Jan 24 2019 12:46 AM
Jan 24 2019 12:46 AM
I have a Yammer network with a number of external users. At the moment they are unable to watch a video in a yammer post if stored in Stream. I understand why, so that is not my question :)
But next month my external users will have a AAD account created by the self service sign-up I am going to setup soon.
Does that mean they the external users will be able to watch a Stream stored video in a yammer post then? I am thinking that since they will be validated as AAD users will that validation make Stream available to them as well....
Thanks in advance.
Jan 24 2019 04:38 AM
What do you mean with "self service signup"? Are you referring to B2B and guest accounts? What I know as the "self-service signup feature" (link) isn't available for guest accounts added via B2B.
Jan 24 2019 04:58 AM
I mean this one that I get the warning about in my Yammer (I am a Yammer admin): Action required: Starting January 31, 2019, your Yammer users without an Azure Active Directory (AAD) account won't be able to access Yammer. Take action now to allow self-service signup so that AAD accounts without any Office 365 licenses can be automatically created for these users.
Starting January 31, 2019, Yammer Enterprise users that try to log in using legacy Yammer credentials instead of an Azure Active Directory (AAD) account will be redirected to a new sign up flow and will be asked to create a new password. After completing the required steps, an AAD account with no Office 365 licenses will be automatically created for the user. This process is called self-service signup.
Since it will make an AAD account for all external user (I assume :) since their accounts probably are legacy yammer accounts)I was wondering if that could mean the external users will be able to access videos in Yammer posts stored in MS Stream.
Jan 24 2019 05:25 AM
Thanks for the info. AFAIK, this only concerns the internal accounts. Microsoft still has to deal with customers on a free Yammer network. Even if they would create accounts for them in your directory, they would have to be guest accounts.
Microsoft is working on external video sharing for Stream, but it's only for anonymous access. This means having to create that anonymous URL which is only intended for use on publicly available websites. I'm catching up on the roadmap now and will dive into this message regarding Yammer as I'm seeing it in one of the networks I manage. Will share anything I find here.
Jan 24 2019 06:25 AM
There is a QA at the end of this page https://docs.microsoft.com/en-us/Yammer/manage-yammer-users/AAD-account-required
Q: Will this impact guest users?
A: No, this change will not impact guest users.
Jan 24 2019 07:11 AM
Thanks for your answer, but I am not sure I understand :)
I have an enterprise yammer (included in our office365 - we have our own tenant).
From what I can gather the self-service signup for Azure Active Directory is for users outside the org because of this: Self-service signup: This is the method by which a user signs up for a cloud service and has an identity automatically created for them in Azure AD based on their email domain.
For me that would mean that the users get an identity account created in my AAD just based on their email address - an email that is not in our main domain. Because all my ordinary users have an AAD account and would not need an extra account. But I might just misunderstand what MS is writing :-)(English is not my native language) I hope that you can help clarify, because why would I need my users to create an account in AAD, when they already have one?
Regarding the anonymous URL, that is not what I am looking for, since I don't want to use Stream for public stuff. Only to store videos to show in Yammer posts :) And then the videos should be available for yammer users (all yammer users - including the ones we have invited in - the ones without one of our Office365 lisences). That is a big wish for me. We are unable to use Stream in my org because we have users from outside that need to access our videos (not on a public web site, but on Yammer). So a verified guest account of some kind would be the thing, I imagine.
Jan 24 2019 07:23 AM
Oh, now I am really confused :)
Because I did a Audit Yammer users in networks connected to Office 365.
I got a csv file from running the script. I then read the instructions from MS:
Analyze the results and take action
Open the result CSV file, and filter out all the rows that show the exists_in_azure_ad column as FALSE.
Each of them are accounts that exist in Yammer, but not in Office 365 / Azure AD. For each of them, decide if you need to:
Suspend the user account in Yammer if the user shouldn't have access.
Create the user in Office 365 / Azure AD.
All my accounts in this FALSE filter are accounts from external users (I want them in Yammer - they should have access) and so I just assumed that I needed the self service sign-up to create them in the AAD.
But from what you are saying Pooya, I just misunderstod that, correct?
Sorry for being a bit ????
Jan 24 2019 07:29 AM
The self service sign up feature I have linked in my first reply is only for internal users. They use this for specific applications, such as for a free Power BI account, Microsoft PowerApps, Microsoft Flow... more info via this link on what happens when it's disabled.
Ideally, networks should enforce O365 identities in Yammer as you also need this for the connected Yammer groups feature to work. When O365 identities are enforced, then users without an account in AAD won't be able to access your Yammer network anyway as they need to use their O365 credentials to log in.
There are enterprise networks where the O365 identities are not yet enforced and users are still making use of legacy accounts. When "self service sign up" is enabled, then this change will result in them having to create a new password and getting an account in AAD for that email address. Users could have ended up with a legacy account if they used an email address of a distribution group for example. The link in my previous email explains how you can audit this to find out if you're dealing with legacy accounts in your network.
Understand that the anonymous URL for Stream videos won't help. I'm not seeing any other updates regarding external access in the Stream roadmap. Office 365 video is still available in the tenant I manage and external access is also working. Not sure if that is an option. This change in Yammer will definitely not impact Stream for guest users.
Jan 24 2019 07:32 AM
The guest accounts won't be impacted by this change and their access will work after January 31st.
Jan 24 2019 07:42 AM
We actually did an enforce office365 identity on our yammer and removed all the distribution list accounts and so on :) so now we only have real users + our invited guests (by help of MS support).
So actually I do not need to set it up?
Since my Audit of Yammer users only showed ecternal users in "exists_in_azure_ad column as FALSE"
Thanks in advance :)
Jan 24 2019 07:58 AM
when only external users are listed as not having an account in AAD, then this change shouldn't impact your Yammer network.