Microsoft 365 New external access features that you MUST know!
Вставка
- Опубліковано 7 вер 2024
- This time around I take a look at some of the exciting external access features in Microsoft 365. Including some major updates in Azure Active Directory. These include cross tenant access settings, B2B direct connect and the superb new preview feature in Microsoft Teams, shared channels which are awesome. So if you’re ready to learn this session is packed with demos, tips and tricks to help you get started. Also, don’t forget question time at the end. It could be your question thats featured this time :-)
Visit my site: www.Andymalone...
Great Video - never knew you could have the Teams Web App in public preview.
Well, there you go 🤩🎉
Hi Andy - thank you for sharing!
Andy, Thank you for the updating new cool features of M365.
You’re very welcome and many thanks 🤗🙏
Hey Andy !
Thank you so much for teaching new things always ❤
Yup! Agreement with Warren K.
I found this very informative. Thank you for taking the time to put this together Andy.
Thanks very much Scott I really appreciate that. Great to have you on board😊👍
Very useful videos i am currently studying for Azure adminstration 104 certification i also follow your videos LinkedIn too 🙏🖥️📡
Thanks so much and the very best of luck with your studies
Hi Andy. Thank you for another great video. M365 is becoming a powerhouse with everything that it has to offer. I appreciate that you took the time to answer my question. Keep up the good work.
You’re very welcome Warren. I’m delighted to be of help. Thanks for the question and great to have you as a regular 😀👍
Thanks Andy for your job.
You are saying that the organizational settings behave as an "allow list", but it is also indicated by MS that "Default settings apply to all external Azure AD organizations not listed on the organizational settings tab" => so, if I correctly understood, if some specific settings are not set for an organization then this organization can still be allowed to do B2B collaboration but with the default settings, do not hesitate to correct me if I am mistaken
This is correct. This is something that I learned after I produced this episode. Blank organisational settings are essentially an allow all list. Whereas if you add domains n. It’s an only these are allowed list. I hope that helps.
Great content as always Andy, glad I came across your UA-cam channel! thanks and keep up the good work! :)
Thanks Robert it’s great to have you on board. I’m doing my best, and it’s a lot of work. However, it makes it worthwhile when folks like yourself appreciate it. All the best, Andy.
Brilliant video as always Andy, enjoyable format as well as informative!
Thanks so much I really appreciate that😀
Does turning off Public Preview automatically disconnect the shared channel? Do both sides need to be in Public Preview?
Honestly, I don’t know. I suspect it would though. Remember public preview is not designed to be used in production. 😊
Does it collect data?
Is there a privacy option?
No is the answer to your question. Microsoft take your privacy very seriously. Only operational metadata is exchanged. As an administrator you can control the level of access to your inbound an outbound tenants via the collaboration features in Microsoft azure active directory. Specifically the B2B feature. In my example I opened up everything, however you may decide to restrict certain features. Thanks for your question.
I look forward to the release of SIP video connection without the need for a private gateway.
Fabulous and simple to understand video. Thank you so much Andy for your generosity and great work🏆. Question: When adding external members to shared channels do they also get access to the respective MS Teams default 'General' channel?
Hi Lilly thank you for your comment. Shared channels is designed to alleviate that security problem by ensuring that specific guests can only access a shared channel. As a team owner however, yes you can add them to the team as a member. However you would have to think about the security implications of this. Thanks again and all the best, Andy.😊
@@AndyMaloneMVP Thank you so much Andy
Great video, thanks for the detailed overview... I wonder if you could please show the view from the invited user, Diego? How does the collab channel show for them? Are the days of switching tenants gone?
Absolutely 👍 From Diego’s side he will receive a Teams invitation. But instead of a team invitation he will have a channel invitation. Once we accept the invite, he will have access.
Hi Andy, great coverage. Have you found any issues when testing the shared channels with @mentioning external users? I've found that chats with external users works fine but @mentions in the shared channels don't seem to work? 😢
As it still in public preview there are always going to be issues. In your case yes, I have noticed the occasional slow response. I’m sure in time this will be corrected. The best thing that you can do is feed back to Microsoft.
So outside of allowing shared channels, what are the security implications of allowing outbound access for users and groups and for the external applications settings? These setting are basically saying we are allowing our users to participate in external sharing, so I suppose more risk for social engineering issues, but any other security implications?
Thanks for the question. Here is an article that you may find of interestdocs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-direct-connect-overview
Thanks for the overview Andy. We were doing some extensive testing in our tenants and noticed that if we did not set the inbound/outbound for B2B collaboration (GCCH to commercial) to 'blocked', sharing a file from SPO would still work. It was only when we switched it to blocked and allowed the org setting that it finally blocked it the way that we thought would be ideal from a top-level 'gatekeeping' structure so to say. Your point around 5:50 mark is exactly the info I wanted to confirm, so thank you for emphasizing it. Are they any guides/PDF's that demonstrate the use case scenarios for cross-tenant collaboration that are available out there?
