Forum Discussion
Best practice to add guest to AAD?
- Yeah, working on Desktop now, you used to not be able to pick, not sure when it got added, but it's there now :).
Anyway, so bottom line here, you should be able to chose, having a guest is not required. Test with my tenant if you wish, but if it works, and you can't do that with someone you're trying to reach and you don't get the "search externally for" and it doesn't connect, then they must not have their end configured, but inviting them or adding them as a guest to your tenant allows them to tenant switch to chat, which isn't the same as federation.
Anyway, let us know if you have other questions or need help with more testing.
ChrisWebbTech wrote:
federation(external access needs enabled in admin center on both sides)
they will have to tenant switch in the client to your tenant to participate in that chat. The only way to prevent this is to not have them as a guest and use the chat federation, but then they can't be in a Team. It's a mess
Your first point on having to enable external access on both ends might well be why the "just add them to chat" didn't work. I'll test this weekend.
Your second point couldn't be truer. The idea of switching tenants makes fine sense in theory, and without pondering too much it probably makes good if not essential sense from a security/access management perspective, but it's extremely cumbersome.
I think the answer to all this is to enter the people in AAD when possible; develop some written or video guide to administratively enabling federated chat and send a link to collaborating entities; and hope for the best.
In this context, is there any point--at all--in entering an external as a mail user? We had to do that for a few guests in order to get them into mail-enabled security groups, but with the ability to add them into AAD as guests it seems that a 'mail user' is no longer necessary or appropriate for externals. Thoughts?
According to my testing, adding an external to the Chat blade in Teams, i.e., not adding them to a team in the Teams blade, only works if they have been pre-added as a guest in AAD (assuming all other settings are correct).
- You do not have to add people to use external federation “chat” tab. If everything is setup properly. You click new chat and type in their email and you should get a “search externally for x” underneath. If you are not getting this then something going on with config somehow.
- Yes! What you are seeing is that teams found your guest account when searching for a person in chat! It can be confusing because this will start a chat within your tenant ( the person will see this when it’s switched to your tenant! Keep typing and search externally
- Well if they add people ahead of time and it has a match then they won’t get the option to chat externally. It’s one of the big disconnects between federation and having a local account that can get tricky to understand
ChrisWebbTech wrote:
You do not have to add people to use external federation “chat” tab. If everything is setup properly. You click new chat and type in their email and you should get a “search externally for x” underneath. If you are not getting this then something going on with config somehow.When everything is configured properly on my end to Teams with externals, and I click on the Chat tab to start a new chat, and enter the name of an external person who is not in my AAD, Teams responds with, "We didn't find any matches." Note that I have no idea how the organizations for those externals have configured their own Teams.
So, given that experience and the earlier replies here, would it be correct to state the following:
- I can chat (not in a team) with an external who is a guest in my AAD if their Teams is configured for external chat (I do this presently);
- I cannot chat with an external who is not in my AAD if their Teams is not configured for external chat (I receive the "We didn't find any matches" message); and
- My experience is inconclusive on whether I can chat with an external who is not in my AAD if their Teams is configured for external chat?
- Interesting. Because in the mobile app I can chat with guest or use federation. I couldn’t do that on desktop client previously. They either added it or mobile can do it only will test when I get home.
If you chat with a guest user they are switching to your tenant to chat with you most likely.
Anyway if you want to test federation use turismon@webbtech.org it has open federation you could send a message to.
