SOLVED

Unable to add guest user in Shared Channel

Brass Contributor

I've enabled preview to test out the Shared Channel feature, but am unable to add external users. I've followed everything within this article, but still get the message "We didn't find any matches. Talk to your IT admin about expanding the scope of your search." I'm able to add guest users to a Team, so not sure why I can't in a Shared Channel. Anyone else having this issue, or have successfully added guests to Shared Channels? 

11 Replies
I had the same issue at first, I set the B2B direct connect for inbound and outbound access settings in the cross-tenant access settings to allow access for all applications which resolved the issue for me. This has to be done for both source and target tenants.

It took a few hours after making the changes before I was able to start using shared channels.
Oh, thank you! I thought I had set this, but turns out it didn't save. Will post back if that worked.

@D_K To add, as well as setting the Cross Tenant Access Policy on both sides. you also need to have the Team/Channel Policy allowing the remote tenants users to be invited to external teams. It should be by default, but I had been messing and it caught me out.

Also if you have Sensitivity Labels applied to Teams that prevent sharing Teams with external users that will remove the option to choose anyone outside your tenant.

@Steven Collier @D_K It's still not working... When you say setting the Cross Tenant Access Policy on both sides, does that mean the guest hast to be within an Azure tenant? What about adding a guest from a gmail? Do they needed to be added as a guest in AAD first? I tried this and still no luck. 

Also, all the Teams settings look right, no sensitivity labels. 

best response confirmed by Therese_Solimeno (Moderator)
Solution

@gavinarblaster 

The cross-tenant access settings is for Shared channels between two Azure AD orgs and both orgs need to configure their respective Azure AD cross-tenant settings allow shared channels to work. The information in the cross-tenant access settings page in Azure AD says non-Azure AD orgs use the collaboration settings.

 

I have not tried inviting non-Azure domains to a shared channel yet, but I did read in a couple blogs that shared channels only support Azure AD domains at the moment.

 

 

@D_K Thanks for the info. Seems like Shared Channels are more for having other tenant users, that are B2B configured, see channels without switching tenant and adding members of other teams in your tenant to just one channel. I think we'll just create a new Team for regular guest user access. 

Cheers!

@gavinarblaster yes, shared channels will only support people with Teams in another tenant, it doesn't support any other account types (yet).

Although this specific question was answered, the thread originated inquiring about adding guest users to a Shared Channel. IT Admins with access to the Microsoft 365 Admin Center have step-by-step guidance to set up and deploy Teams using the Microsoft Teams deployment guide.

 

The Microsoft Teams deployment guide will assist with:

  • Security groups
  • Deploying Teams with Intune
  • Configuring teams and channels

With the deployment guide open to the Organization step, select the link at the bottom of the page titled, Overview of teams and channels in Microsoft Teams, followed by selecting Overview of shared channels found in the Microsoft documentation site.

To add on here, you cannot add guests to shared channels. You can add external users, but if they resolve to guest objects in your tenant, it will not work. see this table:

Screenshot 2022-08-25 162808.png

 

 

Also, if you are trying to add an external user to a shared channel, as mentioned above, this takes a while, in my case a couple of hours. I kept getting a generic error in the portal, but F12 revealed a more descriptive message (below). I just kept clicking the "Add" button and it eventually worked.

 

"error": {
                    "code": "Forbidden",
                    "message": "User is not allowed to be added due to xTap.",
                    "innerError": {
                        "message": "User is not allowed to be added due to xTap.",
                        "code": "CurrentInviteeForbidden",
                        "innerError": {},
                        "date": "2022-08-25T19:14:32",
                        "request-id": "d19c247b-0a57-4d98-81a0-cad718b68e11",
                        "client-request-id": "d19c247b-0a57-4d98-81a0-cad718b68e11"
                    }

 

Everything configured in both tenants but still not able to add external users to shared channel? Configuration was done in both tenants yesterday so one would think it should have provisioned by now. Any ideas anyone?
We've also found that if the external user is not visible in the GAL (via the Office 365 option "hide from GAL") they also cannot be added to a Shared Channel.
1 best response

Accepted Solutions
best response confirmed by Therese_Solimeno (Moderator)
Solution

@gavinarblaster 

The cross-tenant access settings is for Shared channels between two Azure AD orgs and both orgs need to configure their respective Azure AD cross-tenant settings allow shared channels to work. The information in the cross-tenant access settings page in Azure AD says non-Azure AD orgs use the collaboration settings.

 

I have not tried inviting non-Azure domains to a shared channel yet, but I did read in a couple blogs that shared channels only support Azure AD domains at the moment.

 

 

View solution in original post