Microsoft Team

How do I enable External access in Microsoft Teams? and how it works?

Balu llag | September 22nd, 2019

How do I enable External access in Microsoft Teams? and how it works?

External Access allows Teams user from one domain to other domains, to participate in their chats (Persistent Chat) and 1-to-1 calls. External access was known as federation access in Skype for Business world both are the same. For example, User Bilag@domain1.com can chat, call to users E@bloguc.com. however, to use external access in Teams that must be allowed in Teams admin center in both the organization tenants.

Also, Teams external access works differently when other party is on legacy (Skype for Business Online or Skype for Business on-prem) application.

To enabled External access, follow the below Steps:

Note: By default, your Teams organization can communicate with all external domains. Teams external access behaves different when, you add blocked domains then all other domains will be allowed but if you add allowed domains then all other domains will be blocked in Teams.

You can easily set up external access for your organization based on your organization requirement.

You can enable external access using Teams admin portal: 

  1. Log on to Teams admin center using Teams service admin or global administrator permission then click on to Org-wide settings > External access.
  2. Then turn on the “Users can communicate with Skype for Business and Teams users” switch to ON. 

External Access

Note: If you want to allow all Teams organizations to communicate with users in your organization, then simply save the config and external access is enabled. 

  • In case you want to restrict the organizations that can communicate with users in your organization, you can either allow all except some domains, or you can allow only specific domains.
  • In order to allow all except certain domains, add the domains you want to block by clicking Add domain. In the Add a domain pane, type the domain name, click Blocked, and then click Done.
  • To restrict communications to specific organizations, add those domains to the list with a status of Allowed. Once you have added any domain to the allow list, communications with other organizations will be limited to only those organizations whose domains are in the allow list.
  • Once decide required options, then finally click on Save to commit the configuration changes.

I would recommend, if your organization permits for open federation or external access by not selecting any specific domain. If not, then add specific domain you want to allow for external access as secure option.

How do I test if External access is working or not?

After enabling or disabling external access in Teams admin center. You can simply follow below steps to test external access. Assuming that you have enabled external access. 

  1. Login to Teams client, and search for the person by email address, and send a request to chat. For example, below image shows chat message sent to external participant, that shows banner as “External”. 

Message to External Party 

  • OR, ask your Teams contact to send you a request to chat. If you don’t receive their request, the problem is your firewall settings (assuming they’ve already confirmed their firewall settings are correct to external access request).
  • You can initiate chat with external participant using external or home or hotel network that way you can isolate the firewall problem bypassing the same.

Teams external access is dependent on multiple factors and there are different scenarios when Teams communicates to Skype for Business Online and On-prem users.

Following scenarios gives you in depth information.

Teams External access Scenario What to configure in external access?
You want to let Teams users in your organization communicate with Teams users in another (external) organization. In External Access, add the external domain to the Allowed list or use open federation. Then have the administrator in the other Teams organization do the same thing.
You want to let Teams users in your organization communicate with Skype for Business Online users in the same organization. Enable Coexistence mode or choose the Islands upgrade mode to support Skype for Business users in your organization.
You want to let Teams users in your organization communicate with Skype for Business Online users in another (external) organization. In External Access, add the external domain to the Allowed list or use open federation. Turn on Users can communicate with Skype for Business and Teams users setting in External Access. Then have the administrator in the other Teams organization do the same thing. NOTE: The external domain with Skype for Business users must enable Coexistence mode or choose the Islands upgrade mode to support Skype for Business users in that organization.
You want to let Teams users in your organization communicate with Skype users from inside or outside your organization. This is not a supported scenario at this time. IMPORTANT: Your Teams users won’t be able to communicate with Skype users, but your Skype for Business users in your organization can communicate with Skype users inside or outside your organization if these two requirements are met: 1) Turn on Users can communicate with Skype for Business and Teams users and Skype for Business users can communicate with Skype users settings in External Access. 2) Your organization is running in Coexistence mode.
You want to let your Teams users communicate with Skype for Business Online users from an on-premises organization and with Skype users. In External Access, add the external domain to the Allowed list or use open federation. Turn on Users can communicate with Skype for Business and Teams users setting in External Access. Turn on Skype for Business users can communicate with Skype users setting in External Access. Then have the administrator in the on-premises organization do the same thing. IMPORTANT: In this scenario, your Teams users won’t be able to communicate with Skype users, but Skype for Business users in your organization can communicate with Skype users inside or outside your organization if you turn on Users can communicate with Skype for Business and Teams users and Skype for Business users can communicate with Skype users settings in External Access.
You want to let your Skype for Business Online users communicate with Teams users in another Office 365 organization. Enable Coexistence mode or choose the Islands upgrade mode to support Skype for Business users in your organization. In External Access, add the external domain to the Allowed list or use open federation. Turn on Users can communicate with Skype for Business and Teams users setting in External Access. Then have the administrator in the other Teams organization do the same things.
You want to let your Skype for Business Online users communicate with the Skype for Business Online users from another Office 365 organization. Enable Coexistence mode or choose the Islands upgrade mode to support Skype for Business users in your organization. In External Access, add the external domain to the Allowed list or use open federation. Turn on Users can communicate with Skype for Business and Teams users setting in External Access. Then have the administrator in the other Teams organization do all of the same things.
You want to let your Skype for Business Online users communicate with the Skype for Business Online users from an on-premises organization. Enable Coexistence mode or choose the Islands upgrade mode to support Skype for Business users in your organization. In External Access, add the external domain to the Allowed list or use open federation. Turn on Users can communicate with Skype for Business and Teams users setting in External Access. Then have the administrator in the on-premises organization do the same things.
You want to let your Skype for Business Online users communicate with Skype users (inside or outside your organization). Enable Coexistence mode or choose the Islands upgrade mode to support Skype for Business users in your organization. Turn on the Skype for Business users can communicate with Skype users setting in External Access.
You want to let your Skype for Business Online users communicate with Skype for Business Online users in another organization and Skype users from inside or outside your organization. Enable Coexistence mode or choose the Islands upgrade mode to support Skype for Business users in your organization. In External Access, add the external domain to the Allowed list or use open federation. Turn on Users can communicate with Skype for Business and Teams users and the Skype for Business users can communicate with Skype users setting in External Access. Then have the administrator in the other Teams organization do the same things. NOTE: The administrator from the other external domain doesn’t have to turn on Skype for Business users can communicate with Skype users setting in External Access.

Reference: Above options are based on Microsoft docs.microsoft.com.

Thank you.

No Comments

Post A Comment