What’s new with Cross-tenant access with Azure AD External Identities

Diagram illustrating B2B direct connect

Microsoft has released Cross-tenant access settings and it’s still in preview.

I wrote an article in February about this feature and let’s see what has been changed.

And how to use to it with Teams

Teamsplaining it more

Difference between the channel types

Channel typeSharePoint siteSite sharingFile and folder sharing
StandardOne SharePoint site is shared by all standard channels. There is a separate folder for each channel.Team owners and members are automatically included in the site owners and members permission groups. Sharing the site separately is possible but managing access through Teams is recommended for easiest user management and the best user experience.Files and folders can be shared with anyone in the organization by using sharable links. If guest sharing is enabled, Anyone and Specific people links can be used to share with people outside the organization.
PrivateEach private channel has its own SharePoint site.Channel owners and members are automatically included in the site owners and members permission groups. The site can’t be shared separately.Files and folders can be shared with anyone in the organization by using sharable links. If guest sharing is enabled, Anyone and Specific people links can be used to share with people outside the organization.
SharedEach shared channel has its own SharePoint site.Team owners and members are automatically included in the site owners and members group. The site can’t be shared separately.Files and folders can be shared with anyone in the organization and external participants in the channel by using sharable links. Sharing with people outside the organization who are not channel members is not supported.

And the visualization from Microsoft.

Image of how Azure AD, Teams, and SharePoint relate.

Only new feature after the first preview phase seems to be.

Microsoft cloud settings

Microsoft cloud settings let you collaborate with organizations from different Microsoft Azure clouds. With Microsoft cloud settings, you can establish mutual B2B collaboration between the following clouds:

  • Microsoft Azure global cloud and Microsoft Azure Government
  • Microsoft Azure global cloud and Microsoft Azure China 21Vianet

To set up B2B collaboration, both organizations configure their Microsoft cloud settings to enable the partner’s cloud. Then each organization uses the partner’s tenant ID to find and add the partner to their organizational settings. From there, each organization can allow their default cross-tenant access settings apply to the partner, or they can configure partner-specific inbound and outbound settings. After you establish B2B collaboration with a partner in another cloud, you’ll be able to:

  • Use B2B collaboration to invite a user in the partner tenant to access resources in your organization, including web line-of-business apps, SaaS apps, and SharePoint Online sites, documents, and files.
  • Apply Conditional Access policies to the B2B collaboration user and opt to trust device claims (compliant claims and hybrid Azure AD joined claims) from the user’s home tenant.

And you can find it from here.

MAU billing

If your tenant is:You need to:
An Azure AD tenant already linked to a subscriptionDo nothing. When you use External Identities features to collaborate with guest users, you’ll be automatically billed using the MAU model.
An Azure AD tenant not yet linked to a subscriptionLink your Azure AD tenant to a subscription to activate MAU billing.

Can’t for wait this solution to get to production phase, really neat features and hopefully it will cover also the other applications with B2B direct than Microsoft’s own.

KEEP CALM AND CONFIGURE AZURE | KEEP-CALM.net

Author: Harri Jaakkonen

Leave a Reply

Your email address will not be published. Required fields are marked *