Setting up Microsoft Teams Shared Channels between three companies for frictionless communication
After a lengthier-than-expected wait, the Shared Channel capability for Microsoft Teams landed in one of my tenants last week. I don’t follow Teams-related news or announcements that closely, but I knew that the preview of this feature was close to being available.
In essence, the feature enabled organizations to work together. For me, this is real productivity. If I can avoid hopping between tenants – and identities – I feel it saves me time, makes me easier to reach, and ensures I can more conveniently collaborate with my customers and partners. I grew up with IRC back in the early 1990s, and something like this – shared channels between people – was built in. For this reason, Teams has always been a slightly jarring experience. It works, but it also adds so much artificial friction that it’s often easier to open WhatsApp or do a plain old phone call to get my message relayed.
We have three companies – North Advisors, Not Bad Security, and Corellia, for my real-world need. Each company is a separate entity, but they share partial ownership with the initial founders. Each company has a unique Microsoft 365 tenant, and business transactions are separated. It has worked well, but it’s also been hugely frustrating when you need to rapidly pull people from all three companies for a quick catch-up. Teams – for some reason, which might be just a built-in limitation – refuses to allow me to initiate an ad hoc chat between people in these three companies. It just doesn’t do that. And back to email, it is.
To get Teams Shared Channels to work, three things are needed:
- Teams tenant configured for preview features (docs)
- Azure AD B2B Direct Connect configuration (essentially a federated trust) (docs)
- Teams client refresh (taskkill /IM teams.exe /F worked for me the best)
These are all relatively well documented by now. So I set to work. I intended to create a new channel in tenant A (North Advisors) and have tenants B (Not Bad Secucirt) and C (Corellia) participate. The bummer here is that each of the three tenants has to be configured, not just the one tenant that will be ‘hosting’ the Shared Channel. In a small deployment like this, it’s trivial – I can only imagine the world of a hassle this would cause in an enterprise environment. This brings back not so fond memories of Active Directory Forest Trust in 2007.
Once all three tenants were configured for step 1, I set out to configure the more tricky bit – the Azure AD B2B Direct Configuration.
This is part of Azure AD External Identities, a relatively new capability – so you’ll access this via https://aad.portal.azure.com (mainly because some tenants do now have a valid Azure subscription set up). For cross-tenant access, you’ll need to configure inbound and outbound settings. And for each organization you wish to collaborate with.
I found that looking up the Azure AD tenant GUID first and accessing the settings through the GUID tended to make this process more reliable. Once done, I removed the default settings and went forward with relatively relaxed settings between the three tenants:
- Allow Access for all external users and groups (this is per tenant, not all)
- Allow Access to all applications
And under Trust Settings, I’m trusting an existing MFA from other Azure AD tenants. To have fewer MFA popups for users, as I know the other tenants will enforce MFA for their users.
The UI is a bit quirky for this, so ensure you save the settings in the right places.
Lastly, I killed my Teams client and logged in to my primary tenant.
Creating a new channel allows me now to choose between the last two options and a third one – the Shared Channel.
And that’s it. I now have a new channel in my primary team at tenant A. I invited tenants B and C employees to participate in this shared channel. And we all see each other’s messages now.
It’s far from perfect, though. And I realize it’s an early preview feature at the same time. iOS users noted immediately they couldn’t see reactions to any messages, and they couldn’t react to any messages either. It’s also clumsy, as you don’t have proper threading. So one channel for “everything,” or starting to build multiple channels. Lastly, inviting new users from the other tenants requires you to type the exact email address – it could just auto-search the other tenants, respectively.
I feel this little capability opens up the silos of companies – a bit like way back when we had MSN Messenger, and you could message anyone in the world. Admittedly, the technical configuration required ensures this feature will only be helpful for companies that are in close cooperation otherwise. Setting this up for a mutual channel seems like a bit too much trust and work in larger environments to be worth it.