Forum Discussion

simon_bedsys's avatar
simon_bedsys
Copper Contributor
Apr 02, 2020
Solved

External contact have upgraded to "Teams Only" mode but still show up as a SfB contact

One of our customers have recently changed their Coexistence mode to "Teams Only" after using Teams for some while in Island mode. But in my Teams chat client the contacts still shows the Skype logo ...
Administrator
Chat
community
microsoft teams
Settings
User Interface
  • adam deltinger's avatar
    adam deltinger
    Apr 02, 2020
    It can take well over 2; hours for everything to settle in! Give it some more time
ParLinderoth's avatar
ParLinderoth
Iron Contributor
Aug 20, 2020
I believe you need to add the contact again to get a new "message thread". The old message thread can be hidden.
Abdullah_Ollivierre's avatar
Abdullah_Ollivierre
Copper Contributor
Apr 12, 2023

ParLinderoth 

 

fixed after using the M365 admin center diagnostics tool. TLDR user had an external access policy different from every one else

  1. Yes that was the issue. This user had the NoFederationAndPIC value set to their ExternalAccessPolicy Fixed with Grant-CsExternalAccessPolicy -Identity $UserPrincipalName -PolicyName $Policy.Identity (edited)
     
    Now they are showing in Teams as Teams when looked up externally from another Teams tenant

 

 

Here is the PowerShell script/magic to fix this external access policy

 

# The external access policy granted to the user does not allow the user to communicate ...

# To enable the user to communicate with external users, do the following:

#     Connect to Skype for Business remote PowerShell console to manage your Teams environment. For detailed steps, see Manage Skype for Business Online with PowerShell.
#     Run the PowerShell command Get-CsExternalAccessPolicy to locate an external access policy where the parameter EnableFederationAccess is set to 'true'.
#     Run the PowerShell command Grant-CsExternalAccessPolicy to grant the external access policy found in the above step to the user.

# For more information regarding the Teams federation configuration, see Manage external access in Microsoft Teams.

Install-Module -Name MicrosoftTeams
function Grant-TeamsExternalAccessPolicy {
    param (
        [Parameter(Mandatory=$true)]
        [string]$UserName,
        [Parameter(Mandatory=$true)]
        [string]$Password,
        [Parameter(Mandatory=$true)]
        [string]$UserPrincipalName
    )

    function Write-Log {
        param (
            [string]$Message,
            [string]$Color = "White"
        )
        Write-Host "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') - $Message" -ForegroundColor $Color
    }

    # Import Teams module
    Write-Log "Importing Teams module..." -Color Yellow
    Import-Module MicrosoftTeams

    # Connect to tenant
    Write-Log "Connecting to tenant..." -Color Yellow
    $SecurePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force
    $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName, $SecurePassword
    Connect-MicrosoftTeams -Credential $Credential

    # Find an external access policy with EnableFederationAccess set to true
    Write-Log "Searching for an external access policy with EnableFederationAccess set to 'true'..." -Color Yellow
    $Policy = Get-CsExternalAccessPolicy | Where-Object { $_.EnableFederationAccess -eq $true } | Select-Object -First 1

    if ($Policy) {
        Write-Log "Found policy: $($Policy.Identity)" -Color Green
        Write-Log "Granting policy to user '$UserPrincipalName'..." -Color Yellow

        # Grant the external access policy to the user
        Grant-CsExternalAccessPolicy -Identity $UserPrincipalName -PolicyName $Policy.Identity
        Write-Log "Policy granted successfully." -Color Green

        # Verify the granted policy
        Write-Log "Verifying the granted policy..." -Color Yellow
        $UserPolicy = Get-CsOnlineUser -Identity $UserPrincipalName
        # $DBG
        $UserPolicy = Get-CsOnlineUser -Identity $UserPrincipalName | Select-Object -ExpandProperty ExternalAccessPolicy

        if ($UserPolicy -eq $Policy.Identity) {
            Write-Log "The policy '$($Policy.Identity)' has been successfully granted to the user '$UserPrincipalName'." -Color Green
        } else {
            Write-Log "The policy grant verification failed. Please check the user's policy settings." -Color Red
        }
    } else {
        Write-Log "No external access policy with EnableFederationAccess set to 'true' was found." -Color Red
    }

    # Cleanup
    Write-Log "Disconnecting from tenant..." -Color Yellow
    # Disconnect-MicrosoftTeams
}


Grant-TeamsExternalAccessPolicy -UserName "email address removed for privacy reasons" -Password "YOUR GLOBAL ADMIN PASSWORD" -UserPrincipalName "email address removed for privacy reasons"
 
 
more details
https://learn.microsoft.com/en-us/skypeforbusiness/set-up-policies-in-your-organization/create-custom-external-access-policies
 
even clearing cache for Teams by removing the folder called Teams from appdata did not help
 
https://www.uvm.edu/it/kb/article/clearing-teams-cache/
 

Resources