels. How come? What did we miss?

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
9,502 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,366 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. LiweiTian-MSFT 16,450 Reputation points Microsoft Vendor
    2024-07-03T01:24:30.17+00:00

    Hi @Renaud Closset

    While shared channels is turned on by default in Teams, external collaboration with shared channels requires that a Microsoft Entra administrator set up cross-tenant access between your organization and each other organization with which you want to share. Each other organization must set up cross-tenant access on their end as well.

    If you plan to use shared channels with other organizations, you can choose between a self-service model and a by-request model.

    • Self-service – You can configure cross-tenant access to allow inbound and outbound access to all other Microsoft Entra organizations. Alternatively, you can block a list of organizations that you don't want your users to share with, leaving all other organizations available. This allows your users to invite people outside the organization to participate in shared channels without having to contact your helpdesk or IT department.
    • By-request – You can configure cross-tenant access for each individual organization with which you want to allow shared channels. When choosing this model, it's important to have a documented business process that your users can follow to request cross-tenant access with another organization.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Renaud Closset 0 Reputation points
    2024-07-04T09:19:30.66+00:00

    Hi @LiweiTian-MSFT ,

    thank you for your answer, but I noticed my initial question was capped for using a "smaller than" sign. I updated the question with lesser markup to remediate this issue.

    Now our configuration should be visible, including how we set up cross-tenant collaboration in the MS Entra admin center.

    0 comments