Mar 22 2021 04:14 AM - edited May 11 2021 01:13 AM
Mar 22 2021 04:14 AM - edited May 11 2021 01:13 AM
I am getting very odd/inconsistent behaviours in this scenarios:
A user with Teams creates a private meeting (not in a channel) and invites external users (private/consumer email addresses and/or others who also have Teams/AAD account - not Teams Guests)
The behaviour I am expecting is that permissions are granted for shared file(s) to all the meeting's attendees (at least to those that were the recipients of the meeting invite) - maybe this is incorrect?
The first thing is that the organiser doesn't always see the clip icon to share files in the Meeting's chat
I know it's possible to still share files by going to the Chat section in Teams and share from the Teams meeting chat, but this is already odd
When the organiser shares a file, this is the behaviour for the attendees, these are the results I get:
"you don't have access to this file" Request access)
Click on the file in the meeting's chat:
Open in Browser:
The organiser's tenant has Anonymous link turned on in the SharePoint/OneDrive sharing settings (most permissive)
The file shared in the chat is uploaded in the organiser's OneDrive folder "Microsoft Teams Chat files" and is set to Private (in some cases it is set to Shared and one of the participant has been granted access, but the behaviour doesn't change for the participant)
Note: I am not referring to Guest users in Teams here, my scenario is about external users, who in the context of Teams meeting are all considered as Anonymous (according to this MS article), no matter if they have a consumer email address or they have an AAD account (federated).
Mar 22 2021 12:31 PM
@mikkele Hello, difficult to grasp this one and to be honest I have only given it a brief reading. The main reason I decided to reply is the ending part with "Note:"
Maybe this will help.
- Anonymous users are external users not being federated or invited as guests.
- Federation is set up with external access in Teams.
- Guest access, also set up in Teams (enabled by default), are external users that has been invited to your organization and consequently having a guest account created in your organization's AAD. Sometimes it's necessary to invite an already federated user, for example. You can see the comparison table below.
This is why you have all the Teams meeting lobby options. You can have anonymous users only end up in the lobby, or both anonymous and federated being stuck in the lobby. While guest users with a guest account in your org. (being considered part of your org). let in directly when choosing "all in my org". A new lobby setting is coming where you can put your "true" guests (with an guest account in AAD) in the lobby as well.
Mar 23 2021 03:59 AM - edited Mar 23 2021 04:05 AM
@ChristianBergstrom thanks for your input
The reason for my Note was to point out that Anonymous is a type of user in the context of Teams meetings, so I'm afraid your definition is incorrect because even users that are federated are actually considered anonymous in the context of a Teams meeting
I am quoting here a Microsoft Article
Federated users have valid credentials with federated partners and are therefore treated as authenticated by Teams, but are still Anonymous to the meeting organizer tenant.
I have also updated my post to clarify that this scenario doesn't specifically include Teams Guests. The lobby topic is also completely outside the scope of this scenario.
I am very aware of the articles you linked, my problem is that nowhere in MS documentation or elsewhere I could find the answer to my question
Mar 23 2021 04:34 AM - edited Mar 23 2021 06:01 AM
@mikkele Well, I tend do disagree. Might even be wrong. Or the docs is wrong.
I only referred to the lobby settings because they differ between what kind of user you are. But as you are very aware of all settings please explain to me why they have differentiated between federated user and anonymous users with the lobby settings? I'd like to hear that.
Everyone in your organization and federated organizations:
"Authenticated users within the organization, including guest users and the users from trusted organizations (federated) join the meeting directly without waiting in the lobby. Anonymous users wait in the lobby."
Hence the Teams meeting treats them differently.
If we would go with what you're saying, or the docs you linked to, the lobby option above would put federated users in the lobby together with the anonymous users. The meeting lobby option would be obsolete to no use.
Why don't you just open up a support ticket with Microsoft to get an official answer? Please update this post when they reply.
And just to add to this post.
Federated user: NO
Guest user: YES
Mar 31 2021 07:46 AM
@mikkele Let's see what comes out of it "Users that do not belong to the tenant" · Issue #6936 · MicrosoftDocs/OfficeDocs-SkypeForBusiness (...
Apr 06 2021 06:43 AM
Apr 06 2021 07:22 AM
Apr 14 2021 12:54 AM
@mikkele Hello again, the MS docs article has now been corrected as it was incorrect. Here is the updated information Security guide for Microsoft Teams - Microsoft Teams | Microsoft Docs
Perhaps it will be easier for you to understand the sharing behavior now that you know that the user types are different (i.e. anonymous, guests and federated are separate things hence the different sharing experience).
May 11 2021 01:28 AM
May 11 2021 07:02 AM - edited Sep 09 2021 06:14 AMSolution
May 11 2021 07:13 AM - edited May 15 2021 02:57 AM
@mikkele Noticed you asked a similar question in February and I have updated that post as well Why is file sharing not available in chat between external users (federation)? - Microsoft Tech Comm...
May 14 2021 08:18 AM - edited May 14 2021 08:19 AM
@ChristianJBergstrom thanks for your input again and not giving up :)
would you mind being more precise as what you need to get an answer for?
If sharing files in a Teams meeting with external (not guests) is supposed to work.
The use case is pretty common actually. You organise a meeting and invite some internal users and some external users. You then share a file in the chat and would like that everyone can access the file
At this point it seems that the answer is that external users cannot access the file that has been shared.
And.. when it comes to meetings and sharing files this piece explains it pretty good
How to Share Files in Teams Meetings - It's Different to Outlook - Office 365 for IT Pros (office365...
After the meeting is created, any tenant user can upload files to the Files section of the Teams meeting workspace. Invitees outside the organization can’t share files in this way. However, they can share links to documents through chat after the meeting starts (they’ll have to make sure that the links grant access to meeting participants).
This kinda confirms that tenant users can access files shared in the chat (he calls it meeting workspace) but external users not
I think this is the most comprehensive article for guest sharing reference
Microsoft 365 guest sharing settings reference | Microsoft Docs
This is about Guest access, completely different use case. Guests have an account in the inviting tenant and have access to tenant resources
Noticed you asked a similar question in February
That one is not about Teams meeting thought. I replied now to that thread and disagree
May 14 2021 08:22 AM
May 14 2021 09:50 AM
May 14 2021 12:26 PM
@mikkele Hey! Just want to add this here as well. Can't believe how I missed this.. Will update my previous post.
May 14 2021 12:37 PM
May 14 2021 12:48 PM - edited May 15 2021 02:42 AM
For this use case we use the ”sharing links” as described in the link just above your latest reply. And perhaps a bit early to say anything about Teams Connect as it’s 6 months until GA.
May 16 2021 11:01 PM - edited May 17 2021 02:41 AM
@ChristianJBergstrom Referring to the article you posted the "Sharing in a Chat feature" has had a long bumpy road, and even now for me it doesn't seem to work. The way it should work is that when in Teams you paste a link to a file in SP/OneDrive you should get the 365 sharing options pop-up, but this doesn't happen for me anymore