Expected behaviour when sharing files in a meeting with external users

Contributor

I am getting very odd/inconsistent behaviours in this scenarios:

A user with Teams creates a private meeting (not in a channel) and invites external users (private/consumer email addresses and/or others who also have Teams/AAD account - not Teams Guests)

 

The behaviour I am expecting is that permissions are granted for shared file(s) to all the meeting's attendees (at least to those that were the recipients of the meeting invite) - maybe this is incorrect?

 

The first thing is that the organiser doesn't always see the clip icon to share files in the Meeting's chat

mikkele_0-1616410680290.png

I know it's possible to still share files by going to the Chat section in Teams and share from the Teams meeting chat, but this is already odd

 

When the organiser shares a file, this is the behaviour for the attendees, this are the results I get:

mikkele_4-1616411182775.png

 

  • Cannot open the file (click on it, nothing happens or get the message 

    "you don't have access to this file" Request access)

  • Cannot open in Browser (asks to sign in into the inviting tenant)
  • Can open it in desktop app (If it's an Office document like Word)
  • Cannot download the file ("the file didn't download")

 

Click on the file in the meeting's chat:

mikkele_2-1616411090177.png

 

Open in Browser:

mikkele_3-1616411103499.png

 

The organiser's tenant has Anonymous link turned on in the SharePoint/OneDrive sharing settings (most permissive)

 

The file shared in the chat is uploaded in the organiser's OneDrive folder "Microsoft Teams Chat files" and is set to Private (in some cases it is set to Shared and one of the participant has been granted access, but the behaviour doesn't change for the participant)

mikkele_6-1616411328495.png

 

 

 

Note: I am not referring to Guest users in Teams here, my scenario is about external users, who in the context of Teams meeting are all considered as Anonymous, no matter if they have a consumer email address or they have an AAD account (federated).

7 Replies

@mikkele  Hello, difficult to grasp this one and to be honest I have only given it a brief reading. The main reason I decided to reply is the ending part with "Note:"

 

Maybe this will help.

 

- Anonymous users are external users not being federated or invited as guests.
- Federation is set up with external access in Teams.
- Guest access, also set up in Teams (enabled by default), are external users that has been invited to your organization and consequently having a guest account created in your organization's AAD. Sometimes it's necessary to invite an already federated user, for example. You can see the comparison table below.

 

This is why you have all the Teams meeting lobby options. You can have anonymous users only end up in the lobby, or both anonymous and federated being stuck in the lobby. While guest users with a guest account in your org. (being considered part of your org). let in directly when choosing "all in my org". A new lobby setting is coming where you can put your "true" guests (with an guest account in AAD) in the lobby as well.

 

Manage external access (federation) - Microsoft Teams | Microsoft Docs

 

Guest access in Microsoft Teams - Microsoft Teams | Microsoft Docs

 

Use guest access and external access to collaborate with people outside your organization - Microsof...

 

 

@ChristianBergstrom thanks for your input
The reason for my Note was to point out that Anonymous is a type of user in the context of Teams meetings, so I'm afraid your definition is incorrect because even users that are federated are actually considered anonymous in the context of a Teams meeting
I am quoting here a Microsoft Article
Federated users have valid credentials with federated partners and are therefore treated as authenticated by Teams, but are still Anonymous to the meeting organizer tenant.

 

I have also updated my post to clarify that this scenario doesn't specifically include Teams Guests. The lobby topic is also completely outside the scope of this scenario.

I am very aware of the articles you linked, my problem is that nowhere in MS documentation or elsewhere I could find the answer to my question

@mikkele Well, I tend do disagree. Might even be wrong. Or the docs is wrong.

 

I only referred to the lobby settings because they differ between what kind of user you are. But as you are very aware of all settings please explain to me why they have differentiated between federated user and anonymous users with the lobby settings? I'd like to hear that.

 

Everyone in your organization and federated organizations:

 

"Authenticated users within the organization, including guest users and the users from trusted organizations (federated) join the meeting directly without waiting in the lobby. Anonymous users wait in the lobby."

 

Hence the Teams meeting treats them differently.

 

If we would go with what you're saying, or the docs you linked to, the lobby option above would put federated users in the lobby together with the anonymous users. The meeting lobby option would be obsolete to no use.

 

Why don't you just open up a support ticket with Microsoft to get an official answer? Please update this post when they reply.

 

And just to add to this post.

Share files

Federated user: NO

Guest user: YES

Thanks for the update, I understand your point about the lobby, and you are right it is somehow related to this topic. However my main focus is about file sharing so I'll try to keep this thread focused on that.
If the definition of Microsoft about all external users being considered anonymous in a meeting is correct, it shouldn't play a role in sharing files
It will be good to get the docs correct anyway. But the share files only applies ”yes” for guest users (external users with a guest account in AAD). Federated and anonymous ”no”.

@mikkele Hello again, the MS docs article has now been corrected as it was incorrect. Here is the updated information Security guide for Microsoft Teams - Microsoft Teams | Microsoft Docs

 

Perhaps it will be easier for you to understand the sharing behavior now that you know that the user types are different (i.e. anonymous, guests and federated are separate things hence the different sharing experience).