PS I mention SharePoint online. This is controlled via the tenant settings in SharePoint online, via the policies section.
@@AndyMaloneMVP Hey, Andy! Thanks for the video. In the same vein of what @Dkizzy is asking, do the cross tenant settings supersede SPO settings, or do you still have to configure your SharePoint settings? From your experience is there a delay in this happening to existing sites? We did see it work with newly created sites, and existing m365 groups. But existing sites seemed to be taking awhile.
@Derek Rocco SharePoint settings control all access To ShareThePoint sharing and this is designed to be a security feature. Whereas B2B direct connect is focussed on guess access
@@AndyMaloneMVP Andy thanks for the replies. Greatly appreciated. I was curious if you knew for the cross-tenant access settings, from GCCH, if you do not check mark 'Microsoft Azure Commercial', could that impact the ability to see the presence status of a Teams user from a commercial tenant? Right now, a commercial tenant is set to 'Microsoft Azure Government', and the commercial users can see external GCCH Teams user's presence, but the GCCH users cannot see the commercial tenant Teams user presence. Is that due to the commercial option not being check marked?
@@DKTD23 Thanks so much for your comment. Too be honest here, don’t know. I’m an instructor and in Europe we do not use the goverment tenants, like in the US. If I were you I’d reach out to someone in support. Sorry I couldn’t help with this one, I like to be honest 😊
Hi @Andy, so what would this shared channel look like for the invited person from the other tenant? Do they still need the hazel of changing organizations when working with this Shared Channel?
Hi thanks for the question. What are the primary benefits of shared channels is that you do not have to switch tenants. This will make working in teams, a lot easier and faster. I plan to do a dedicated session on share channels shortly, so watch out for that. Thanks again and all the best, Andy
@@AndyMaloneMVP Thanks Andy! All the best
Greetings Andy,
Im wondering, when i invite a external/guest user to join my teamns group, he gets the invitation, but when he clicks on the link it says that he has to log off from the current temas( desktop). Is there any way to this not happening?
The other part of my question is since we have a temas calendar wich is syn with our outlook, can the guest user see the events, make changes, etc? If not how can we have the guest acess our calendar and along with the view of events, he can make changes? Our O365 is licensed.
Part 1 Use shared channels instead of a team. The user would not need to logon off/on again. Part 2 share Callander either on outlook or if the use is a member of the team they should already have full access. Check the docs to m the Microsoft tech community or on learn.Microsoft.com
Hello Andy, thank you for this video.. May I ask if external users can delete the chat history? scenario 1 - 1:1 chat user initiated
; scenario 2 1:1 a external user initiated the chat ; scenario 3 user initiated group chat ; scenario 4 user initiated group chat
Thank you
Hi Enna thanks for the question. As a team owner if you right click on the shared channel settings. You will see that you have a number of options for this. You have either delete or edit options that you can switch on or off. Please note. That as this is still in preview, and functionality is subject to change. 😊👍
@@AndyMaloneMVP Thank you Andy, what about if the chat history is initiated by other user outside the organization and I am the guest?
@@eenamorata792 Then the channel settings take presidence. As a guest you have member permissions to the channel. Beyond that I’d take a look at docs.Microsoft.com and do some research. 😊
❤️
Can you confirm the access controls when you add another tenant or leave it blank under the external identity section in azure?
I just tested this and read the ms doco and it says that both tenants need to add each other in order for shared folders to work.
It doesn't work with any old identity, it must be an azureAD identity and you must establish the trust.
To confirm, at 6:40 you mention that it's all tenants, but if you add a tenant it becomes just that tenant. This is not the case based on the doco
Indeed I hear you. I have it from a Microsoft employee, as well as a Microsoft VP colleague of mine. Also my demo clearly shows this to work. As far as I am led to believe if it’s blank it’s essentially allowing all connections. If however you start adding domain names in it essentially becomes a allow list which only allows those domains. I.e explicit inclusion.
@@AndyMaloneMVP interesting, as this isn't how it works for me. I had to add my tenant to another, and the other to mine else I couldn't search for the users!
Perhaps I need to blank it again and wait.
The docs does clearly state that both parties must change their external identities to allow, perhaps this is referring to only to changing the defaults?
@@AndrewHellyer Hi Andrew. I have a confession to make to be honest this is the way I thought it worked as well. But a number of my colleagues have clearly said that no by adding tenant names in your essentially turning it in to an allow list. This will allow only those tenants to communicate, whereas if it’s blank it’s allowed all. I know, it’s weird.
It all depends on the default settings. If you allow B2B collaboration in your defaults, you can override the defaults (and thus blocking a tenant) by specifying/adding a specific tenant. Vice versa, if you block all B2B collaboration in your defaults, you can override. The same goes for trust settings, you can define the default trust settings and specify overrides.
MVP 💯💯💯💯💯💯💯
Thank you