In the modern workplace, effective collaboration with external partners is essential to drive positive business outcomes. External collaboration could range from adhoc chats with a vendor to more structured or long-term collaboration with suppliers or business partners.
Microsoft 365 provides multiple options when collaborating with external organizations in Microsoft Teams. With the recent public preview rollout of Microsoft Teams Connect shared channels, organizations have an additional option to collaborate externally. In this blog, we want to cover common use cases and key considerations when managing external collaboration in Teams.
Before diving into options, it’s important to outline the underlying technologies behind Teams Connect shared channels, external access, and guest access.
Teams Connect shared channels (public preview) enables Teams users, including external participants from other Azure AD organizations, to collaborate in a shared workspace. Shared channels users can leverage the collaborative capabilities Teams offers with people internal and external to their organization. To help reduce oversharing of information, members of shared channels can only access resources within that shared channel and do not have access to the parent team. Any external shared channel users are a member of will show up alongside the rest of their teams and channels in their own organizations. Users don’t have to tenant switch to collaborate externally.
Users can have conversations, schedule a meeting, share and co-author files, and collaborate on apps without ever switching organizations in their Teams client. External users are easily identifiable with a label (External) next to their name.
External collaboration is turned off by default. Sharing channels with people outside your organization requires that you configure cross-tenant access settings in Azure AD. Each organization that you want to share channels with must also complete this configuration. These access settings can be configured at user, group, and application level.
Teams admins can use Teams policies to control which users can create a shared channel, share channels with people outside the organization, and participate in an external shared channel. From a compliance standpoint, shared channels supports a full range of Microsoft Purview information protection capabilities. In a cross-tenant scenario when a channel is shared with another tenant the host tenant’s compliance policies will apply to the channel. Similarly, when a channel is shared with another team the sensitivity label of the host team will apply.
Shared channels scenario. Contoso is a professional services organization who works with external agencies and business partners that IT must support. Contoso marketing is working on a project that has dedicated workstreams but needs to include multiple internal and external stakeholders. All stakeholders are added to the appropriate shared channel for their workstream, centralizing collaboration without oversharing access to other workstreams or resources. The shared channel members can work on the workstream-specific files, apps, and meet as needed.
External access allows Teams users to communicate with people from other organizations. External access in Teams enables users to see availability, find, call, chat, and set up meetings with external organizations who also permit external access in Teams.
When communicating through external access with external members, users see notifications and chats inside their Teams client. This means that users do not need to manage switching organizations when communicating through external access in Teams. Users can easily recognize if someone has external access if (External) is displayed after the name. Chats, chat list, and notifications also contain an external tag.
External access is managed through the Teams admin center and PowerShell where PowerShell is used for user-level policies. IT has multiple options to manage external access depending on the type of federation being established, including the option to disable communications with external Teams users who are not using an organizational account.
External access scenario. Contoso is a professional services organization which frequently works with external organizations where communication is primarily chat and calls. Contoso’s IT manages external access so users can easily communicate as needed. For project-based or structured work where access to documents and other team resources is needed, Contoso would otherwise use guest access or shared channels in addition to external access.
For more information on external access, please see Manage external access in Microsoft Teams.
Guest access enables collaboration with users external to the organization by adding them as guests to your organization’s Azure Active Directory. Guest access enables external users to have broad access to organization data and applications beyond Teams channels. External users will have to switch tenants to collaborate in Teams in other organizations. Bringing a guest into Teams allows them to have access to private channels they’re invited to and all standard channels in the team.
An important distinction with guest access in Teams is that external users need to switch organizations in their Teams client to collaborate in the guest organization. Guests are easily identifiable with a label (Guest) next to their name.
Teams guest access is managed through the Teams admin center, but guest accounts are managed through the Azure Active Directory admin center. Once a guest is invited to the organization, a guest account is created for them in Azure Active Directory.
Generally, guest access can be useful for working with business partners, vendors, or suppliers. It is important to establish a guest hygiene process to remove guest accounts when no longer needed.
Guest access scenario. Contoso is a professional services organization working with a contractor who supports the marketing team as an extended team member listed in the organization’s directory. The contractor requires access to an entire Teams team and line of business applications. Contoso IT invites the contractor as guest user. Once the contractor’s work has ended, Contoso IT removes their access and guest user account. Although removed as guest users, Contoso and the contractor can reconnect on chat as needed through external access.
For more information on guest access, please see guest access in Microsoft Teams.
Microsoft Teams provides multiple options to safely communicate and collaborate with someone outside of the organization. The type of collaboration and access level needed for the external participant often determines which option fits best.
An important note is that these options are not mutually exclusive – they can be used together to help drive seamless collaboration. Many organizations leverage a combination of these external collaboration options depending on the business scenario and need. For example, users collaborating in a shared channel may naturally want to have a one-on-one or group chat discussion with external users unrelated to the channel structure. If IT has enabled the user for both shared channels and external access, they can continue their conversation as normal without disrupting the channel.
For more information on how you can collaborate externally with Teams, please see these resources:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.