SOLVED

Best Way to Deploy Teams in Confidential Environment

%3CLINGO-SUB%20id%3D%22lingo-sub-1456434%22%20slang%3D%22en-US%22%3ERe%3A%20Best%20Way%20to%20Deploy%20Teams%20in%20Confidential%20Environment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1456434%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F696387%22%20target%3D%22_blank%22%3E%40CSI_Guy%3C%2FA%3E%26nbsp%3B%20this%20is%20great%20U%20guys%20are%20using%20Teams%20or%20moving%20towards%20Microsoft%20Teams%3B%3C%2FP%3E%3CP%3Esecondly%20yes%20you%20have%20the%20ability%20to%20add%20Shared%20Mailboxes%20as%20the%20member%20in%20Teams%20but%20the%20issue%20is%20those%20Shared%20Mailboxes%20may%20have%20more%20than%20one%20user%20and%20if%20those%20users%20do%20not%20have%20emails%20how%20we%20can%20add%20them%20to%20shared%20Mailboxes%2C%20besides%20if%20someone%20does%20not%20have%20a%20regular%20email%20account%20s%2Fhe%20can't%20login%2Fuse%20shared%20Mailbox.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20best%20practice%20is%20to%20give%20Teams%20license%20to%20everyone%20who%20got%20regular%20email%20account%20%26amp%3B%20mailbox%20which%20they%20could%20use%20full%20features%20of%20Teams%20Chat%2C%20Conversation%2C%20Audio%20%26amp%3B%20Vido%20calls%2C%20and%20post%20in%20channels.%3CBR%20%2F%3E%3CBR%20%2F%3ETeams%20in%20Teams%20will%20be%20created%20as%20private%20groups%20one%20for%20all%20company%20and%20then%20based%20on%20each%20group%20you%20could%20even%20have%20a%20private%20channel%20or%20standard%20channels%20base%20on%20the%20requirement.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20guys%20are%20only%20sending%20email%20between%20your%20own%20self%20the%20best%20way%20is%20using%20Teams%20either%20posting%20or%20making%20announcement%20in%20general%20channel%20if%20that%20is%20for%20everyone%20or%20post%20in%20private%20channel%20if%20that%20is%20only%20for%20specific%20group%20of%20people.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1456667%22%20slang%3D%22en-US%22%3ERe%3A%20Best%20Way%20to%20Deploy%20Teams%20in%20Confidential%20Environment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1456667%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F181929%22%20target%3D%22_blank%22%3E%40Pervaiz%20Dostiyar%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20currently%20have%20a%20shared%20email%20(general)%20and%20aliases%20setup%20for%20each%20workstation.%20So%20everyone%20is%20using%20General%2C%20but%20individually%20they%20see%20their%20aliases%20as%20CSI%2001%2C%20CSI%2002%2C%20CSI%2003%2C%20etc.%20matching%20the%20workstation%20they%20they%20are%20assigned%20to.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20only%20issue%2C%20is%20I%20don't%20want%20them%20to%20have%20the%20ability%20to%20sign%20in%20from%20outside%20the%20company%20(easiest%20way%20to%20do%20that%20is%20just%20control%20the%20account%20used%20to%20sign%20in).%20So%20I%20don't%20want%20them%20to%20be%20able%20to%20%22sign%20in%22%20to%20either%20the%20Teams%20or%20the%20email%20-%20as%20it%20stands%2C%20everything%20is%20setup%20and%20managed%20by%20our%20IT%20(myself).%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20not%20so%20much%20worried%20about%20what%20content%20they%20have%20access%20to%2C%20but%20just%20to%20ensure%20that%20they%20cannot%20log%20in%20outside%20of%20work%20due%20to%20confidentiality.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1456383%22%20slang%3D%22en-US%22%3EBest%20Way%20to%20Deploy%20Teams%20in%20Confidential%20Environment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1456383%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20there%2C%20our%20company%20is%20exploring%20the%20use%20of%20Teams%20to%20help%20push%20out%20department%2Fcompany%20announcements%20immediately%20rather%20than%20waiting%20on%20memos%20or%20meetings%20to%20do%20the%20same%20thing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20relatively%20strict%20on%20our%20policies%2C%20most%20of%20our%20employees%20have%20access%20to%20email%20out%20but%20do%20not%20receive%20emails%2C%20using%20shared%20MS%20Exchange%20accounts.%20So%20we%20have%20between%2030-40%20people%2C%20and%20we%20have%20the%20ability%20to%20set%20up%208%20seats%20of%20Teams%20(paid%20version)%20between%20our%20existing%20Microsoft%20accounts.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20the%20remaining%20employees%2C%20we%20do%20not%20want%20to%20require%20them%20to%20setup%20a%20new%20account%20to%20use%20Teams%2C%20nor%20do%20we%20want%20them%20to%20have%20to%20use%20their%20personal%20email%20account%20(primarily%20for%20security%20reasons).%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20let%20them%20login%20using%20%22aliases%22%20made%20from%20one%20of%20our%20shared%20email%20accounts%3F%20Or%20what%20would%20be%20another%20good%20option%20to%20keep%20the%20accounts%20used%20controlled%20by%20the%20company%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20help%20me%20out%20with%20the%20best%20way%20to%20do%20this%2C%20between%20seasonal%20workers%20and%20temp%20workers%2C%20we%20have%20high%20turnaround%20for%20about%20half%20of%20the%20office%20-%20so%20the%20ability%20to%20reuse%20accounts%20would%20be%20handy%20if%20possible.%20I%20am%20just%20setting%20up%20Teams%20to%20test%20between%20my%20PC%2C%20laptop%20and%20phone%2C%20so%20I%20am%20not%20too%20familiar%20with%20it%20yet.%20None%20of%20the%20guides%20or%20videos%20really%20explore%20my%20topic%20here.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1456383%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EBest%20Practices%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ETips%20%26amp%3B%20Tricks%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1457027%22%20slang%3D%22en-US%22%3ERe%3A%20Best%20Way%20to%20Deploy%20Teams%20in%20Confidential%20Environment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1457027%22%20slang%3D%22en-US%22%3E%3CP%3EOkay%2C%20so%20I%20think%20I%20figured%20it%20out!%20(Holy%20crap%20batman!)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%2C%20I%20revisited%20using%20the%20email%20aliases%20from%20the%20shared%20email%20account.%20Turns%20out%20that%20it%20will%20work%20with%20some%20(A%20LOT)%20of%20massaging.%26nbsp%3B%20First%20of%20all%2C%20our%20company%20has%20NEVER%20had%20to%20use%20to%20access%20Azure%20Active%20Directory%2C%20so%20the%20fact%20that%20I%20had%20to%20for%20this%20is%20immediately%20frustrating.%20Anyhow%2C%20once%20logged%20into%20the%20AAD%2C%20navigate%20to%20your%20users.%20There%20you%20will%20see%20the%20alias%20accounts.%20Since%20the%20issue%20was%20with%20the%20password%2C%20select%20an%20alias%20user%20and%20choose%20to%20Reset%20Password.%20There%20was%20technically%20no%20password%20associated%20with%20the%20alias%20account%2C%20even%20though%20it%20was%20created%20from%20an%20account%20with%20a%20password.%20Make%20sure%20to%20document%20your%20temporary%20password.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGo%20back%20to%20Teams%20now%2C%20login%20with%20your%20alias'%20email%2C%20using%20your%20temporary%20password.%20Once%20you%20login%2C%20it%20will%20prompt%20you%20to%20change%20your%20password%20(I%20just%20set%20it%20to%20the%20same%20as%20the%20Master%20Account).%20And%26nbsp%3Bvoil%C3%A0!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hello there, our company is exploring the use of Teams to help push out department/company announcements immediately rather than waiting on memos or meetings to do the same thing.

