How to create a shared channel in Microsoft Teams and configure B2B direct connect

Table of Contents

Overview

Shared Channels are part of Microsoft Teams Connect and is still in public preview. To be able to create and use shared channels you will need to Enable Microsoft Teams Public / Developer preview.

Some Important Points about Shared Channels

  • Using shared channels you can invite people outside of your organization by using Azure AD B2B direct connect.
  • Shared channels are enabled by default but can be disabled by Editing Teams Policies via Microsoft Teams Admin Center.
  • Guest accounts cannot be added to the Shared Channels.
  • Shared Channels cannot be converted to Standard Channels.
  • As Shared channels are still in public preview, Microsoft Teams Public Preview needs to be enabled.

Configure Azure AD B2B direct Connect

To be able to use the Shared Channels, you will need to configure Azure AD B2B direct Connect in your tenant and also in your partner tenant. Azure Active Directory (Azure AD) B2B direct connect is a feature of External Identities that lets you set up a mutual trust relationship with another Azure AD organization for seamless collaboration. By default Inbound and Outbound Access via B2B direct connect is blocked. Therefore, to be able to collaborate with external organization, you need to add that organization and configure the inbound and outbound access settings.

About B2B direct Connect
B2B direct connect lets your users and groups access apps and resources that are hosted by an external organization. To establish a connection, an admin from the external organization must also enable B2B direct connect. When you enable outbound access to an external organization, limited data about your users is shared with the external organization, so that they can perform actions such as searching for your users. More data about your users may be shared with an organization if they consent to that organization’s privacy policies.
  • Login on Microsoft Azure Portal.
  • Search for Azure Active Directory and then click on External Identities on the left hand side.
  • Click on Cross-tenant access settings (Preview).
  • Click on Organizational Settings and then click + Add Organization.

Add domain name or Tenant ID of External organization.

Azure Active Directory Cross-tenant access settings

Once the organization is added then you will need to configure Inbound and Outbound access. If you use the default settings then B2B direct connect remains blocked. Therefore, click on the link Inherited from default under Inbound Access and also Under Outbound access and configure both the policies.

B2B Inbound Access Settings

B2B Inbound Access
B2B direct connect inbound access settings determine whether users from external Azure AD organizations can access your resources without being added to your tenant as guests. By selecting “Allow access” below, you’re permitting users and groups from other organizations to connect with you. To establish a connection, an admin from the other organization must also enable B2B direct connect.
B2B Inbound Access Settings

Click on Customize settings and then Allow access for all external users and groups. Also, under Applications tab click on Allow access and Apply to all applications or you can add selected applications for example Office365.

B2B Inbound Access Settings

Trust Settings

Next tab is for Trust Settings where you can configure the trust settings related to External Azure AD organizations. For Example If you trust Multi-Factor authentication solution of other Azure AD organization then you can configure on this section.

B2B Inbound Access Settings

B2B Outbound Access Settings

B2B Outbound Access
Outbound access settings determine how your users and groups can interact with apps and resources in external organizations. The default settings apply to all your cross-tenant scenarios unless you configure organizational settings to override them for a specific organization. Default settings can be modified but not deleted.

Similar to the Inbound Access settings, you can configure outbound access settings as well. Open the Outbound Access settings and then Allow Access to users and groups along with your home users to access External applications in another Azure AD Organization. When you try and save the Outbound access settings, you will receive below pop-up message. Go through the message and click on Yes or you can also click on Learn more and get more information about it.

Azure Active Directory Cross-tenant access settings

Inbound and Outbound Access settings are now configured for the External Organization. You can anytime go back and update these settings. Once this has been configured on your Azure AD organization. Admin from another tenant needs to add your azure ad organization on their side and configure Inbound and Outbound Access policies. After this configuration is completed, you should be able invite users from External Azure AD organization.

Azure Active Directory Cross-tenant access settings

Create a Shared Channel in Microsoft Teams

If you have already enabled public preview in Microsoft Teams client, you can now go ahead and create shared channels. Only team owners can create shared channels. As the team owner who creates the shared channel, becomes the channel owner.

To create a Teams Shared Channel, Click on Three dots next to the Team and click on Add Channel.

Create a Shared Channel in Microsoft Teams

Provide a name of the Channel for example: Finance Project Team A and In the Privacy drop down select Shared, You also get Standard and Private channel options but in our case as we are creating a Teams shared channel, we will use choosing Shared – People you choose from your org or other orgs have access.

Create a Shared Channel in Microsoft Teams

You can Skip sharing the channel with External users or you can search for External users here and then share the channel right away. As you can see in the below screenshot, I have collaborated with an External Azure AD organization called cloudinfra.net, therefore I am able to search and find the users in cloudinfra.net. This is because of the B2B direct connect configuration we completed earlier. You will not be able to share the channel with another organization users unless you have configured B2B direct connect in Microsoft Azure Active Directory.

Create Shared Channel in Microsoft Teams

You will also notice that there is External tag mentioned next to the name of the user to reflect that this user is from another Azure AD organization. You can also add users, Teams etc. to this shared channel after the channel has been created. Click on Done to complete the setup.

Create a Shared Channel in Microsoft Teams

Teams Shared Channel Finance Project A has been created. Notice an icon next to the channel to highlight that this is a shared channel. You can click on three dots and then click on Share channel. You will get different options on sharing a channel with a Team or individual users.

Create a Shared Channel in Microsoft Teams

Conclusion

Teams shared channel is a great solution for collabrating with External Organizations without adding external users as guest in your Azure AD organization. You can configure B2B direct connection before inviting users from external organization. When you invite an external user from shared channel, it verifies the B2B direct connect settings before adding the user. You can explore and read more about shared channels on Microsoft Documantation https://docs.microsoft.com/en-us/microsoftteams/shared-channels.

Leave a Comment