Connect Two (Or More) Accounts with Microsoft Teams Connect
This year at Microsoft Ignite, Microsoft announced Microsoft Teams Connect. Teams Connect eases collaboration with people inside and outside of your organization by enabling shared channel-like functionality.
- Set up the Webex trigger, and make magic happen automatically in Slack. Zapier's automation tools make it easy to connect Webex and Slack.
- Conferencing that works the way you do. Built-in voice and video calls are great, but Slack works with other tools, too. Instantly start meetings or join calls without leaving your Slack conversations by connecting your video conferencing service of choice.
- Historically, engineers have favored Slack, teams with Cisco VoIP devices used Webex, and Office 365 always have Teams included in their package. Making a comparison is necessary to understand how one app is different from the other, and why each might be indispensable to your business.
Zoom is a video-first unified communications platform for meetings, trainings, webinars, and other forms of collaboration. When used with Zapier, Zoom becomes a core part of your business, integrating with your calendar, CRM, scheduling, and productivity apps.
To best understand what Teams Connect is and how you can benefit from it, it’s important you first understand the inner workings of Microsoft Teams.
Some background on Microsoft Teams
Microsoft Teams is an extendable platform for collaboration on Microsoft 365.
Instead of segmented information and workplace silos, it provides content in the right context through the use of channel-based working.
Within each team in Microsoft Teams, users get a set extra services aside from appears on the front end:
- SharePoint site including a document library to work on files.
- OneNote notebook for unstructured notes.
- Exchange Online mailbox with a shared calendar to plan meetings and calls.
- Planner plan to manage tasks within your team.
- Power BI workspace (you will need an extra license).
- Stream video channel.
Access to a team is secured by an object in Azure Active Directory called Microsoft 365 Group.
This group has a list of members and defines who can access the team:
Microsoft Teams uses a straightforward approach for roles:
- Owners create a team, invite and remove members and guests, and can delete a team.
- Members can create channels (standard and private) and create tabs.
- Guests can only work in their given structure.
It’s external users and guests who will benefit the most from the introduction of Teams Connect.
External users in active directory
As an owner of a Microsoft Teams team, you can invite members (internal) and guests (external).
Internal users are already present in your own tenant’s Azure Active Directory. Guests get added to your Azure Active Directory as external users, indicated by the `#EXT#`-suffix:
Usernames of external users look like this:
{UserName}_{theirTenant}#EXT#@{yourTenant}.
As you can see, the source of authority is the External Azure Active Directory.
Channels
There is a connection between channels and the document library in SharePoint.
For every standard channel you create, a folder is created in that document library. Files shared in a channel show up in the folder inside of the document library that reflects the channel.
User experience for external users
Sharing information securely across organizational boundaries is in high demand.
Collaboration with guests takes place in the tenant they get invited to. This means that they need to switch to that tenant to see new messages.
This also means that they are not logged into their own home tenant.
This is a major showstopper for collaboration as guests don’t get the full user experience like members.
Members feel that guests are still disconnected from the team.
Their user experiences are not comparable.
This leads to cumbersome workarounds like @-mentioning the channel to enforce a notification.
In some cases, people start using email again to state that a conversation takes place in Teams. In the end, those workarounds will create a less satisfactory user experience.
Workarounds
As a guest, you can use this practice:
- Create different profiles in the browser of your choice and then even install this website as an app.
- Install the website as an app in Microsoft Edge
The web version of Teams doesn’t give you full functionality and collaboration isn’t as seamless as it can be. The Teams web client doesn’t support virtual backgrounds among other features.
Mentally, switching context can be exhausting and a real kicker for productivity. It also forces us to have more windows open which is a distracting factor for many of us.
Teams Connect
To solve this, Microsoft introduced Microsoft Teams Connect.
Teams Connect is using so-called shared channels. Shared channels appear in our home tenant like any other standard channel.
How to create a shared channel
Creating a shared channel is easy.
