Forum Discussion
Lobby Bypass - People in my organization and trusted organization
McCranium I wouldn't spend too long looking at this, as it's advising about features that simply don't exist. There is no graph api setting to control lobby access so you can't develop or find third party solutions to change the products capabilities in this area.
Kinda reads like a ChatGPT response making stuff up to me.
McCranium I'm not sure I understand the question. These are the options I have in a meeting policy for lobby control.
People in My Org and Guests would seem to be the option you want if you are going to use Azure AD Cross Tenant Sync to create guest accounts for this other tenant. The story however isn't quite complete, as they will only be joining your meeting as a guest if they have switched to your tenant already before joining the meeting. If they don't switch they aren't treated as a guest. The missing link is in the new Teams 2.1 client that is now in Public Preview, it will always attempt to join using an account in that tenant, so auto-switching that window.
The option with Guest and Trusted Organisations might be a better way to go until the new client is fully available, a Trusted Organisation is one you list it's domain for federation under External Access. Combine that with guests and then they should always avoid the lobby.
Yes, people in my org and guests would be the easiest way to go except there are other organizations (e.g., our managed services provider) that also have guest accounts in our AAD tenant and so the people in my org and guests if used with cross-tenant sync (which would work) seems to be nullified by these other individuals that have guest accounts, because we don't want them to bypass the lobby.
There are two specific tenants (our subsidiaries) that they want to bypass the lobby along with people in our org but everyone else needs to wait in the lobby. This is what we've been asked to do. So, people in my org and two specific other tenants (cross-tenant synced) but not ALL guests. Seems like this is not an option at the moment.
I did do some tests with Teams 2.0 or New Teams and had a cross-tenant sync'd account sign into our tenant and they were no longer treated as a guest or external but in order to achieve this I had to assign them a license for Teams. Also I had my meeting policy bypass setting to "people in my org" and this sync'd user despite logging into our tenant was still held in the lobby. I've got a ticket open with MSFT but I believe there is no solution at the moment.
McCranium I don't actually know if it makes a difference to lobby settings, but have you tried configuring your cross tenant sync to create external members rather than external guests? Properties of a B2B guest user - Microsoft Entra | Microsoft Learn
External member is the preferred config for a subsidiary, I'm not sure it achieves anything right now but there are some new features in the future that will benefit from having External Members.
The point around the Teams 2.1 client is that it switches to the local guest or user account when joining a meeting, with the current Teams 1.x client it will use whichever identity the user was currently using, so even if you had a guest account you could still join as an external user if you were using Teams in your home tenant.
- Thanks Steven, understood. We've tested cross-tenant sync to set the attribue userType=Member and it has no effect on the lobby setting. I've tested with Teams 2.1 and yes, the only setting that worked was when the guest connected to Teams via our tenant and was able to bypass. Regardless of that, this is not what the leadership expected or wanted so we'll be making some kind of different choice or compromise. Thank you for all of your suggestions and assistance. I have a way forward, it just wasn't what I was expecting. Thank you again.