 

We are relatively strict on our policies, most of our employees have access to email out but do not receive emails, using shared MS Exchange accounts. So we have between 30-40 people, and we have the ability to set up 8 seats of Teams (paid version) between our existing Microsoft accounts. 

 

For the remaining employees, we do not want to require them to setup a new account to use Teams, nor do we want them to have to use their personal email account (primarily for security reasons). 

 

Is there a way to let them login using "aliases" made from one of our shared email accounts? Or what would be another good option to keep the accounts used controlled by the company?

 

Please help me out with the best way to do this, between seasonal workers and temp workers, we have high turnaround for about half of the office - so the ability to reuse accounts would be handy if possible. I am just setting up Teams to test between my PC, laptop and phone, so I am not too familiar with it yet. None of the guides or videos really explore my topic here.

 

3 Replies
Highlighted

@CSI_Guy  this is great U guys are using Teams or moving towards Microsoft Teams;

secondly yes you have the ability to add Shared Mailboxes as the member in Teams but the issue is those Shared Mailboxes may have more than one user and if those users do not have emails how we can add them to shared Mailboxes, besides if someone does not have a regular email account s/he can't login/use shared Mailbox.

 

The best practice is to give Teams license to everyone who got regular email account & mailbox which they could use full features of Teams Chat, Conversation, Audio & Vido calls, and post in channels.

Teams in Teams will be created as private groups one for all company and then based on each group you could even have a private channel or standard channels base on the requirement.

 

If you guys are only sending email between your own self the best way is using Teams either posting or making announcement in general channel if that is for everyone or post in private channel if that is only for specific group of people.

Highlighted

@Pervaiz Dostiyar 

We currently have a shared email (general) and aliases setup for each workstation. So everyone is using General, but individually they see their aliases as CSI 01, CSI 02, CSI 03, etc. matching the workstation they they are assigned to. 

 

My only issue, is I don't want them to have the ability to sign in from outside the company (easiest way to do that is just control the account used to sign in). So I don't want them to be able to "sign in" to either the Teams or the email - as it stands, everything is setup and managed by our IT (myself). 

 

We are not so much worried about what content they have access to, but just to ensure that they cannot log in outside of work due to confidentiality. 

Highlighted
Best Response confirmed by CSI_Guy (New Contributor)
Solution

Okay, so I think I figured it out! (Holy crap batman!)

 

So, I revisited using the email aliases from the shared email account. Turns out that it will work with some (A LOT) of massaging.  First of all, our company has NEVER had to use to access Azure Active Directory, so the fact that I had to for this is immediately frustrating. Anyhow, once logged into the AAD, navigate to your users. There you will see the alias accounts. Since the issue was with the password, select an alias user and choose to Reset Password. There was technically no password associated with the alias account, even though it was created from an account with a password. Make sure to document your temporary password.

 

Go back to Teams now, login with your alias' email, using your temporary password. Once you login, it will prompt you to change your password (I just set it to the same as the Master Account). And voilà!