Officedocs-skypeforbusiness: A few suggestions

Hi team,
In addition it seems weird that we list step 1 with making sure that ports and URLs are open – this is a requirement for Teams. If they are closed, Teams will not work (correctly) but this has nothing to do with Federation.

Thomas Binder | Senior Program Manager | Customer Experience and Deployment
[email protected]tbinder@microsoft.com | +43 664 1927 151

From: Nicholas Dambrosio notifications@github.com
Sent: Wednesday, June 20, 2018 4:55 PM
To: MicrosoftDocs/OfficeDocs-SkypeForBusiness OfficeDocs-SkypeForBusiness@noreply.github.com
Cc: Thomas Binder Thomas.Binder@microsoft.com; Mention mention@noreply.github.com
Subject: [MicrosoftDocs/OfficeDocs-SkypeForBusiness] A few suggestions (#461)

Hello, Tony,
I was on a chatting with @thomasbinderhttps://github.com/thomasbinder this morning while reviewing this doc. There are two possible issues:

1. The 1st scenario under Use the steps in this article when may be inaccurate, these users would be within the same tenant, so external access shouldn't apply (We're pretty certain that's the case):

You have users in different domains in your business. For example, [email protected]Rob@ContosoEast.com and [email protected]Ann@ContosoWest.com.

1. Teams federation is in the process of rolling out and may not be available for all customers/tenants, should we add a "Note" to notify customers of that process? That might be a pain in the butt, but it may prevent unneeded service requests from being opened.

Thanks,

Nick

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 59900927-5e5f-77a4-04be-e05a91330fca
• Version Independent ID: 1e4d6b87-f57c-fa45-1630-3c32b821d93c
• Content: Communicate with Teams users in another organizationhttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Flet-your-teams-users-communicate-with-other-people&data=02%7C01%7Cthomas.binder%40microsoft.com%7C9138b63ddac54876c62d08d5d6bdc480%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636651032886119439&sdata=ACfNeHcaqyBKJIZfgncLx34UzdXin3N6ZG9ManlgM0g%3D&reserved=0
• Content Source: Teams/let-your-teams-users-communicate-with-other-people.mdhttps://github.com/MicrosoftDocs/OfficeDocs-SkypeForBusiness/blob/live/Teams/let-your-teams-users-communicate-with-other-people.md
• Service: msteams
• GitHub Login: @tonysmithttps://github.com/tonysmit
• Microsoft Alias: tonysmit

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com/MicrosoftDocs/OfficeDocs-SkypeForBusiness/issues/461, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AearImmclGPQXhjqoRMqiiKmv6O3tNRzks5t-mI2gaJpZM4Uvb5W.

This is really great feedback! @thomasbinder - let's work together to get a Pull Request open and get the doc updated and clearer. Thanks for feedback on this!

I'm already fielding questions about this article. We may want to pull Steps 2 & 3 until it is ready for prime-time. :)

@tonysmit - what can we do to get this one resolved? I can ask for help to create a Pull Request if you approve the above suggestions?

Looks like my new US test tenant has the external access buttons available, but is missing the "add domain" button (according to Step 1 part 3).

Same as cjchiffers, there is no option for adding domains when setting up External access

Same for me here, Step 2 item 3 is not available.

The buttons should be there. The procedure is correct.

@nomorephones should they just contact support? Thanks.

Same as cjchiffers, chrismcfarling, WinfredKwabla, there is no "Add Domain" that I can click (Let your Teams users chat and communicate with users in another Teams organization: step 2 item 3).

Hi everyone. We are investigating this issue and should have a plan going forward today sometime. Thanks, Tony

We've found a treatment that removes this table. It's supposed to be an internal only treatment though, so it's odd if customers are seeing this as well. Anyway the treatment is being removed by end of next week with our new deployment of the portal.

Same for me here, "Add Domain" is not available.

So, if I also understand correctly, it will not be as in S4B? If our organization and other organization does not add domains as allowed, the communication will be blocked if we only allow external communication? Or if we do not add domain, default settings will be allowed for everyone same as in S4B (allowed except blocked)?

Clients domain and mine have already add each other, but still we can't see the other domain users... you guys are sure this feature is working? The explanation and the way it's done is pretty straight forward, I don't know what else to do to troubleshoot this.

I must little bit disagree. We test and it works like S4B, but portal and documentation state otherwise. Or it is right now broken technically.

