Mar 22 2021 04:14 AM - edited Mar 23 2021 04:02 AM
Mar 22 2021 04:14 AM - edited Mar 23 2021 04:02 AM
I am getting very odd/inconsistent behaviours in this scenarios:
A user with Teams creates a private meeting (not in a channel) and invites external users (private/consumer email addresses and/or others who also have Teams/AAD account - not Teams Guests)
The behaviour I am expecting is that permissions are granted for shared file(s) to all the meeting's attendees (at least to those that were the recipients of the meeting invite) - maybe this is incorrect?
The first thing is that the organiser doesn't always see the clip icon to share files in the Meeting's chat
I know it's possible to still share files by going to the Chat section in Teams and share from the Teams meeting chat, but this is already odd
When the organiser shares a file, this is the behaviour for the attendees, this are the results I get:
"you don't have access to this file" Request access)
Click on the file in the meeting's chat:
Open in Browser:
The organiser's tenant has Anonymous link turned on in the SharePoint/OneDrive sharing settings (most permissive)
The file shared in the chat is uploaded in the organiser's OneDrive folder "Microsoft Teams Chat files" and is set to Private (in some cases it is set to Shared and one of the participant has been granted access, but the behaviour doesn't change for the participant)
Note: I am not referring to Guest users in Teams here, my scenario is about external users, who in the context of Teams meeting are all considered as Anonymous, no matter if they have a consumer email address or they have an AAD account (federated).
Mar 22 2021 12:31 PM
@mikkele Hello, difficult to grasp this one and to be honest I have only given it a brief reading. The main reason I decided to reply is the ending part with "Note:"
Maybe this will help.
- Anonymous users are external users not being federated or invited as guests.
- Federation is set up with external access in Teams.
- Guest access, also set up in Teams (enabled by default), are external users that has been invited to your organization and consequently having a guest account created in your organization's AAD. Sometimes it's necessary to invite an already federated user, for example. You can see the comparison table below.
This is why you have all the Teams meeting lobby options. You can have anonymous users only end up in the lobby, or both anonymous and federated being stuck in the lobby. While guest users with a guest account in your org. (being considered part of your org). let in directly when choosing "all in my org". A new lobby setting is coming where you can put your "true" guests (with an guest account in AAD) in the lobby as well.
Mar 23 2021 03:59 AM - edited Mar 23 2021 04:05 AM
@ChristianBergstrom thanks for your input
The reason for my Note was to point out that Anonymous is a type of user in the context of Teams meetings, so I'm afraid your definition is incorrect because even users that are federated are actually considered anonymous in the context of a Teams meeting
I am quoting here a Microsoft Article
Federated users have valid credentials with federated partners and are therefore treated as authenticated by Teams, but are still Anonymous to the meeting organizer tenant.
I have also updated my post to clarify that this scenario doesn't specifically include Teams Guests. The lobby topic is also completely outside the scope of this scenario.
I am very aware of the articles you linked, my problem is that nowhere in MS documentation or elsewhere I could find the answer to my question
Mar 23 2021 04:34 AM - edited Mar 23 2021 06:01 AM
@mikkele Well, I tend do disagree. Might even be wrong. Or the docs is wrong.
I only referred to the lobby settings because they differ between what kind of user you are. But as you are very aware of all settings please explain to me why they have differentiated between federated user and anonymous users with the lobby settings? I'd like to hear that.
Everyone in your organization and federated organizations:
"Authenticated users within the organization, including guest users and the users from trusted organizations (federated) join the meeting directly without waiting in the lobby. Anonymous users wait in the lobby."
Hence the Teams meeting treats them differently.
If we would go with what you're saying, or the docs you linked to, the lobby option above would put federated users in the lobby together with the anonymous users. The meeting lobby option would be obsolete to no use.
Why don't you just open up a support ticket with Microsoft to get an official answer? Please update this post when they reply.
And just to add to this post.
Federated user: NO
Guest user: YES
Mar 31 2021 07:46 AM
@mikkele Let's see what comes out of it "Users that do not belong to the tenant" · Issue #6936 · MicrosoftDocs/OfficeDocs-SkypeForBusiness (...
Apr 06 2021 06:43 AM
Apr 06 2021 07:22 AM
Apr 14 2021 12:54 AM
@mikkele Hello again, the MS docs article has now been corrected as it was incorrect. Here is the updated information Security guide for Microsoft Teams - Microsoft Teams | Microsoft Docs
Perhaps it will be easier for you to understand the sharing behavior now that you know that the user types are different (i.e. anonymous, guests and federated are separate things hence the different sharing experience).