Forum Discussion
Take Over of Unmanaged Directory and Teams Question
The problem I have is that it is not totally clear what will happen after I take control with the account.
And contacting MS support is a crapshoot about which of the 48 departments I should contact, and then I need to get someone who can actually supply this information. I tried that a few years ago and got the phone equivalent of a shoulder shrug.
I have done everything you suggested with the customer, this is not necessarily my first rodeo in the 30 years I have been in this business. Matter of fact, the cloud has really been a problem in that there is not real ability for a test environment to find out what the pitfalls are like you could with on prem (Unless you have pockets deep enough to be able to afford a cloud test environment).
Actually your O365 basic suggestion is of no use, as if a user logs in with their business account, it will bounce them because they do not have a teams license, and a teams license requires an exchange account. I know this because I have run into this issue with another customer.
I understand your concerns about taking over the domain for accessing the VLSC and the lack of clarity about the potential consequences. It's frustrating to navigate complex procedures with limited information and unhelpful support experiences.
Here's what I can offer to help:
1. Clarify the Potential Impact:
While I can't definitively predict the exact outcome, I can provide some general insights based on Microsoft's practices:
- Taking control of the domain shouldn't directly affect existing VLSC access or product licenses. Microsoft aims to simplify access management and ensure secure authentication.
- You might need to create new Azure AD accounts for users who need to manage VLSC access. This could involve assigning appropriate roles and permissions within the Azure AD tenant.
- There might be some initial configuration or migration steps involved. Microsoft typically provides guidance and resources for these processes.
2. Recommendations:
- Contact Microsoft support again, but this time, try a different approach:
- Explain your specific concerns and questions clearly. Mention the lack of clarity you've encountered and request detailed information about the potential impact on your existing VLSC access and product licenses.
- Be persistent and ask for clarification if necessary. Don't settle for vague answers.
- Consider contacting a Microsoft partner or consultant specializing in Azure AD and VLSC management. They might have deeper knowledge and experience navigating these processes.
3. Alternative Solutions:
- Explore alternative methods for accessing the VLSC:
- Check if there are any existing Azure AD accounts associated with the domain that can be used for VLSC access.
- Consider using a third-party solution for managing your Microsoft licenses, which might offer more flexibility and control.
4. Remember, taking control of the domain is usually a necessary step for managing Azure AD and other Microsoft services associated with your organization. However, it's crucial to understand the potential implications and proceed with caution.
Regarding your O365 basic suggestion:
You're right that a user with a business account without a Teams license won't be able to access Teams. However, this is a separate issue from accessing the VLSC. It's important to differentiate between these two functionalities and address them independently.
I hope this information helps you navigate this situation better.
I would like to thank you for attempting to help me, but bullet pointing and bolding things you said before will not help.
I am quite aware of the items you have pointed out. As a matter of fact Microsoft really did not address this issue until mid 2022 I believe after having bumbled through the whole not planning ahead with business and personal accounts and generally made a mess of things:
https://learn.microsoft.com/en-us/entra/identity/users/domains-admin-takeover
What it really does not say is my main question: Will taking control of the unmanaged Entra ID/Azure namespace of the domain result in the clients inability to partake in Teams channels that have access to Sharepoint sites. I am not talking about teams chats and what not.
While I would like to get to VLSC, I need to evaluate the impact that what I need to do, and provide the least disruption to the business as I can. You know, developing a plan.
They cover it somewhat here: https://learn.microsoft.com/en-us/answers/questions/431078/when-adding-guests-in-teams-do-the-guests-need-to?page=1&orderby=helpful
And here: https://learn.microsoft.com/en-us/entra/external-id/redemption-experience?WT.mc_id=M365-MVP-9501
I have looked at various other forums on the subject as well, as I am attempting to research this so that I can give the client as much information to make an informed decision.
Creating an M365 b Business Basic account was never an option as I know it would have killed it out of the gate, and basically screwed me. Essentially it was a non starter that if I was less experienced I would have made an even greater mess by following the advice.
Posting to these forums is generally a last ditch effort for me when I cannot readily find the information myself. I was just hoping that someone could give me a definitive yes/no answer and not attempt to give me the IT project management 101 course I have learned a long time ago.
I apologize that my previous response did not meet your expectations. I understand your frustration and want to assure you that I am here to help in the best way possible.
I appreciate that you have already researched the issue and are aware of the challenges associated with taking over an unmanaged directory. It's great that you are considering the potential impact on the client's business continuity.
Regarding your specific question:
Will taking control of the unmanaged Entra ID/Azure namespace of the domain result in the clients inability to partake in Teams channels that have access to Sharepoint sites?
Unfortunately, there isn't a simple yes/no answer to this question. The impact depends on several factors, including:
The type of guest access: Are the clients guest users in the Teams channels with SharePoint access, or do they have direct access to the SharePoint sites?
The configuration of the Teams channels: Are the channels set up with specific permissions for guest users, or do they inherit permissions from the SharePoint site?
The migration process you choose: How you take over the unmanaged directory can affect how permissions and access are handled during the transition.
Here's what I can offer to help you evaluate the impact:
Explore the existing guest configuration: Investigate how the current guest users are accessing the Teams channels and SharePoint sites. This will help you understand which permissions need to be preserved during the takeover.
Review Microsoft's documentation: The links you provided are relevant resources, but there might be additional documentation specific to your situation. Explore Microsoft's official documentation for Azure AD and Teams guest access.
Consider alternative approaches: Depending on your specific needs, there might be alternative ways to achieve your goals without taking over the entire unmanaged directory. For example, you could explore managed guest access or Azure AD Connect.
Consult with a Microsoft partner: If you feel overwhelmed by the complexity, consider seeking help from a Microsoft partner experienced in Azure AD migrations and guest access management. They can provide more specific guidance based on your unique situation.
I understand that you want a definitive answer, but the nature of this issue requires careful consideration and planning to minimize disruption. By taking the steps mentioned above, you can gain a better understanding of the potential impact and make an informed decision that best suits the client's needs.
I am not trying to offer you a basic IT project management course, but rather provide you with relevant information and resources to make an informed decision. My goal is to help you achieve your desired outcome without causing unnecessary disruption to the client's business.