By clicking on the ellipsis icon next to the name of the Team you want this channel to live in, select Add a channel.
Now add a name, and under Privacy, select shared channel.
Add people inside or outside of your organization. You can start collaborating now.
This will improve user experience as users don’t need to switch tenants anymore.
They can stay inside the context they usually work in.
Shared channels appear in their usual work environment making collaboration easy and seamless.
What is the difference between a shared channel and a private channel?
Microsoft introduced private channels at Ignite 2019. In private channels, only a subset of the owners, members, and guests of a team can access information.
If someone is not already in the team, you can not add them to a private channel.
A private channel is like a safe inside of a room.
You need to be already in the room and have the key to that safe to be able to open it.
Files shared in private channels will not show up in the team’s SharePoint site. Files are saved in a different SharePoint site that doesn’t belong to the Microsoft 365 group.
External members of a shared channel are not guests of the team. Their display names in Teams don’t get a (Guest) suffix, but an (External) suffix.
Shared channels get a special icon. This way, everyone is aware that these channels are shared with different people.
How will this change the way we work in Teams?
Adding shared channels to a team ensures that we can keep the existing structure.
We can expand our internal collaboration experience to our external partners.
This also eases our teams’ architecture.
We will create less teams and less private channels.
People will spend less time being torn between channels and tenants, and collaboration becomes collaboration again (rather than administration).
How to get Teams Connect
Currently, this feature is in private preview and will roll out later in 2021.
Microsoft invites certain Microsoft tenants and users to partake in private previews. As such, there is no waitlist to join.
Conclusion
Teams Connect and shared channels will be a game changer for businesses who frequently collaborate with users outside of their own organization.
Before Teams Connect, people needed to find different workarounds. They restructured teams, rolled back on email, or tried to collaborate in chats.
With shared channels, people can stay in the flow of their work.
If you’re reading this and wondering if there’s a way to extend Teams Connect or shared channel functionality to other platforms, you’re in luck.
Read this post on how to connect Teams to other platforms.
The digital work hub is shifting from email to team collaboration applications. Increasingly users rely on them as their primary means of engaging with their co-workers to manage tasks, workflows, group conversations, sharing documents, and meetings.
Also, team collaboration is rapidly extending beyond enterprise boundaries as companies look to embrace team apps to improve engagement with partners, suppliers, and customers.
Webex Teams Vs Slack
Recent studies show that nearly half (49%) of respondents said that business discussions, tasks, or transactions happening with users outside the company have now shifted from email to team collaboration platforms.
However, managing collaboration with external partners remains complicated. A lack of interoperability between collaboration platforms means organizations need a plan for handling collaboration with partners outside of the organization.
IT departments need to consider which platforms best support external collaboration. Additionally, they should plan how to provide access to external partners and manage the end of a collaborative project.
The most obvious option is to assign external team members accounts and licenses so they would look and act as if they all belong to the same company. However, this approach comes with several inherent pitfalls. Aside from cost considerations, these include the need to assign corporate email addresses and enforce access controls to ensure external team members can reach only the resources they need in the context of the project. As you might guess, this can lead to an administrative and data security nightmare.
Another option is for the host organization to invite external members to specific team collaboration resources on an as-needed basis as third-party guests. By default, guest access creates the proper levels of separation when working with external parties.
Currently, 44.2% of organizations rely on guest access for 3rd party collaborations. Either to enable external access to their team collaboration platform or to allow their employees to use external team collaboration apps to connect with partner organizations.
Guest access works seamlessly if the external members have the same platform as the host organization. Also, depending on the team collaboration platform, the host and guest organizations using similar platforms, such as Slack, can merge, yet maintain separate access and data security.
For instance, with Slack Connect, separate organizations can collaborate in a Slack channel, each from within their own Slack workspace. Members can send direct messages, upload files, use apps and integrations, and start calls—all in a common space.
