11-08-2019 02:18 PM
11-08-2019 02:18 PM
I was Ignite for the first time and an MVP, Chris is memory serves, suggested I post this here because he had not heard of this kind of an issue before. The end result we are looking for is for a public school director needs to access a team as a guest in you local government's tenant. She receives and accepts the invite successfully in our tenant and the logon is added to the drop down in the upper right corner like you would expect. She has a teams license in our tenant and is a member of our pilot team as well as a volunteer organization's team that she is a member of. When she hits the drop-down list and select's our local government's option she is prompted to logon again. I am not sure if I redacted too much but there is a screen cap of it in the top part of the inserted pic at the bottom along with the two following prompts. LMK if I took too much data out...
Thanks in advance to anyone who can point me in the right direction etc!
If that doesn't work, try signing out and back in.
Error code - 4c7
There's a more permanent way to sign in to Microsoft Teams. If you're having trouble completing the process, talk to your IT admin.
11-09-2019 03:12 AM
11-11-2019 06:24 AM - edited 11-11-2019 07:41 AM
Thanks for the idea Rob! I have some additional information at this point that may support your conclusion but wanted to double check to see if you can think of anything additional because I want to make sure we do our due diligence before trying to work across systems, which can be complicated...
The fact that I can use the iOS Teams App but not the PC app on either a HAADJ or personal computer seems to point to a conditional access policy like you suggested. The only remaining piece I am puzzled by is the fact that when Teams requests my password again, the failure screen presented to contact for additional support is support page rather the one for their tenant. I would expect it to be their support contact info if it is their tenant that is refusing access rather than ours if it was their tenant preventing access. Do you have any ideas on why that might be?
One other point that I am not sure is related is Modern Authentication. The final error code seems to point to a different problem but the root cause is a failure to successfully use modern authentication. My tenant does not have that turned on at this point but I suspect the domain we are trying to collaborate with does as they have enabled MFA for all their users already. Could this be a relevant point? I am new to my architect role (just coming up-to-speed on our MS Tenant) and am reluctant to enable Modern Authentication for our entire domain without understanding the full implications to my users just to test this theory.
Finally, the only other thing I can think of to test is asking them to invite my personal account instead of my work account to see if that makes a difference however, I don't think think that would help differentiate the issue regardless of if it works or not because both cases would not change the conditional access theory. Do you think that would be a moot point like I suspect it will be?
Thanks for any additional input!
11-13-2019 03:32 AMSolution
11-17-2019 04:30 AM
11-17-2019 09:18 AM
@Busted1942 sounds like the tenant admins need to have a policy that better allows guests, it's not really viable to predict or list guests IP addresses.