3. Shared Channels plug that gap by providing the third option when creating a new channel. Shared Channels provide the ability to have an area of the team where access can be extended to other individuals or members of other teams. This means if you want to collaborate with the full fidelity of Teams, you no longer need to invite everyone to the parent team or spin up a new team for what could often be a single channel.
What are the benefits of Shared Channels?
This concept is ideal for organisations that have a lot of cross-department collaboration. For example, HR and Finance can participate in the respective areas of each other’s teams. But where Shared Channels really come into their own is when collaborating with people outside your organisation. We now have the ability to bring clients and partners into a dedicated area of an existing team, providing a more consolidated experience where staff have a reduced number of workspaces, and where external participants no longer have to use the dreaded tenant-switching features of Microsoft Teams! This is huge, and a game changer for collaborating across organisations. I can’t remember the number of times messages were missed because people were actively working in their home tenants, unaware of activity going on in teams where they were guests.
Teams in which you’re a member of a Shared Channel now appear alongside the rest of your internal teams in the app, regardless of the tenant hosting them.
Being a guest in a team will give you access to all content, apps and chat. In some cases, this will be the requirement, and guest access is still the way forward, but for instances where you want to invite someone into a scoped area within your team, Shared Channels make that easy and secure.
How do Shared Channels work?
Up until now, gaining access to a team hosted in another tenant relied on having a guest account in the same tenant as the team. This was the cause of the tenant switching requirement, as you were effectively signing in with a different account, albeit the same credentials as your home tenant. The release of Shared Channels coincides with the debut of B2B Direct Connect, part of the external identities functionality under the Microsoft Entra umbrella.
B2B Direct Connect shares large similarities with Active Directory trusts and ADFS that we know and love/hate. It provides the ability to implement an identity trust relationship between entire organisations that both use Azure AD, rather than inviting individuals on a case-by-case basis and using the guest account model. At the time of writing, B2B Direct Connect is only available for Shared Channels in Microsoft Teams, but the possibilities look exciting for how this could extend across other Microsoft 365 and Azure workloads.
What about control and governance?
Microsoft have stayed true to form by allowing the use of Shared Channels by default. Without adjusting your Teams policies, the option will be visible to everyone when creating a new channel.
However, the risk appears to be limited to sharing channels within your organisation. During the preview, the default tenant settings for B2B Direct Connect had a default position to block inbound and outbound access. Changing the default settings to allow access to and from your tenant will remove any control over the who, what, where and when.
If you have procedures in place to control guest access to content in your tenancy, you’ll want to plan to extend those to include relationships between you and other organisations. Whilst it’s a good thing that external participants can’t be added to Shared Channels by default, ensuring you have a mechanism to respond to requests will help you stay ahead of the curve.
A cross-tenant relationship needs to be mutually agreed to between two organisations and will require involvement of tenant administrators from both sides. Once tenants are associated with each other, each respective organisation can then control inbound and outbound access settings. For example, you could allow your employees to be added to Shared Channels in a different tenant, but block people in that tenant from being added to Shared Channels in your tenant.
If you are licensed for Azure AD Premium, you can get more granular by specifying which individuals or groups are allowed to collaborate across organisations. The premium features also provide flexibility when it comes to conditional access policies on inbound connections. We can now choose to accept claims relating to MFA and device compliance from the external organisation when setting up conditional access policies that will affect teams.
Shared Channels and SharePoint sites
In the same way that Private Channels create a new SharePoint site to provide separation of content, Shared Channels follow the same concept. If you like to have control over sites and the configuration applied to them, you’ll want to factor this into the provisioning and auditing process. Keeping inventories up to date and making sure content is backed up will help with lifecycle management and retention.
When attempting to add external parties to Shared Channels, the lack of detail in the information messages could lead to confusion.
Although on the surface it would appear all the options are available, unless the relationship between organisations has been configured by both sets of tenant admins, adding external participants won’t be possible and users will be greeted with a message that doesn’t really tell them why. Easily dealt with using comms and guidance.
We pride ourselves on working with, not for our clients, so we’re excited to extend our use of Shared Channels and remove some of the barriers for productive collaboration. Do you have requirements that could be addressed by shared channels? If so, why not give us a call to discuss your ideas!