Common External Access Needed for Office 365 Applications
No Surprise That Teams Won’t Make Promised Date for External Access
The news that Microsoft Teams will miss its goal and not support external access by mid-2017 did not come as a surprise. After all, it took Microsoft nearly two years to enable external access for Office 365 Groups. Even so, while external guest users is available for Office 365 Groups (but only the Outlook kind, not those that use Yammer), access for those users is limited to the SharePoint resources belonging to the group. Guest users can communicate with groups through email but they cannot access the complete threaded conversations.
Groups had a head start when it came to external access because Microsoft could build on top of the way SharePoint shares documents outside an organization. Teams cannot take that approach because sharing is not simply all about SharePoint anymore.
[Update Sept 12] See this article describing how external access works for Teams.
Office 365 Needs a Common Sharing Mechanism
What Microsoft needs now for Office 365 is a simple, secure, and functional mechanism that works for Teams, Planner, Stream, Yammer, Groups, and any other application that might want to allow external access to its resources. It simply does not make sense for every application to roll its own variant of external access as that has the potential to lead to access (and possibly security) hell.
Most of the time external access works well for Groups. But it took time for Microsoft to figure out how to support external access for mail contacts defined in tenant directories, an issue that caused problems for tenants that run hybrid configurations or who commonly use mail contacts to represent important external correspondents in their GAL.
Group Sharing Woes
Another issue that I have met is when people use the same email address to sign into Office 365 and Microsoft consumer cloud services. This scenario stops the sharing mechanism working because it does not know which identity to use and the only solution is for the user to change their sign-in address for the consumer service (easier to do perhaps than for Office 365).
You might not think this is a common issue, but I set up a Group to gather slide decks for the recent Office 365 Engage conference and invited 40 presenters to join. Ten per cent of the 40 had problems accessing the group, three of whom used the same address to sign into both Office 365 and consumer services. Apart from the sharing glitches, the group worked well as a fulcrum for collaboration for people across Europe and the U.S.
I’ve also had plenty of situations where someone received an invitation that did not work and they could not access the group. The solution here is to remove them from the group and then add them again.
Sharing is Complex
All of which points to the unchallengeable fact that external sharing can be complex. Very complex. And because external sharing allows people outside your organization to access information, it is critical that the mechanism works first time and all the time.
With the experience of Office 365 Groups burned into my consciousness, it comes as no surprise that the fine people in the Teams development group might have paused for thought. Teams is a successful application. It has captured the imagination of many and demonstrated that Microsoft can deliver really fresh thinking on how collaboration occurs within their ecosystem.
Now is not the time to spoil Teams by launching its own external access mechanism. It would be really nice to see Teams be the first application to support a common external access mechanism that works across all the Office 365 applications.
Follow Tony on Twitter @12Knocksinna.
Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.