Microsoft Teams offers an external access federation option for Skype for Business customers that do not want to use guest accounts. However, this option is limited to IM and Presence messages.
But when it comes to managing collaboration with external partners that have different platforms, things become complicated. These organizations and their users have to create and use a stripped-down freemium guest account. A free account may or may not have all the features needed for collaboration, and the external partner may be required to purchase a license.
According to recent studies, nearly 42% of organizations run more than one team collaboration app internally. In such a case, external partners’ users may have to purchase several guest accounts to collaborate with the users of the host organization.
Also, administrators have no idea how far away from home their users are playing. Once someone accepts an invitation from another platform, everything they do inside that platform is invisible to the administrator of their home platform.
In general, the guest access method works well when companies need to add a few external members to a team. However, this capability can quickly become unmanageable when working with a third-party company that requires hundreds or more guest accounts.
In this article, I like to compare the guest account management capabilities of Microsoft Teams, Slack, and Cisco Webex Teams.
Security and Access Control
Slack
Slack guest accounts are available only on paid plans (Standard, Plus, and Enterprise Grid) and can be either Multi-Channel or Single-Channel. Multi-Channel Guests only have access to the invited channels. Slack charges for Multi-Channel Guests, and you can add them to an unlimited number of channels.
Both Multi-Channel or Single-Channel Slack guest accounts do not offer strong security measures like password complexity check, password expiration, and Two-Factor Authentication (2FA).
Slack Admins must manually provision guest accounts one by one. Admins can choose an automatic expiration date for each guest account.
Reference: https://slack.com/resources/slack-for-admins/external-collaboration-in-slack
Cisco Webex Teams
When the Webex Teams users send their invitations, non-Webex users are NOT initially required to have an account on the Webex teams to communicate with Webex users. However, this temporary access, available via URL, is only valid for 24 hours. After 24 hours, the external users must sign up for a Webex team account to continue collaborating with their colleagues through the platform.
The password policy for external Webex Teams accounts only requires letters and numbers and does not include Two-Factor Authentication (2FA). As a result, it’s nearly impossible for you to control whether accounts have strong security measures like password complexity check, password expiration, and Two-Factor Authentication (2FA). Download surah rehman.
Reference: in https://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/webex-room-series/datasheet-c78-740772.html
Microsoft Teams
To understand Microsoft guest access, we should point out that guest access differs from external access in Microsoft Teams.
- External access gives access permission to an entire domain—allowing Teams users from other domains to find, contact, and set up meetings with you. External users can call you through Teams and send instant messages. But if you want them to be able to access teams and channels, guest access might be the better option.
- Guest access is when you invite an external user to be a member of the team—it gives access permission to an individual rather than a domain. Once a team owner has granted someone guest access, they can access that team’s resources, share files, and join a group chat with other team members.
Reference: https://docs.microsoft.com/en-us/MicrosoftTeams/guest-access
Reference: https://docs.microsoft.com/en-us/azure/active-directory/b2b/licensing-guidance
Reference: https://docs.microsoft.com/en-us/microsoftteams/teams-dependencies
Microsoft guest access requires corresponding Azure AD accounts for the guests. As a result, when users invite their external colleagues to collaborate that do not have O365 accounts, their colleagues must create and maintain Azure AD accounts.
Microsoft has detached the authorization of guest accounts from the authentication. By default, external Azure AD accounts do not have strong security measures like password complexity check, password expiration, and Two-Factor Authentication (2FA).
Webex Teams Vs Slack
Once added to a team, an external user is considered a member, so there’s no way to make their access “read-only.”
Also, you cannot invite a guest to a specific channel in a team. You would need to either create a separate team dedicated to collaborating with internal users—or create private channels to hide particular content and conversations from guests within the team.
Delete/Remove Guest Accounts
Guest accounts require active management. For instance, contractors, clients, interns, or temporary employees come and go out of projects or change jobs or companies. Microsoft, Slack, and Cisco provide the ability to delete or remove guest accounts. However, managing guest accounts can become a security and management burden, which can result in hidden costs.