Option in Teams Admin Center = Options in Skype for Business Admin Center

• External Communications Allowed = External Communications Allowed Except Blocked Domains
• External Communications Allows + Domain Added as Allowed = External Communications Allowed Only to Allowed Domains
• External Communications Allowed + Domain Added as Blocked = External Communications Allowed Only to Allowed Domains

Anyone have an update on this? Have added the trusted domains but still no ability to add external contacts. Currently able to chat with them in S4BO just fine, Teams is the only hold out. Directions could be a bit more specific on how exactly to 'request a chat' with them too, it's possible I'm trying from the wrong area. Trying from Teams > Chat > Contacts > "Contoso Contact Group" > Add A Contact To This Group. Have also tried from the search bar up top, no luck.

I have enabled "Users can communicate with external Skype users". I dont add any domain because I want to use "Open Federation". In the Teams client I try to add an external contacts who run SfB. I only get "We didn`t find any matches".

@ndambrosio Thank you for this feedback

I want to make sure your issues here are being handled appropriatly. Support will be able to handle this issue to resolution.

I think the best way forward is if you can open a service ticket in your tenant so this can get resolved ASAP. Based on outcome let me know if it is something that can be called out in the docs.

Here is a quick video on opening a ticket: https://www.youtube.com/watch?v=puuOy0sEg1Y

If you don't mind please keep us posted here on the resolution and I really want to get this information you are discovering back into the docs.

Similar to other users, we have federation open with any domain. First it appears to be that a search is performed, possible against the organization's address book ("we didn't find any matches") and then if you continue, it just says "required" under the contact's address.

I'm experiencing the same issue here that others are. I have enabled external access in the teams/skype admin center, and I do NOT have any domains listed. If my understanding is correct, this should mean I can IM all other domains from teams. I can do this from skype, but teams flips between saying my org isn't connected with the other, and just saying nothing when I search for an external user. Seems to change by the day :) Any progress on this?

I was able to get in touch with the product team that owns this feature and it is fully rolled out and should be working as expected. If it is not we really need to open a support service request so they can work with you to figure out if it is something specific to the tenant.

I did get some tips that I am going to add to the article if everyone here finds they might be helpful. Here are the tips below I got from the product team. Does it make sense to add these to the article or would it add more confusion? Thanks for feedback on this, I really appreciate it.

The setting to use is “External Access” in the Modern Portal. You can’t set the domains in the Modern Portal yet and must use legacy portal.

Other than that, if federation is not working, it could be the other tenant turned off the feature. Some things to check:

1. Ensure External Access is On
2. Ensure domains is not blocked
3. Start chat via new chat button, type in fed user’s SIP address, select search external
4. Compose the message

Hi, the second problem is with the wording in the new portal itself. "By turning this on and adding domains to the allowed list, your users can communicate with other users in other domains and organizations."

So this tells someone if you need to communicate externally you need:

1. Turn this on.
2. AND add domains to the allowed list.
3. Now you can communicate with external parties.

But the reality is if you setup it like this way, you:

• Can communicate only with allowed domains.
• All other domains are blocked = This is the thing which admin center does not tell you in the new portal. The old portal show "only for allowed domain" or "except blocked" as tenant wide setting.

@Kazzan - I am not positive how the wording can be changed in the product but this is very good feedback and I appreciate it. Let me loop in someone that might be able to help review and update the wording in the product. @LolaJacobsen has done work on the UI strings and might know.

@LolaJacobsen - there seems to be some confusing wording in the Teams UI for federation.. would you be able to help review? I can create an internal backlog item for us to track if you want?

I am having the same problems. Have everything setup but its still not working. If I write someone else in Teams he get the message in SfB, I also get the message that the User is outside the organisation and there are not all teams feature available.
What should I do?

Hello,

It doesnt work for me, i've tried the following :

1/ External Access is enabled by default, so i try contacting the user in team via his email, nothing shows. I tested that on 5G connection to avoid firewalls.
2/ In tenant A named domain1.onmicrosoft.com, i've added tenant B named mydomain.com
In tenant B named mydomain.com, i've added tenant A named domain1.onmicrosoft.com.
Same test outcome.

Anything i've missing ? What is the format of the domain ? shall we put the tenant initial name during creating of the DNS alias ? Thank you

I am hearing the feedback and I am trying to reach out to the PM that owns this feature to go through the docs and answer these questions and make it clearer. My main concern right now though is if there is an issue with the feature or with specific tenant and the support service engineers would be able troubleshoot for everyones specific cases. Please open a support ticket and you can please tell them to loop me (my email is on my profile) and I will figure out how to improve the document. This isn't the 'answer' I would want to hear if I was trying to get this feature to work but I just don't have the knowledge to help and want to make sure to get this escalated in the proper support channel so that it can be escalated to product team if there is a problem with the feature. If it is a doc issue I am standing by to update the doc too.

