Teams Connect Shared Channels is a new way of collaborating in Teams with users from external organisations. The service allows AAD authenticated users to access channels within your Teams org without them having to switch tenants, or login using a different username and password.
Better still, you can easily search for people in other AAD orgs using their email address and you can share apps and other resources with them without having to add them as guest users within your directory.
How do Shared Channels Work?
Shared Channels utilise a new feature in Azure called B2B Direct Connect, which offers granular controls around who you allow in to your environment via Shared Channels. By default, B2B Direct Connect is turned off meaning Shared Channels is off for all users. More on enabling the service below.
To use Shared Channels, you create a new channel with a Team and select the Channel Type as Shared. Today, you can’t convert an existing channel to a shared channel.
When you create a new Shared Channel, a new and completely separate SharePoint site is span up in the background to host your documents and files within this new Shared Channel.
User Experience
From an end user experience, the process is simple.
First, you create a new channel, and select Shared as the Channel type
Next, add your users both internal and external:
Each user is notified of being added to the channel:
The Shared Channel then appears with the users Teams client (note the Shared Channel icon).
For external users, the team name shows (External), and users within another org also appear as (External).
Note how Teams lets you know that the channel is shared with members in other orgs when composing a reply in the Shared Channel
Enabling Teams Connect Shared Channels
No doubt you’re keen to start testing Teams Connect Shared Channels within your org. There’s a few things you’ll need to set up first to enable it to work
Public Preview
At time of writing, shared channels is in public preview. This means that you’ll need to enable public preview features within your Teams client to access it.
Users can do this by clicking the 3 dots > About > Public Preview
Public Preview is enabled on a per-user basis with the Teams Admin Center. To enable it:
- Sign in to the Microsoft Teams admin center.
- Select Teams > Teams Update policies.
- Select Add to create a new policy or select an existing policy to open Update policy.
- Name the update policy, add a description, and select the setting for Show preview features.
- Follow Office Preview (default)
- This new default option will automatically enable Teams Public Preview features for any user enrolled in Office Current Channel (Preview).
- There are no more actions required by the end user.
- Enabled
- This option enables Teams Public Preview regardless of whether a user is enrolled in Office Current Channel (Preview).
- The end user must also opt in to Teams public preview in their Teams app.
- Not enabled
- Teams Public Preview features will not be available to end users.
- Follow Office Preview (default)
Azure Cross-tenant access
Once you have confirmed that public preview is enabled for your test users, you’ll need to enable Azure Cross-Tenant Access between the tenants you wish to configure for Shared Channels.
You must make the changes below in both your own tenant, and the tenant you wish to allow access via Shared Channels.
Example:
You’re allowing shared channels access for users within the Microsoft.com tenant. Both you and Microsoft must add each other.
Azure Cross Tenant Access is a preview feature that sets the permissions to allow tenants and groups you specify to use Shared Channels. This feature only applies to Shared Channels and does not grant access to any other service within your org.
To do this:
- Sign in to Azure at portal.azure.com
- Browse to External Identities > Cross-tenant access settings
- Under Organisational settings choose Add Organisation
- In the blade that appears, type the tenant ID or domain name of the external org you wish to enable Shared Channels with. In my example, I’m adding Microsoft.com
- Click Save to add the domain.
- Next, select Configured for your newly added domain under Inbound Access
- In the new blade that appears, be sure to select B2B Direct Connect then select Customise Settings
- Under External users and groups select Allow Access and All external users and groups
Note: It is possible to specify external groups that you wish to grant access to Shared Channels rather than allowing all users from the other tenant.
to do this, you’ll need the object ID (not the name) of the Azure AD group from the other tenant. Once you have this, you can add it here. - Then click Applications and choose Allow Access under Access Status and choose Select Applications under Applies to.
- Click Add Microsoft Applications, select Office 365 click Select and then click Save
- You’ll need to do the same for Outbound connections too.
- Let everything sync for aprox 20 minutes, and you’ll be able to start adding external users from the tenant you added above in Shared Channels!
Controls & Compliance
As mentioned above, there are a number of controls around enabling Shared Channels within your org.
User Policies
- Per-user policies for creation of shared channels. Default is on
- Per-user policy for who can initiate/accept external sharing (controlled via groups in B2B Direct Connect setup)
Team Controls
- Only team owners can create shared channels
- Only team owners can accept share with team invites and can terminte sharing relationships with other teams
- Shared channels inherit labels from the team upon creation
Channel Controls
- Only in-tenant members can be channel owners
- Channel owners manage the membership of the channel
- Owners can override default channel settings inherited from the team.
Meetings
- Shared channels support Meet now and scheduled meetings, but only in-tenant users can start a meet now or scheduled meeting. External members can join these meetings.
- Channel members are not added as meeting participants
App Support
- Support for tabs and connectors within the shared channel.
- Bots, message extensions and Line of Business apps work too. Apps must be installed in the containing Team before they can be used within the shared channel.
- Not all apps are supported today.
Compliance
- Host compliance policies apply when a channel is shared with other tenants
- eDiscovery, Legal hold (host tenant members only), Information Barriers (host tenant members only), Retention & DLP, Monitoring and Auditing, Access Reviews and Communication Compliance all supported.
Limits
Feature | Limit | Footnote |
Number of members in a team | 25,000 | Includes all distinct users across team and direct members in shared channels in a team |
Number of shared channels per team | 200 (including deleted channels) | Hosted and shared with the team |
Number of teams a channel can be shared with | 50 | Excluding parent team |
Number of members in a shared channel | 5,000 direct members including up to 50 teams (and all team members) | Only 25,000 distinct users can show in the channel list. |
Conclusion
Shared channels offers a simple, effective way of collaborating with external users. Are you going to enable it within your org?