Also, administrators have no idea how far away from home their users are playing. Once someone accepts an invitation from another platform, everything they do inside that platform is invisible to the administrator of their home platform. For instance, given the success of Microsoft Teams, a user can end up being a guest in a surprising number of Microsoft Teams tenants.
Reference: https://docs.microsoft.com/en-us/MicrosoftTeams/manage-guests
Reference: https://petri.com/problem-guest-users-outside-tenant
Licensing Limitations & Costs
Slack
Single-Channel guest users are free. However, there is a limitation of 5 single-channel guest users per paid Slack user. In other words, a company with 1,000 Slack licenses can only send out 5,000 single-channel guest invitations.
There is no limitation on Multi-Channel guest users. However, Slack invoices them at the regular member prices.
Depending on the pricing plan, Slack bills between $8 to $15/person per month. As a result, 1,000 Multi-Channel guest users can cost up to $15,000.
Cisco Webex Teams
To manage, limit access, or limit the number of WebEx Teams, External accounts require Cisco Webex Control Hub Pro Pack for an additional cost of over $30.00 per user/mon.
Reference: https://help.webex.com/en-us/np3c1rm/Pro-Pack-For-Cisco-Webex-Control-Hub
Microsoft Teams
The number of guest accounts a company can extend is limited. For instance, Microsoft only allows five guest accounts per paid Azure AD license. In other words, a company with 1,000 Microsoft licenses can only send out 5,000 Guest Account invitations.
Microsoft guest account invites are not limited to MS Teams, but users can send them for other Microsoft services such as sharing files on One Drive and SharePoint.
There is no limitation or control on how many guest account a user can send out as long as your company stays within its overall limit. So, invitations can begin to pile up. If a user or team goes beyond your company’s limit, no one else can send guest account invites.
According to a recent report by Nemertes, guest accounts are problematic for several reasons:
- Lack of ability to enforce security policies or to monitor what is being shared by employees on external team apps
- Lack of ability to manage revocation of guest account access for those using guest accounts to allow external access to internal team spaces, and for employees who are using external team apps.
As a result, according to Irwin Lazard of Nemertes, “the use of guest accounts represents a significant security threat to an organization’s information resources. Guest accounts are also inefficient for employees and create administrative overhead for IT managers.”
The alternative to Guest Accounts – NextPlane Intercompany Collaboration
As a general rule, guest accounts are not a viable option for large enterprise companies. Also, external partners may not allow their employees to have guest accounts, or they may be in regulated industries such as healthcare, financial services, where guest accounts can potentially trigger compliance issues.
Also, administrators have no idea how far away from home their users are playing. Once someone accepts an invitation from another platform, everything they do inside that platform is invisible to the administrator of their home platform. People can have accounts on multiple platforms. Given the success of Microsoft Teams, a user on Slack or Cisco WebEx teams can end up being a guest in a surprising number of teams tenants.
Compliance is the obvious driver for why such oversight might be needed. Companies invest heavily in technologies like communications compliance policies to ensure their company remains within regulatory and legal requirements. Everything works well if collaboration activity remains inside the company. But if someone becomes a guest in another platform and begins communicating there (for instance, inside Slack chats or channel conversations), there’s no trace of what they are doing visible to their company, which undermines a carefully built compliance regime.
NextPlane eliminates the need for external users’ need to have access to your workspaces, chats, channels, and files. It also minimizes the IT administrative burdens.
NextPlane intercompany federation allows host organizations to connect to their external partners securely. As a result, their users can send messages, share their presence status & files, and participate in workspaces & channels, without leaving their respective client applications. Also, external contacts can do the same without leaving their preferred tools.
Using NextPlane Management Portal, you can seamlessly connect your organization with customers, partners, or suppliers. The NextPlane management portal gives you detailed reports on the users, the number of messages exchanged, as well as detailed usage reports by external partners.