signInAudience "AzureADMultipleOrgs"

* Set the ID of that application as "webApplicationInfo" in the manifest of the teams application developed by us
* Get an application token with a secret configured with this application from login.microsoft.com
* Send an activity notification with that application token to a user by it's ID (the notifications are sent by our application) via graph.microsoft.com

With this an activity notification can be sent to all users which have installed the teams application.

But that only works if the user which the notification should be sent is also in the same tenant than the application was registered. If the user has the application installed but is from an other tenant, an error message like "the user cannot be found in the tenant" occurs.

As the ID of the registered application is also part of the manifest I don't understand how it would be possible for an other organisation to install our teams application and we can send activity notifications to their users in their tenant. The other organisation could themselves register an application in their ADD with appropriate access rights and configure access to it so that our application could send notifications to their users, but as the ID is in the manifest this would not be possible as that ID always points to our tenant. I tried removing the "webApplicationInfo" entry from the manifest, but without it sending notification does not work at all.

What I am missing here?

My main questions:
* How would it be possible to send activity notifications to users in different tenants for a Teams application in the store (so no manifest change is possible)?
* Why is sending notifications restricted to only the tenant the application was registered in? Should a limitation to users which have the application installed not be enough restriction?

Thank you and regards,
Dominik