Creating a Shared Channel for Cross-Tenant Collaboration
Use a shared channel when two organizations need to work together in Microsoft Teams without guest accounts or tenant switching. Partner users stay in their own tenant and access your channel directly.
When to use a shared channel
- You need an external partner in a few channels, not the whole team.
- You want partner users to stay in their home tenant.
- You need tighter scoping than “guest in the full team.”
- You want host-tenant control of files and compliance.
Prerequisites (both tenants)
- Roles: Global Admin or Security Admin to set cross-tenant trust; Teams Admin to manage channel policies.
- Licensing: Microsoft Teams plus Microsoft Entra ID.
- Cross-tenant access: B2B Direct Connect set up Inbound and Outbound for each other, with Microsoft Teams allowed as an application.
- Trust choices: Decide if each tenant will trust the other’s MFA and device compliance.
- Teams policy: Shared channels enabled for target users.
If B2B Direct Connect is not set, do that first (add org, configure inbound/outbound, allow Teams, align CA).
Step 1 — Confirm Teams settings
- Open Teams admin center.
- Go to Teams → Teams policies.
- Edit the policy applied to your users.
- Set Create shared channels = On and Invite external users to shared channels = On (if you plan to invite partners).
- Assign the policy to the channel owners.
Step 2 — Create the shared channel (host tenant)
You can do this in the Teams desktop app or web.
- In Teams, open the host team that will own the channel.
- Select … next to the team → Add channel.
- Name the channel (e.g., Contoso Partnership).
- Privacy = Shared.
- Choose Share with people now or later.
- Create.
Notes
- A shared channel has its own SharePoint site in the host tenant.
- Members of the parent team do not automatically get access; you add them explicitly.
Step 3 — Share the channel with external users or a partner team
Option A — Invite external users (fastest pilot)
- Open the shared channel → Manage channel → Share.
- Choose With people.
- Enter partner user UPNs (e.g.,
alex@contoso.com). - Select role:
- Member: post/read files.
- Owner: manage channel membership.
- Share.
Option B — Share to a partner team (scaled rollout)
- Share → With a team.
- Enter the partner team name (the partner admin may need to approve).
- Choose whether all members of the partner team get access or a subset (if supported by policy).
- Share.
Partner side experience
- Users see the shared channel inside their home tenant under Shared with me.
- No tenant switching. No guest account created.
Step 4 — Secure the files and data
- Sensitivity label: Use a label that allows external collaboration for shared channels.
- DLP: Ensure policies allow the intended sharing patterns; tune for false positives.
- SharePoint site permissions: The shared channel site grants access only to added members; verify owners/members after invites.
- Retention and audit: Apply retention as required. Monitor via Microsoft 365 audit and Entra sign-in logs.
Step 5 — Test the end-to-end flow
Use at least one test user from each tenant.
- Open channel, post a message, @mention a partner user.
- Upload a file; confirm the partner can open and co-edit.
- Check notifications.
- Review Entra sign-in logs for B2B direct connect events (no unexpected blocks).
Governance tips
- Least privilege: Start with a pilot group.
- Owners: Keep at least two owners in the host tenant.
- Naming: Prefix channels for clarity, e.g.,
EXT | Contoso | Project Falcon. - Lifecycle: Define when to archive/close the channel and who cleans up access.
- Change control: Record who you shared with (users/teams), labels used, and CA posture.
Troubleshooting
| Symptom | Cause | Fix |
|---|---|---|
| Partner can’t open channel | App not allowed or user not in scope | In each tenant’s Cross-tenant access, allow Microsoft Teams; ensure user/group is allowed (Inbound/Outbound). |
| Repeated MFA prompts | CA mismatch or untrusted MFA | Align Conditional Access; set Trust settings to accept partner MFA/device claims, or adjust CA conditions. |
| Files won’t open | Label/DLP/SharePoint permissions | Use a label that allows external collaboration; verify the shared channel site members/owners and DLP exceptions if needed. |
| Only some users can access | Scoping differs across tenants | Mirror user/app scopes in both tenants for the same people. |
| Channel missing in partner Teams | Policy disabled or delay | Ensure partner policy allows Shared channels; sign out/in or clear cache. |
PowerShell/Graph (optional)
- Create shared channel (Teams PowerShell):
# Requires MicrosoftTeams module New-TeamChannel -GroupId <TeamId> -DisplayName "Contoso Partnership" -MembershipType Shared - Share to external currently relies on Teams/SharePoint UI or Microsoft Graph (beta endpoints subject to change). For automation, plan and test in a non-prod tenant first.
Quick checklist
- B2B Direct Connect set up both ways; Microsoft Teams allowed as an application.
- Teams policy allows creating and inviting to shared channels.
- Shared channel created in the host team.
- External users or partner team added.
- Sensitivity label/DLP configured for external collaboration.
- Pilot: posts, mentions, files, and notifications work.
- Logs reviewed; no CA blocks.
Key points to remember
- Shared channels keep partner users in their home tenant.
- No guest accounts are created.
- Content stays in the host tenant’s SharePoint site.
- Tight, per-channel access keeps exposure low.
That’s it. Create, share, secure, and test. You now have a clean cross-tenant workspace for real collaboration—without the guest sprawl.