I'm having similar issues where for example i can share documents with my personal email @outlook.com yet another employee @outlook.com cannot.

My question i suppose is is this how it is supposed to work?
A private group should be that? or is this an issue?

@tonysmit - so glad you are back to help us with this one.. I am not sure if this is a product issue or doc issue or both. :)

We are working through a solution for this doc with the PG. I am proposing that we break this into real world scenarios. If you have suggestions, please let us know here. We'd love your input.

Real world scenario, test with various clients. I have one client who is happy to experiment. Team user can ONLY be "present" on ONE tenant at a time; this means that a federates external Team user will see me as "Unavailable" if I am signed in as my tenant. If they send me a chat, audio call, video call, message or "@" mention me, then from their Team app is appears to have been sent (apart from audio/video which say "unavailable"). However, it will take 15+ minutes before the almost unnoticeable "alert" appears in my Teams app (an insignificant red circle next to my account icon - top right - indicating how many "missed" events I have). The only way to view these missed events is to "switch" account (sign out then in) to the OTHER tenant. Once "switched" to the other tenant, you can indeed read chats, view messages, and reply. Of course, you are now SIGNED OUT of your own Teams'!!!!! What is the point? Can you imagine if for Outlook email you could not read or reply to client's emails without SIGNING OUT of your domain and SIGNING IN to their domain? It's ridiculous. How is this by design? Does this not project a message that Microsoft Teams do NOT want a "chat based work space" with anyone outside of your own tenant?

@tonysmit Hi Tony, any updates on this issue? Thanks!

I can help here if someone can condense this entire lengthy thread.

External access lets your Teams and Skype for Business users communicate with other users that are outside of your organization. By default, your organization can communicate with all external domains. If you add blocked domains, all other domains will be allowed but if you add allowed domains, all other domains will be blocked. But it's very important that if you add blocked or allowed domains, you set up both domains the same way and include the other domain as allowed.

Now, that will get part of it answered.

Tony Smithcommented 2 hours ago

@nomorephones - tagging this if you have time.

@nomorephones @tonysmit Hi! Any updates on this issue?

This is a huge thread - what's the issue specifically?

@scanum looks like you at-ed a wrong tony 😄

@tony-xia Apologies!!!

@nomorephones - I will revisit the help article for this. I honestly have it on my to-do list. However, this text (on the landing page now) describes what needs to happen. If it doesn't work, then that would be the question I guess. No one has distilled down the problem/issue.

@zx3-at - are you saying the issue is that you aren't seeing notifications with an allowed domain?

It appears there are two issues. The first is apparently poor documentation from Microsoft on the differences between Federated and Guest access. I think the confusion here however is borne out of the second issue which is that Federated Teams access does not appear to work (or at least not for the majority) which then leads folk to enable Guest access allowing Teams invites - which as we know is not federation.

The technical side of the second issue is as follows:

1. We enable Teams external access by switching ON "Users can communicate with SFB and Teams Users" and "Users can communicate with Skype users" within the Teams Admin site.

1. We add ALLOWED domains ensuring both tenants are configured correctly with the opposing domain names. i.e. a.com allowed in tenant b and b.com allowed in tenant a.

2. Wait for a period of time (24 hours) to ensure the settings have propagated and then...

3. It doesn't work. The error received within the Teams client is as follows: "We can't set up the conversation because your organisations are not set up to talk to each other."

All of the correct DNS entries are in place for both tenants. Teams "Guest" access works when enabled.

@nomorephones @tonysmit I hope this helps.

@tonysmit Hi Tony, hope you are doing well. Any updates on this? Thanks!

Everyone on this thread. Please go view the new version of this topic and see if it answers your questions. If not, send us feedback and I will see if I can get it corrected. Thanks.

Hi tonysmit

Everyone on this thread. Please go view the new version of this topic and see if it answers your questions. If not, send us feedback and I will see if I can get it corrected. Thanks.

Sorry to sound so stupid, but WHERE is this "new version of this topic"? Can you paste a link?

@zx3-at - here it is. https://docs.microsoft.com/en-us/microsoftteams/manage-external-access Please review and please suggest changes. I had a vendor merge two topics, but I haven't a hard look at it. Everyone here, do the same and I will get it updated! Thanks, Tony

@zx3-at Please review the changes, Thanks!

@zx3-at @tonysmit Hi, any updates on this issue? Thanks!