Forum Discussion
Solved
External contact have upgraded to "Teams Only" mode but still show up as a SfB contact
One of our customers have recently changed their Coexistence mode to "Teams Only" after using Teams for some while in Island mode. But in my Teams chat client the contacts still shows the Skype logo ...
- It can take well over 2; hours for everything to settle in! Give it some more time
byoung210In the customers tenant they were running in teams only mode with no restrictions but I still got this dual dialogue. Skype / Teams the only way I solved it was I had to physically sign out of my teams client and back in again and then it resolved, closing / opening wasn't enough I needed to do a full sign out / sign in. Let me know / others if that worked. The issue was also not at the customers end it was on my client.
Bradley1610 I tried signing out of the client and signing back in. The issue persists. Tried twice even.
hi all, same for us, an external tenant was changed from island mode to teamsonly, but in our Teams Client every contact is still shown as skype user and the presence status doesn't work anymore. Federations setting was checked.
Logout and login again didn't change anything.
Any ideas?
regards
Georg
- I believe you need to add the contact again to get a new "message thread". The old message thread can be hidden.
fixed after using the M365 admin center diagnostics tool. TLDR user had an external access policy different from every one else
- Yes that was the issue. This user had the NoFederationAndPIC value set to their ExternalAccessPolicy Fixed with Grant-CsExternalAccessPolicy -Identity $UserPrincipalName -PolicyName $Policy.Identity (edited)Now they are showing in Teams as Teams when looked up externally from another Teams tenant
Here is the PowerShell script/magic to fix this external access policy
# The external access policy granted to the user does not allow the user to communicate ...# To enable the user to communicate with external users, do the following:# Connect to Skype for Business remote PowerShell console to manage your Teams environment. For detailed steps, see Manage Skype for Business Online with PowerShell.# Run the PowerShell command Get-CsExternalAccessPolicy to locate an external access policy where the parameter EnableFederationAccess is set to 'true'.# Run the PowerShell command Grant-CsExternalAccessPolicy to grant the external access policy found in the above step to the user.# For more information regarding the Teams federation configuration, see Manage external access in Microsoft Teams.Install-Module -Name MicrosoftTeamsfunction Grant-TeamsExternalAccessPolicy {param ([Parameter(Mandatory=$true)][string]$UserName,[Parameter(Mandatory=$true)][string]$Password,[Parameter(Mandatory=$true)][string]$UserPrincipalName)function Write-Log {param ([string]$Message,[string]$Color = "White")Write-Host "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') - $Message" -ForegroundColor $Color}# Import Teams moduleWrite-Log "Importing Teams module..." -Color YellowImport-Module MicrosoftTeams# Connect to tenantWrite-Log "Connecting to tenant..." -Color Yellow$SecurePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName, $SecurePasswordConnect-MicrosoftTeams -Credential $Credential# Find an external access policy with EnableFederationAccess set to trueWrite-Log "Searching for an external access policy with EnableFederationAccess set to 'true'..." -Color Yellow$Policy = Get-CsExternalAccessPolicy | Where-Object { $_.EnableFederationAccess -eq $true } | Select-Object -First 1if ($Policy) {Write-Log "Found policy: $($Policy.Identity)" -Color GreenWrite-Log "Granting policy to user '$UserPrincipalName'..." -Color Yellow# Grant the external access policy to the userGrant-CsExternalAccessPolicy -Identity $UserPrincipalName -PolicyName $Policy.IdentityWrite-Log "Policy granted successfully." -Color Green# Verify the granted policyWrite-Log "Verifying the granted policy..." -Color Yellow$UserPolicy = Get-CsOnlineUser -Identity $UserPrincipalName# $DBG$UserPolicy = Get-CsOnlineUser -Identity $UserPrincipalName | Select-Object -ExpandProperty ExternalAccessPolicyif ($UserPolicy -eq $Policy.Identity) {Write-Log "The policy '$($Policy.Identity)' has been successfully granted to the user '$UserPrincipalName'." -Color Green} else {Write-Log "The policy grant verification failed. Please check the user's policy settings." -Color Red}} else {Write-Log "No external access policy with EnableFederationAccess set to 'true' was found." -Color Red}# CleanupWrite-Log "Disconnecting from tenant..." -Color Yellow# Disconnect-MicrosoftTeams}Grant-TeamsExternalAccessPolicy -UserName "email address removed for privacy reasons" -Password "YOUR GLOBAL ADMIN PASSWORD" -UserPrincipalName "email address removed for privacy reasons"more detailshttps://learn.microsoft.com/en-us/skypeforbusiness/set-up-policies-in-your-organization/create-custom-external-access-policieseven clearing cache for Teams by removing the folder called Teams from appdata did not helphttps://www.uvm.edu/it/kb/article/clearing-teams-cache/
